(UPDATED: Jan 2, 2017)
Over the in conclusion couplet of weeks, the High German unusual intelligence agency Bundesnachrichtendienst (BND) was defendant of helping the NSA past times carelessly or fifty-fifty deliberately entering selectors used for spying on unusual targets inward the High German satellite interception scheme at Bad Aibling.
Here, recent outcomes of the High German parliamentary enquiry volition last combined with information from the diverse press reportings, inward guild to render a to a greater extent than integrated motion painting of what happened over the past times years.
It becomes clear that BND did everything that seemed reasonable to forbid that High German information were passed on to the Americans, but that they didn't genuinely aid almost whether NSA collected communications from other European countries.
We also learned to a greater extent than almost the selectors that are used for filtering communications traffic as well as it became clear that it is oft hard to determine the nationality of many types of meshwork identifiers.
Information from the parliamentary enquiry hearings is derived from the alive weblog provided past times the High German digital rights website Netzpolitik.org.
- The context - How BND checks NSA selectors -
- Discovery of suspicious selectors - Results of the collection -
- Multiple Updates -
- Discovery of suspicious selectors - Results of the collection -
- Multiple Updates -
> See for the latest: New details almost the selectors NSA provided to BND
The BND satellite intercept station at Bad Aibling, Germany
(Photo: AFP/Getty Images - Click to enlarge)
The context
The selectors matter started on Apr 23, when the High German mag Der Spiegel reported that NSA acre spied upon European as well as High German targets for years, with the noesis of the High German unusual intelligence agency BND.
Other intelligence reports inflated this to BND deliberately helping NSA inward spying on these targets illegally, which fifty-fifty led opposition leaders accusing the High German regime of treason. This although past times as well as so at that spot was no clear evidence, only sometimes confusing as well as non ever real accurate press reports.
Committee hearings
Meanwhile there's somewhat to a greater extent than clarity, also because on Thursday, May 7, the parliamentary commission investigating NSA spying as well as cooperation with BND (German: NSA UntersuchungsAusschuss, NSAUA) questioned the BND employees R.U., D.B. as well as Dr. M.T. (initials non of their existent names, but of comprehend names!) who were involved inward this issue.
The solar daytime before, May 6, the regular parliamentary intelligence oversight commission (Parlamentarisches KontrollGremium, PKGr) inward a classified coming together heard BND president Gerhard Schindler as well as Thomas de Maizière, currently the Interior Ministor, but previously responsible for intelligence affairs at the Chancellery.
Update #2:
On May 20, 2015, the parliamentary investigation commission heard BND employees W.O., W.K. as well as D.B. almost the number of the selectors as well as the internal BND inquiries. New details from this hearing have got been added to the relevant sections of this article. They are marked "Update #2".
In general, the witnesses from BND gave the impression that they don't facial expression much farther than the requirements as well as the responsibilities of their job. They just follow orders as well as that's it.
Update #3:
On May 21, 2015, the parliamentary investigation commission heard Hartmut Pauland, the old caput of BND's SIGINT directorate, as well as BND president Gerhard Schindler. Details from this hearing have got also been added as well as are marked "Update #3".
President Schindler admitted that the automated filtering of selectors was a error as well as that at that spot were serious deficiencies inward how this was handled internally. But he was also convinced that spying on European countries ("friends") isn't illegal, explicitly contradicting the view of 3 constitutional experts from the real kickoff commission hearing.
Former SIGINT manager Pauland said that with every newly disclosed Snowden-document, his people considered whether they were also capable of doing those things. In many things, NSA appeared to last way ahead of BND. Nowadays, signals intelligence is metadata-centric: from the metadata it's decided which communications are worth as well as useful to pick out for analysing their content.
Update #4:
After the Summer break, the commission started hearings almost this dependent area again, as well as on September 10, 2015, BND employee W.O. testified for the second, as well as T.B. for the tertiary time. Relevant details from this hearing have got 1 time to a greater extent than been added to this article as well as are marked "Update #4".
Update #5:
On September 24, 2015, the commission heard 3 witnesses. For this theme at that spot were relatively clarifying testimonies from BND employees D.B. as well as K.M., both having been questioned earlier. Since the belatedly 1980s, K.M. worked inward the Wortbankgruppe, which consists of 4 people who are responsible for checking the selectors before they are activated. Relevant details from this hearing are marked "Update #5".
Update #6:
On December 3, 2015, the commission heard BND employee H.K., who was caput of several units inward the Technical Division. He provided some additional details related to the selector affair. H.K. was heard for the minute fourth dimension on December 17, 2015, which didn't render much novel insights.
Update #7:
On January 28, 2016, BND employee D.B. testified for the 4th time. Some details he told are added as well as marked "Update #7".
On May 20, 2015, the parliamentary investigation commission heard BND employees W.O., W.K. as well as D.B. almost the number of the selectors as well as the internal BND inquiries. New details from this hearing have got been added to the relevant sections of this article. They are marked "Update #2".
In general, the witnesses from BND gave the impression that they don't facial expression much farther than the requirements as well as the responsibilities of their job. They just follow orders as well as that's it.
Update #3:
On May 21, 2015, the parliamentary investigation commission heard Hartmut Pauland, the old caput of BND's SIGINT directorate, as well as BND president Gerhard Schindler. Details from this hearing have got also been added as well as are marked "Update #3".
President Schindler admitted that the automated filtering of selectors was a error as well as that at that spot were serious deficiencies inward how this was handled internally. But he was also convinced that spying on European countries ("friends") isn't illegal, explicitly contradicting the view of 3 constitutional experts from the real kickoff commission hearing.
Former SIGINT manager Pauland said that with every newly disclosed Snowden-document, his people considered whether they were also capable of doing those things. In many things, NSA appeared to last way ahead of BND. Nowadays, signals intelligence is metadata-centric: from the metadata it's decided which communications are worth as well as useful to pick out for analysing their content.
Update #4:
After the Summer break, the commission started hearings almost this dependent area again, as well as on September 10, 2015, BND employee W.O. testified for the second, as well as T.B. for the tertiary time. Relevant details from this hearing have got 1 time to a greater extent than been added to this article as well as are marked "Update #4".
Update #5:
On September 24, 2015, the commission heard 3 witnesses. For this theme at that spot were relatively clarifying testimonies from BND employees D.B. as well as K.M., both having been questioned earlier. Since the belatedly 1980s, K.M. worked inward the Wortbankgruppe, which consists of 4 people who are responsible for checking the selectors before they are activated. Relevant details from this hearing are marked "Update #5".
Update #6:
On December 3, 2015, the commission heard BND employee H.K., who was caput of several units inward the Technical Division. He provided some additional details related to the selector affair. H.K. was heard for the minute fourth dimension on December 17, 2015, which didn't render much novel insights.
Update #7:
On January 28, 2016, BND employee D.B. testified for the 4th time. Some details he told are added as well as marked "Update #7".
BND president Gerhard Schindler just before he testified before
the parliamentary investigation commission on May 21, 2015
(Click to enlarge)
The cooperation betwixt NSA as well as BND
The cooperation betwixt NSA as well as BND which is at stake here, started with a Memorandum of Agreement (MoA) signed on Apr 28, 2002, inward which both parties concord on articulation espionage areas as well as targets, such equally counter-terrorism, the battle against organized offense as well as against proliferation of weapons of majority destruction.
Update #3: This Memorandum, classified equally Top Secret, is an extensive document, with five annexes, describing inward item the regions that should as well as should non last monitored. For reasons unknown, as well as also unknown to electrical flow BND president Schindler, these guidelines were never converted into internal regulations for the personnel that had to go on this.
Two years later, inward 2004, the NSA abandoned its Bad Aibling Station (BAS) for satellite interception, that nether the codename GARLICK was component of the ECHELON network. Most of the facilities, including ix of the large satellite dishes hidden nether white radomes, were handed over to BND, which gave the facility the internal designation 3D30.
Update: During the hearing from Oct 2, 2015, old BND president August Hanning said that Bad Aibling station was non run past times NSA, but past times the U.S. Army. Federal Republic of Federal Republic of Germany said the station was a violation of its sovereignty, but the U.S. didn't desire to surrender this of import facility easily. Then the next compromise was made.
Update: Influenza A virus subtype H5N1 BND document published past times Wikileaks inward Dec 2016 explained that originally, Bad Aibling Station (BAS) was a collection facility of NSA, but was transferred to the U.S. Army inward August 1994. NSA nevertheless kept a large role inward tasking the satellite collection, which was mostly almost Russian satellite communications as well as back upward for U.S. troops inward old Yugoslavia. In those days, BAS had some 650 employees.
The antennas were also used past times BND for its ain collection of Russian armed services satellite communications. From outflow 1998 until June 30, 2011, the Joint Analysis Center (JAC) provided useful technical analysis of Russian satellite signals to both the Germans as well as the Americans.
In render for the station, BND had to part the results from its satellite collection with the NSA. For this cooperation the Joint SIGINT Activity (JSA) was laid up, consisting of personnel from both NSA as well as BND. The Americans provided most of the equipment. For analysing the results at that spot was the Joint Analysis Center (JAC).
The JAC as well as JSA were located at the nearby Mangfall Barracks as well as were unopen inward 2011 as well as 2012 respectively. According to BND vice-president Müller, his agency took over the software as well as hardware that NSA left behind inward 2013, as well as checked it for backdoors.
Besides the satellite interception, Bad Aibling was also involved inward cable tapping, but only nether functioning Eikonal (2004-2008), which was express to cables from Deutsche Telekom inward Frankfurt.
Google Maps view of the Mangfall Barracks inward Bad Aibling, Germany.
The edifice inward the upper left corner could last the BND facility,
as well as the 1 with the white roof the NSA's "Tin Can".
NSA Selectors
For the satellite interception inward Bad Aibling, initially some 4 out of five selectors came from the Americans, the residual were High German (currently soundless 4:1). NSA started providing the Germans with telephony selectors inward Apr 2005, followed inward 2007 with selectors for IP communications. They are classified equally Secret* as well as most of them were related to Afghanistan.
According to Süddeutsche Zeitung, NSA provided BND with roughly 690.000 telephone numbers as well as 7,8 meg meshwork identifiers betwixt 2002 as well as 2013. That is an average of something similar 60.000 telephone numbers as well as 700.000 meshwork identifiers a year, or 164 telephone numbers as well as over 1900 meshwork identifiers each day.
Update #1: In the paper Die Zeit from May 19, 2015, the Left political party fellow member of parliament Martina Renner says that inward August 2013, at that spot were betwixt 8 as well as nine meg active selectors. Other sources say 8,2 million.
Earlier, Süddeutsche Zeitung reported that currently at that spot are some 4,6 meg active selectors, most of them for filtering meshwork communications as well as related to 1,267 meg people as well as corporations. If these numbers are correct, they would present a huge decrease of active selectors betwixt 2013 as well as 2015.
Update #5: During the hearing of September 24, 2015, chairman Sensburg said that until 2013 some 8 meg selectors were entered into the filter system, of which 4 meg were activated. Since 2008, NSA provided 4 meg selectors, of which 3 meg were activated.
Selector databases
Not alle these selectors are soundless available equally the so-called tasking databases (Steuerungsdatenbanken) have got been restructured. Just recently, BND found 2 additional selector databases inward the legal partitioning of its SIGINT directorate: 1 containing some 400.000 selectors from early on 2005, including some related to European governments, but it couldn't last determined whether selectors were rejected.
Influenza A virus subtype H5N1 minute database contains 59.000 selectors from September 2006 till early on 2008. 400 were marked equally disapproved. Both lists incorporate telephone as well as fax numbers equally good equally electronic mail addresses, but no IP addresses. They don't include High German companies or telephone numbers starting with the High German dry ground code 0049.
Update #2: Already inward 2005, at that spot were separate databases for telephone as well as meshwork selectors, which were newly laid upward inward 2001. All selectors were kickoff lay inward the database, as well as after they were checked, the ones that were rejected, were marked equally inactive. So with all the old selectors staying in, as well as to a greater extent than as well as to a greater extent than novel selectors came in, the database expanded rapidly.
Update #4: The selectors were entered into the database equally "undefined". Once a week, the novel NSA selectors were pulled out, checked at Pullach headquarters, as well as returned (often the same day) to the database equally "approved" or "disapproved". BND selectors seem to have got been activated immediately.
When the database was recreated inward 2011, the number of selectors had risen to acre some xiv meg because no selectors were deleted as well as novel ones came inward continously.
Actually at that spot were 2 databases: 1 for IP selectors (from NSA only), as well as 1 for telephone selectors (from both NSA as well as BND). Not involved inward this enquiry is a separate database for IP selectors from BND only.
Each agency had access to its ain IP database; the telephone database was managed jointly, but BND could only approve or disapprove NSA selectors, as well as NSA could only create that with those from BND.
Types of selectors
Selectors by as well as large include telephone as well as IMEI numbers, e-mail, IP as well as MAC addresses of computers as well as tablets, but also other kinds of meshwork identifiers, similar names, nicknames, chat handles as well as hashes. These are called "hard selectors". It is non known whether also "soft selectors" similar keywords or perchance fifty-fifty cookies as well as malicious code signatures were also used inward this cooperation.
Update #2: To the surprise of the commitee, witness W.O. testified that the category "IP selectors" does non include IP addresses, but denotes electronic mail addresses as well as other meshwork communication identifiers, for illustration for messaging.
In general, for 1 target at that spot are multiple selectors (German: Telekommunikationsmerkmale (TKM) but also Datenbegriffe or Suchbegriffe) similar telephone numbers or electronic mail addresses. For the latter at that spot tin last multiple permutations, similar using "%20" instead of a dot. The witness never saw the usage of wildcards, similar *@example.com.
Until 2012, the NSA sent the selectors inward the shape of a so-called "equation", which appears to last a tape containing name(s), telephone number(s) as well as electronic mail address(es). An equation tin incorporate upward to 1 hundred selectors used past times or related to a exceptional target. Besides telephone numbers as well as electronic mail addresses, an equation also contains the different ways of spelling as well as technical permutations thereof.
Because of this, when BND rejected say a telephone number, BND employees inward Bad Aibling had to inquire NSA to withdraw that number from the equation, or else the other selectors inward that equation were rejected too. It's ever the total selector profile that has to last activated for collection. Until 2011 NSA saw all the selectors that were rejected past times BND because of this.
As of 2011 these equations were split upward as well as telephone as well as meshwork selectors were each lay inward separate databases. This made it possible to spend upward private selectors. Then the calculator scheme combines these parts to their proper equations, which tin at nowadays have got for illustration a rejected telephone number with an approved electronic mail address. But if 1 component is disapproved, such an equation volition non last forwarded to the collection system.
Update #3: According to president Schindler, e-mails tin have got upward to twenty permutations, each of which is a separate selector, which explains the large numbers. He gave the illustration of gerhardschindler, gerhard.schindler, etc. However this seems a simplification, equally such variations tin of course of educational activity belong to different persons with the same name.
Update #4: According to W.O. the equation format used past times NSA only applied to meshwork selectors, although later on he says that an equation contains 1 telephone number with wildcards as well as blanks.
Update #5: Witness D.B. confirmed that equations were only used for meshwork selectors.
How BND checks NSA selectors
The selectors provided past times NSA were picked upward past times BND employees at Bad Aibling from an NSA server a few times a day. Initially their number was non real large. They were for illustration on Excell sheets which were checked manually at Bad Aibling.
Update #2: This depository fiscal establishment check was only for the so-called G10-compliance, which way that selectors related to High German citizens as well as corporations were taken out. Somewhere inward 2005, BND also began to depository fiscal establishment check for High German interests, the important of that was determined past times unit of measurement T2AB, which conducts these selectors checks.
Apparently talking almost the Eikonal operation, witness D.B. explained the commission that inward the testing phase, 1 BND employee did this on his own, which led to a delay of 1 day. In 2007 NSA wasn't satisfied past times that as well as wanted the results inward real-time.
3-stage filtering: DAFIS
Later, the number of selectors increased to a grade that couldn't last checked past times manus anymore. Influenza A virus subtype H5N1 novel physical care for was laid up, inward which, since June or August 2008, Bad Aibling personnel sent over the selectors to unit of measurement T2AB at the BND headquarters inward Pullach 1 time a week, without farther inspection (until 2011 at that spot was also a rarely used manual Emergency Approval).
At the headquarters, the selectors are checked inward an automated physical care for of 3 stages called DAFIS (probably the abbreviation of DatenFilterSystem):
Stage 1. Influenza A virus subtype H5N1 negative filter which filters out electronic mail addresses ending with .de as well as telephone numbers starting with 0049,but most probable also ranges of IP addresses assigned to Germany.
Stage 2. Influenza A virus subtype H5N1 positive filter consisting of a listing of unusual telephone numbers as well as electronic mail addresses used past times High German citizens, for illustration businessmen, journalists, but also jihadis. Therefore, this relatively large listing contains a few G numbers that volition also non last monitored.
Stage 3. Influenza A virus subtype H5N1 filter to sort out selectors that collide with High German interests. Witnesses heard past times the commission wouldn't publicly explicate how this works, but perchance inward this stage selectors for European armed services contractors inward which Federal Republic of Federal Republic of Germany participates (like EADS as well as Eurocopter) are filtered out.
The only regular manual depository fiscal establishment check is for faux positives, because for illustration SIM cards tin have got an IMEI number that also starts with 49.
Update #3: Former SIGINT manager Pauland confirmed that stage 3 includes names of companies (also from other European countries when there's a High German participation), but also names of High German politicians (although non the names of the chancellor, members of parliament as well as European Union commissioners), as well as newly added top grade domains as well as dry ground codes are blocked hither too.
These names were non added systematically, but only after they stumbled upon them. The DAFIS filter scheme is used for all collection facilities. For metadata this filter is applied after they have got been collected from specific links.
Update #5: Witness K.M. said that the criteria of stage 2 are checked daily. Regarding the keywords used equally selectors, at that spot are hardly whatever inward Standard Arabic or Cyrillic, as well as they 1 time entered "bomb", which resulted inward lots of garbage equally "sexbomb" was also catched.
For DAFIS stage 2 at that spot was a database of almost 30.000 terms, as well as for stage 3 a listing of no to a greater extent than than 500 price (but heavily increased after the Snowden-revelations), against which novel selectors are ran. Only few of these price are IP-related.
For illustration when an analyst notices that a High German calls using a unusual telephone number, he informs the selector checkers, who add together that number to the stage 2 criteria. Only since 2015 there's someone who is proactively searching to expand the positive listing for stage 2. Before that, at that spot was no attempt to populate that listing with all known Germans abroad from for illustration the unusual purpose or major High German companies.
For the stage 2 database at that spot are Sperrvermerke, proverb that exceptional ones may non last forwarded to certainly units or non collected at certainly facilities to protect them against unusual agencies.
Initially, the whole selector database was checked quarterly, which took a day, as well as novel selectors weekly; nowadays the whole laid is checked every week. Reason for checking the entire set, is that novel defeat criteria could have got been added. Still non all selectors tin last checked, partly due to personnel shortage.
Previously the selectors came ase equations, but nowadays, there's a novel scheme that tin also grip novel media, but the witness was non allowed to render farther details.
Although the DAFIS filter was considered 99,99% accurate, witness R.U. admitted inward the hearing on May half-dozen that this method is non ever able to forbid High German communications beingness intercepted, for illustration when a High German citizen uses an Afghan telephone number and/or is calling locally inward Afghanistan. Such numbers would non last rejected for tasking, as well as there's also no scheme that filters out spoken High German language.
BND also prevented that communications of American citizens would last collected, but the witnesses didn't explained how that was done.
How to determine nationality?
During an earlier hearing, BND lawyer Stefan Burbaum said that inward rare cases a conversation kickoff had to last collected as well as listened to inward guild to determine whether the contents are nether constitutional protection or not.
Likewise it is impossible to determine the nationality of the mortal using an electronic mail address similar for illustration "redgoose1432@hotmail.com" without farther circumstancial information. Even the content isn't ever decisive.
Update: During the latest hearings, the electronic mail address of the High German European Union commissioner Günther Oettinger, guenther.oettinger@ec.europa.eu, was taken equally a real-life example. BND employees had to acknowledge that (at to the lowest degree until 2013) an address similar this wouldn't last blocked past times stages 1 as well as 2 as well as in all likelihood also non past times stage 3 of the DAFIS filter, so when it would resultant inward hits, these would in all likelihood last forwarded to NSA.
We know that NSA analysts have got to determine a "foreignness factor" for every selector, to exclude that it belongs to an American. For BND nevertheless it's impossible to automatically depository fiscal establishment check whether such a postal service address could belong to a German.
Witness R.U. reminded that such cases are rather speculative, because by as well as large selectors similar telephone numbers are only tasked when they have got a connector to a known suspect or target.
Update #1: As reported past times Die Zeit on May 19, 2015, the Left political party fellow member of parliament Martina Renner said she establish out that BND didn't depository fiscal establishment check all these selectors for whether they contained suspicious ones, because at that spot are to a greater extent than than twenty different kinds of selectors, as well as for 40% of the selectors (which would last over 3 million) it wasn't possible to attribute them to a exceptional country.
Update #3: Former SIGINT manager Pauland said that selectors tin last attributed to a exceptional dry ground past times for illustration a telephone dry ground code, the extension of an electronic mail address, a mobile telephone cell-ID, or the IP address which is contained inward metadata of certainly messenger services.
He also explained that metadata include all information that are non content: non only an address, but also technical information that are generated automatically, as well as they tin also include browser-specific features similar the language.
Update #4: Witness W.O. testified that each jail cellular telephone phone selector has a label denoting the user, which tin say that he or she is European. When a number is assigned to someone else, this tin last detected past times listening inward as well as and so the conversation is deleted.
W.O.'s superior T.B. said that High German information are non only filtered out using the top-level domain .de, but that at that spot are also other filters, the workings of which are classified.
How to depository fiscal establishment check meshwork selectors?
During most of the hearings for the parliamentary inquiry, the witnesses mainly spoke almost (selectors for) intercepting telephone calls, as well as they weren't questioned almost how meshwork communications are filtered.
This seems to last a missed opportunity, because for the latter it is much to a greater extent than hard to sort out domestic communications. Phone numbers ever start with a dry ground code, but on the meshwork people usage many kinds of identifiers that are non easily attributable to a specific country.
It would have got been interesting to know how BND thinks they tin forbid for illustration MAC addresses of devices used past times Germans beingness monitored, or to what extent it is possible to determine the nationality of people behind nicknames. This is important, non at to the lowest degree because at that spot are far to a greater extent than selectors for IP traffic than for telephony.
Update #2: The way this is done became to a greater extent than clear during the hearings of May twenty as well as 21, when nosotros learned that (internet) selectors come upward inward "packets" (equations) that seem to include all known selectors for a exceptional target. Witness W.K. for illustration explained that for each target, at that spot are multiple selectors, so when at to the lowest degree 1 selector tin last attributed to a specific country, that also applies to the other selectors.
Positive filtering
It seems that BND tries to solve this number with the positive filter, using a listing of unusual identifiers used past times High German citizens. However, keeping such a listing up-to-date would almost require an intelligence functioning itself, but perchance they have got a shortcut past times requesting the telephone numbers as well as electronic mail addresses of Germans abroad from for illustration the unusual ministry, chambers of commerce as well as press organisations.
This seems doable for Germans, but it's obvious that this is impossible for companies as well as citizens from other European countries. This explains why acre some NSA selectors for European companies made it through BND's alternative system.
Economical espionage?
The sloppyness inward checking unusual selectors doesn't automatically way NSA was (trying to) conducting economical or industrial espionage. According to Süddeutsche Zeitung, at that spot are only real few indications for that. The paper says NSA was mainly interested inward certainly companies because they were looking for illegal (arms) exports.
For example, the electronic mail address of an Airbus employee who was in all likelihood targeted past times NSA, reportedly belongs to someone who is responsible for applying for arms export licences, which shows that targeting commercial companies tin real good have got valid unusual intelligence reasons.
On May 13, the caput of Germany's domestic safety service reported that these 40.000 were establish through an investigation inward the Fall of 2013, suggesting they had been active all the fourth dimension as well as that thereby, BND enabled NSA to illegally spy on some 40.000 targets.
Given the criteria of BND's 3-stage filter system, these 40.000 must include NSA selectors that either have got a High German dry ground code, a unusual identifier used past times a High German citizen or entity, or a correspond with the mysterious "German interests" criteria.
We don't know how many selectors were rejected for each of these stages, but nosotros tin assume that inward a number of cases NSA did sent identifiers for targets that were recognizable equally German. For selectors rejected inward the minute stage, NSA may non have got known that a exceptional identifier was used past times a German, something that BND could in all likelihood regain out easier.
We also don't know how these 40.000 are divided amongst telephone as well as meshwork selectors, which tin also brand a large difference, equally it is much easier to attribute telephone selectors to a exceptional dry ground than it is for meshwork identifiers. Opposition leaders are demanding that the parliamentary investigation commission tin consider the list, but the regime said they are soundless negotiating with NSA almost this.
Update: Meanwhile it came out that the U.S. regime left the determination almost access to the rejected selectors to the High German government, who kept this determination undercover for some time. Ultimately it was decided that an independent investigator (former federal approximate Kurt Graulich) volition acquire access to the selector list, as well as that he volition written report to the investigation commission almost the contents inward general.
> See for the results of this investigation: New details almost the selectors NSA provided to BND
Office room inward the old BND headquarters inward Pullach, used by
an employee who cleary is a hardcore fan of Elvis Presley
(Photo: Martin Schlüter - Click to enlarge)
Investigating active selectors
Early August 2013, just a few months after the start of the Snowden revelations, BND Unterabteilungsleiter D.B. asked technical employee Dr. M.T. to have got a facial expression at the active NSA meshwork selectors. This inward guild to consider what types of identifiers they incorporate as well as whether it could last determined what regions (Interessensschwerpunkte) NSA was interested in. This was the kickoff systematic depository fiscal establishment check since 2005(!).
For that, Dr. T. was provided with a re-create of the database containing all selectors used inward Bad Abling. This database re-create was stored on a separate computer, because ordinary go stations couldn't physical care for such a large dataset.
To his surprise, he establish selectors that seemed politically sensitive. This investigation took almost 4 weeks as well as resulted inward some 2000 suspicious selectors. Dr. T. lay them inward a separate database, of which a unmarried re-create was printed out. These selectors were soundless active at that time, dissimilar the 38.000 which had been disapproved.
Dr. T.'s re-create of the database containing all selectors was deleted after the project was done. The dataset of the 2000 he sorted out wasn't establish dorsum after he had returned the dedicated computer, just similar the listing that had been printed out.
Update #3: Apparently, 40% of the selectors investigated past times Dr. T. could non last attributed to a specific country.
Suspicous selectors deactivated
Immediately after finding suspicious selectors, Dr. T. informed his superior Referatsleiter H.K., who reported this to Unterabteilungsleiter D.B. Around mid-August 2013, D.B. called the unit of measurement inward Bad Aibling as well as ordered Dienststellenleiter R.U. to deactivate (although press reports telephone telephone it "delete") the suspicious selectors inward the telephone as well as meshwork tasking databases as well as lay them inward the Ablehnungsdatei.
Meanwhile, D.B. had received the printed listing with the 2000 selectors, consisting of a large number of sheets of paper, from Dr. T., as well as he sent this listing to R.U. through a regular courier. Using some specific criteria, it was as well as so possible to withdraw the suspicious selectors. Strangely enough, D.B. idea all this non to last relevant plenty to written report to the BND president or to the Chancellery.
Der Spiegel reported that inward the hearing behind unopen doors on May 6, BND president Schindler said that the listing of 2000 selectors almost entirely contains electronic mail addresses, non of companies, but mainly of European politicians, European Union institutions as well as regime agencies.
The argue for this resultant is clear now: electronic mail addresses because Dr. T. only investigated meshwork selectors, as well as of European governments because BND didn't filter those out - according to BND president Schindler because they expected that NSA would comply with the Memorandum of Agreement, that prohibits selectors for European targets.
At to the lowest degree the fact that the listing contains no High German addresses seems to confirm that preventing High German selectors from beingness monitored was successful, as well as that so there's no evidence that BND helped NSA inward spying on High German citizens, corporations or regime officials.
Another investigation?
According to a written report past times Der Spiegel, BND employee R.U. was instructed on August 14, 2013 to "delete" some 12.000 search terms. These were acre the outcome of an investigation inward which BND's database with NSA selectors had been searched using price similar "gov", "diplo" as well as "bundesamt" (initially inward some press reports erroneously presented equally search price provided past times NSA).
This search had resulted inward 12.000 hits (which doesn't necessarily way an equal number of selectors). The tabloid paper Bild am Sonntag reported that electronic mail addresses containing the term "bundesamt" were targeted against Austrian regime agencies as well as appeared inward over 10 NSA selectors.
However, during the parliamentary inquiry, witness Dr. T. said that the 3 search price mentioned past times Der Spiegel as well as the number of 12.000 had nada to create with his investigation. It's so unclear whether at that spot was a minute investigation, or that the press has mixed things up.
Update #2: During the commission hearing of May 20, it was confirmed that at that spot was indeed a minute investigation: mid-August 2013, R.U., caput of the BND unit of measurement at Bad Aibling, ordered W.O. to depository fiscal establishment check the NSA selectors for whether they were related to European governments.
He only looked at electronic mail addresses, because for other selector types it is likewise hard to create such a check. W.O. also did research on the meshwork for his investigation, perchance for finding out the elements used inward unusual regime electronic mail addresses.
Already after 1 solar daytime he establish some, which were as well as so deactivated ("deleted"). After that the search was continued for 3 weeks, adding additional search criteria. In the halt this resulted inward a few 10 G selectors that were marked equally rejected as well as and so beingness deactivated.
W.O. only reported this to his immediate superior R.U., but at the Pullach headquarters, D.B. only heard of this minute investigation as well as the subsequent deactivations inward March 2015. SIGINT manager Pauland wasn't fifty-fifty aware of both investigations before March 13, 2015. Then, a working group, led past times BND lawyer Ms. F. was formed to investigate these issues.
Additional updates:
On May 15, 2015, Der Spiegel reported that it seems some 25.000 of the 40.000 rejected selectors had genuinely been active.
Maybe these 25.000 are the ones that were deactivated after the minute investigation conducted past times W.O. If that's the case, as well as so the 40.000 would consist of 2.000 establish past times Dr. T., 25.000 establish past times W.O., leaving 13.000 selectors that were sorted out before and/or after both investigations.
According to Klaus Dieter Fritsche, old official inward the federal Chancellary responsible for BND, at that spot are 2 printed versions of the listing of the 40.000 selectors: 1 at BND as well as 1 inward a condom inward the Chancellery. However, this seems non to include the 2000 selectors sorted out past times Dr. T.
Update #5: According to D.B., the listing at the Chancellery contains all disapproved selectors from the whole period, both those establish past times Dr. T. as well as those establish past times W.O.
BND takes measures
In Nov 2013, BND president Schindler issued a novel internal regulation, proverb that BND's ain selectors may non include NATO as well as European targets anymore (no argue was seen to apply this to NSA selectors too). Reportedly electronic mail addresses ending with .eu volition at nowadays last blocked as well as the same has to give for all European partners. We tin assume this also applies to their telephone dry ground codes.
Update #2: This regulation was acre issued after chancellor Merkel came with her famous statement that it is non done to spy upon friends ("Ausspähen unter Freunden geht gar nicht") on Oct 24, 2013, next revelations that her mobile telephone was targeted past times NSA.
For blocking selectors related to European governments, there's a profile containing the electronic mail extensions for all unusual regime agencies.
Updates: On Oct 15, 2015, the paper Süddeutsche Zeitung (SZ) revealed that at the same fourth dimension (November 2013), BND president Schindler ordered (only orally!) that also BND's ain tasking database had to last searched for selectors related to friendly nations.
Some 2800 of those were establish as well as after deleted. The Chancellery was informed almost this, but the activity was kept undercover until Oct 14, 2015, when the regime informed the regular parliamentary intelligence oversight commission (PKGr).
Update #7: This was confirmed past times witness D.B. who said that past times the halt of Oct 2013, BND president Schindler called him as well as ordered all BND selectors related to European Union as well as NATO partner countries to last deactivated. In November, these selectors were as well as so moved to a separate component of the PBDB tasking scheme so they were non active anymore. But equally non all BND acre stations were yet connected to the PBDB, these selectors had to last deactived separately over there.
Update #8: During a hearing inward September 2016, witness D.B. told the commission that after president Schindler's guild from Oct 2013, upward to 100 BND employees could have got been involved inward deactivating illegal selectors. These selectors were moved to a sub-file (Gruppenliste) of the tasking database from where they could non last tasked anymore. This involved some 3300 targets.
SZ farther reported that according to old BND employees, at that spot were hundreds of cases inward which the Germans eavesdropped on the U.S. Defense as well as Foreign secretarial assistant as well as senators, when they traveled as well as used non-secure telephone lines. Also French embassies were targeted because the French knew a lot almost Afghanistan. The commission volition ship a project forcefulness to BND headquarters to investigate this issue.
On Nov 11, 2015, it was reported that a preliminary written report past times the project forcefulness says that amongst BND's ain selectors, at that spot were ones belonging to the FBI, the Voice of America, French unusual government minister Fabius as well as the interior departments of European Union fellow member states similar Poland, Austria, Kingdom of Denmark as well as Croatia. Also targeted were international organizations similar the ICC, the WHO as well as UNICEF. The selectors also included electronic mail addresses, telephone as well as fax numbers of the diplomatic representations of the US, France, Great Britain, Sweden, Portugal, Greece, Spain, Italy, Austria, as well as Switzerland, equally good equally European as well as U.S. companies similar Lockheed.
However, the novel educational activity won't assist European citizens, companies as well as organisations who are for illustration using telephone numbers from exterior Europe or postal service addresses with a generic top grade domain similar .com, .org or .net. The novel rules volition so most effective for preventing that communications of European regime agencies volition acquire caught inward the filter systems.
Recently, BND asked NSA to render a justification for every of their selectors. For telephone numbers, this was already practice,* but the Americans said that for meshwork selectors they needed to a greater extent than time. This led BND to halt the collection of meshwork information for the fourth dimension beingness equally of early on May 2015. Phone as well as fax information are soundless collected as well as forwarded.
Update: The collection of satellite communications based upon meshwork selectors provided past times the NSA was resumed somewhere around Nov 2015. As required past times BND, NSA at nowadays provides a justification for all 4,5 meg meshwork selectors, which are related to 1,2 meg people or organizations. This gives the Americans access 1 time to a greater extent than to the meshwork communications collected past times the Bad Aibling satellite station, which is primarily focused at countries similar Afghanistan, Syria, Irak as well as Libia.
BND president Schindler standing within 1 of the huge golfball-like
radomes at the satellite intercept station Bad Aibling
(Photo: Reuters - Click to enlarge)
Results of the collection
After the approved selectors have got been entered into the collection systems, all information for which there's a correspond with 1 or to a greater extent than selectors volition automatically last picked out. These results are as well as so converted into a readable format.
Matches for BND's ain selectors are stored inward a database: metadata went into VERAS as well as content into INBE. From there, analysts tin consider whether it is relevant for the unusual intelligence equally required past times the government. If not, the information are destroyed.
Many metadata collected inward Bad Aibling were automatically forwarded to NSA, after passing the DAFIS filter scheme to sort out those related to Germans. According to the paper 552 million metadata seen inward a nautical chart from the NSA tool BOUNDLESSINFORMANT.
> See also: Some numbers almost NSA's information collection
Update #2: After the nautical chart with the 552 meg metadata was kickoff published on July 29, 2013, the BND unit of measurement at Bad Aibling was inward shock. They worked solar daytime as well as nighttime as well as over the weekend to regain out what had happened, as well as render explanations of the technical circumstances inward weekly reports, similar for the regular parliamentary oversight committee.
After a week, BND was as well as so able to issue a argument that these 552 meg metadata were non collected past times NSA, but past times them, from crisis regions abroad.
Screenshot from BOUNDLESSINFORMANT, showing some 552 meg telephone as well as internet
metadata that were shared with NSA betwixt Dec 10, 2012 as well as Jan 8, 2013
(Click to enlarge)
Shortages
Content collected through selectors provided past times NSA was also automatically forwarded after a concluding depository fiscal establishment check past times the DAFIS filter system, but here, BND personnel inward Bad Aibling also took random samples to depository fiscal establishment check whether it contained High German data.
Because of shortages inward personnel as well as technical capacity, BND employees were fully occupied with the results from their ain selectors, as well as so had no fourth dimension to have got a closer facial expression at what came out for NSA. They merely relied upon the initial selector check. Only when BND's ain selectors didn't render useful results, they would have got a facial expression at the results of the NSA selectors.
Update #4: According to W.O., results from NSA selectors went to NSA, with a re-create for BND. Results from BND selectors went to BND only - NSA wasn't interested inward those.
Update #5: D.B. testified that sometimes a High German analyst inward Bad Aibling establish results from NSA selectors also relevant for BND's mission, inward which illustration he recommended the NSA selector to last entered into BND's ain tasking database too. These selectors, which sometimes also came from, for illustration French intelligence, were only checked against the G10 positive list. In Nov 2013, also a number of these BND selectors were deleted after an extensive comparing (großer Abgleich) with the NSA selectors.
Selected communication links
One of import fact that was largely overlooked inward the reporting on this issue, but was pointed to past times BND president Schindler as well as 1 of the witnesses, is that the Bad Aibling station only intercepts satellite links from crisis regions inward the Middle East as well as Africa.
Update #3: During the hearing on May 21, Schindler specified this as well as said Bad Aibling collects information from all the countries where High German forces are deployed as well as 1 other dry ground he would non name. SIGINT manager Pauland said BND is currently watching diverse crises around the world: Ukraine, IS, Boko Haram, Bundeswehr deployments, kidnappings, as well as Ebola; they are non spying on their ain citizens.
Interception results so include for example telephone calls betwixt Transitional Islamic State of Afghanistan as well as Islamic Republic of Pakistan or communications from European companies as well as agencies with activities inward the Middle East. This would also minimize the endangerment that High German communications were beingness collected. BND selects which satellites as well as which communication channels from those satellite links are intercepted; NSA is said to have got no influence on that.
Update #4: According to witness T.B., the Bad Aibling station could intercept 200 satellites as well as during his time, each satellite relayed almost 500 channels, making a total of 100.000 channels. It seems he said that only 50 were genuinely targeted, which is 0,5 promille. Results are returned only when this pocket-size number of satellite channels contains communications that correspond the selectors. This tin give though when for illustration a European commissioner visits Transitional Islamic State of Afghanistan as well as uses his European Union electronic mail address from over there. Some channels resultant inward just a few communications that are soundless worthwhile, spell others yield hundreds or fifty-fifty thousands, but cannot last used because of a lack of translators.
Update #5: Witness D.B. told the commission that for illustration telephone calls are only collected when there's a correspond for an approved telephone number on a selected satellite link. If this telephone telephone telephone is unencrypted, it is made available to the analysis unit of measurement inward Bad Aibling, consisting of almost twenty people. An intercepted telephone telephone telephone comes equally a audio file with metadata. Analysts hear to it, to determine whether it is relevant for the mission, as well as whether it is useful to ready a written report almost it. Then the file tin last deleted or left inward storage.
No records kept
According to Der Spiegel, BND president Schindler said that his agency has no technical way to reconstruct which information were passed on to NSA equally no records or statistics were kept on this. Earlier, BND employees also testified that their agency doesn't count the raw information that come upward in, only the halt reports.
This means, that the lists of selectors tin only present what NSA was interested in, but that nosotros volition in all likelihood never know what precisely the results from that collection were.
Links as well as sources
- Offical page of the committee: 1. Untersuchungsausschuss ("NSA")
- Sueddeutsche.de: Der Geist von Bad Aibling
- SPD proposal for novel legislation: Rechtsstaat wahren – Sicherheit gewährleisten! (pdf)
- Zeit.de: BND-Chef Schindler volition nichts gewusst haben
- Netzpolitik.org: Interne Kommunikation: Wie der BND top away „Weitergabe von Rohdaten inward großem Umfang“ an top away NSA verheimlicht (May 2015)
- Welt.de: Gezielter Angriff (May 2015)
- Zeit.de: BND liefert NSA 1,3 Milliarden Metadaten – jeden Monat (May 2015)
- Golem.de: Der Mann, der top away brisanten NSA-Selektoren fand (May 2015)
- Netzpolitik.org: Untersuchungsausschuss: „Ich habe Weisung von oben empfangen und vollzogen“ (May 2015)
- Spiegel.de: Spionageaffäre: BND kann Daten-Weitergabe an NSA nicht rekonstruieren (May 2015)
- Sueddeutsche.de: BND one-half NSA beim Ausspähen von Frankreich und EU-Kommission (April 2015)
- FAZ.net: BND-Spionage-Vorwürfe: Spionieren und spionieren lassen (April 2015)
- Spiegel.de: Spying Together: Germany's Deep Cooperation with the NSA (June 2014)
- NSA-document almost NSA counter-terrorism cooperation with BND as well as BfV (pdf) (2013)
Tidak ada komentar:
Posting Komentar