Boundlessinformant: Metadata Collection Yesteryear Dutch Mivd Instead Of Nsa

(Updated: August 9, 2017)

Today, the Dutch paper here!

The BOUNDLESSINFORMANT screenshot for the Netherlands
(picture past times NRC Handelsblad - click to enlarge)

The showtime affair that catches the oculus is that the screenshot is shown hither on paper, together with to a greater extent than or less other canvass with an orangish bar bearing a classification marker as well as a cardboard folder. The sheets expect similar equally if they became moisture as well as also present to a greater extent than or less white pigment brush-like stains (all previous screenshots were published equally digital files).

Probably these effects were photoshopped past times the paper to arrive expect extra special. For example, the classification marker on the 2d canvass seems fake, equally it reads: TOPSECRET//S//NOFORN, where inwards reality Top Secret are 2 split upwards words as well as the compartment for this sort of information is non S, but SI for Special Intelligence.

That said, nosotros instantly receive got a expect at the information inwards the screenshot itself. In the upper business office there's the bar nautical chart which was already published dorsum inwards August 2013 past times Der Spiegel. The greenish bars present that alone DNR (Dialed Number Recognition, which is telephony) metadata were collected. In the lower part, which was published for the showtime fourth dimension today, at that spot are 3 sections with to a greater extent than or less details most this collection:

- Signal Profile - Most Volume - Top v Techs -

Signal Profile

This department has a pie nautical chart which tin dismiss present diverse types of communication. In this case, all metadata were collected from PSTN, which stands for Public Switched Telephone Network. This is the traditional telephone infrastructure, consisting of telephone lines, (undersea) fiber optic cables, microwave transmission links, cellular networks, as well as communications satellites, all interconnected past times switching centers.

In this case, MIVD collected the metadata from PSTN traffic using their satellite station close Burum, which is operated past times the signals intelligence unit of measurement NSO. This station is conveniently situated adjacent to a large commercial the world station operated past times Stratos Global, which provides access to Inmarsat, as well as Castor, providing access to Intelsat, Eutelsat, Gazprom, RSCC, SES (Astra), Telesat, as well as Arabsat satellites.

Whereas nowadays almost all intercontinental communications exceed undersea fiber optic cables, to a greater extent than or less less-developed countries similar Afghanistan, Sudan, Somalia, Republic of Cuba as well as North-Korea, as well as remote regions inwards Russia, Communist People's Republic of China as well as Africa obviously nevertheless piece of work Intelsat satellite links for their international telecommunications. H5N1 issue of these countries are also linked to Intersputnik satellites.

An illustration given past times the NRC paper is that of calls made past times somali people from telephone telephone shops inwards a Dutch metropolis similar Rotterdam to the somali uppercase Mogadishu. If these calls move through satellite links, the MIVD is able to collect their metadata. The agency alone gathers communications that are related to terrorism as well as those that are necessary to back upwards international military machine operations.

The Burum teleport, with the NSO intercept station (left) as well as the
the world station operated past times Stratos Global as well as Castor (right)
(photo: Castor - click to enlarge)

According to a reply from the Dutch government, the 1,8 i 1000 1000 metadata were collected past times the MIVD from phonecalls, including to a greater extent than or less sms as well as fax messages, that "originated and/or terminated" inwards unusual countries. After all communication information with a Dutch telephone issue were filtered out, the remaining information were "shared with partner agencies".

This means, these information weren't merely shared with NSA on a bilateral basis, but also inwards multinational military machine intelligence sharing groups similar the 9-Eyes as well as the 14-Eyes, which is truly called SIGINT Seniors Europe. Both groups consist of the Five Eyes plus a issue of tertiary Party nations.

In response to parliamentary questions, the Dutch authorities seemed to advise that the 1,8 i 1000 1000 metadata equals 1,8 i 1000 1000 "unique moments/types of communication". This reverse to before as well as widespread assumptions that 1 telephone phone telephone creates multiple metadata records.

Most Volume

In the screenshot nosotros tin dismiss come across that the metadata records were collected through a facility designated past times the SIGAD US-985Y.

According to NRC, Dutch authorities sources tell that this SIGAD does non designate a unmarried facility, but rather "metadata collected past times MIVD that are shared with NSA".

This agency that these information could live on derived from multiple collection platforms as well as non merely from the satellite intercept station close Burum, although the Dutch authorities said that inwards this illustration the 1,8 i 1000 1000 metadata were collected through satellite interception. Besides Burum, the Dutch SIGINT unit of measurement NSO also has a high-frequency radio intercept station close Eibergen as well as to a greater extent than or less mobile signals intelligence units which tin dismiss live on deployed during unusual operations.

US-985Y is from the same attain equally US-985D, which is the SIGAD inwards the screenshot most the collection of metadata related to France, as well as also close the attain of US-987 SIGADs which are used for collection past times Spanish, Norwegian, High German as well as Italian agencies. Interestingly, it was Der Spiegel noticing already inwards August 2013, that SIGADs similar the US-987 serial were with those assigned past times NSA to the SIGINT activities of tertiary Party partner agencies.

If the Dutch interpretation is correct, nosotros receive got to assume that also the SIGADs for other countries exercise non designate a special physical interception facility, but rather a unusual agency equally the unmarried source of shared data, with divisions non according to collection facilities, but according to information types similar metadata, content, telephone as well as internet. This makes to a greater extent than or less sense, equally it's non upwards to NSA to assign designations to private unusual collection platforms.

The headquarters of the Dutch military machine intelligence agency MIVD,
which is located inwards the Frederikkazerne inwards The Hague
(photo: GPD)

Top v Techs

This department of the screenshot mentions the technical systems or programs used to collect or procedure the data. Here, alone a unmarried organisation was used, called CERF CALL.

Sources contacted past times NRC tell this stands for "Contact Event Record Call", which refers inwards a to a greater extent than technical way to (telephony) metadata. "Contact" as well as "event" are price which are also seen inwards other NSA documents related to metadata, thence that seems to brand sense.

It was unusual that at that spot was no give-and-take for the missive of the alphabet F, but to a greater extent than or less enquiry revealed that the F most probable stands for Format. In several job vacancies CERF tin dismiss live on seen equally listed with a issue of other NSA information formats similar CSDF as well as ASDF. We tin dismiss assume instantly that CERF = Contact Event Record Format.

The same tech was also inwards the BOUNDLESSINFORMANT screenshot most Germany, where CERF CALL MOSES1 was the quaternary biggest one. Maybe CERF is used for collected metadata inwards full general as well as CALL specifies that for telephony metadata (although inwards NSA-speak, telephony is ever designated equally DNR). An additional codeword similar MOSES1 could as well as thence live on used to farther specify these information sets.

Seeing CERF inwards the Dutch nautical chart came somewhat equally a surprise, because inwards almost all screenshots that followed the High German i (France, Spain, Italy, Kingdom of Norway as well as a nautical chart most Afghanistan) nosotros saw DRTBOX, which is a technique used for treatment metadata derived from mobile communication systems (PCS).

DRTBOX refers to surveillance devices made past times DRT, which are used to locally intercept radio as well as prison theatre mobile telephone phone communications, as well as are widely used inwards state of war zones similar Afghanistan. This also provides a really potent indication that the metadata for those other countries were collected during or inwards back upwards of military machine operations abroad.

The satellite intercept station of MIVD close Burum
(photo: ANP)

We should also live on aware of the possibility that the BOUNDLESSINFORMANT screenshot doesn't present everything that the Dutch agency MIVD shares with NSA, equally inwards this i at that spot are alone telephony metadata. This is the lesson that was learned from the screenshot most Afghanistan, which was published past times Glenn Greenwald inwards a Norwegian paper concluding November.
That nautical chart also shows merely telephony metadata from i unmarried source, but communications from Transitional Islamic State of Afghanistan are of course of written report intercepted past times numerous collection facilities. This agency that such a document bearing the scream of a special the world doesn't necessarily contains everything what's collected from or past times that nation.
This occupation arises from the fact that these screenshots are published without their master context, thence nosotros don't know which selections inwards the BOUNDLESSINFORMANT interface were made prior to resulting inwards the output nosotros come across inwards these charts. Unfortunately, Glenn Greenwald isn't able or willing to respond these sort of questions.

> More background of this story: Dutch authorities tried to cover the truth most metadata collection

Update:
In July 2017, a Dutch journalist involved with the Snowden revelations said on Twitter that the 1,8 i 1000 1000 records stand upwards for to a greater extent than or less 12 i 1000 1000 pieces of metadata (which agency i tape consists of at to the lowest degree half dozen fields) as well as that the Dutch Ministry of Defence had confirmed that they were collected from Somalia.

UPDATE

On March 5, 2014, the Dutch paper Sentinel Visualizer or Analyst's Notebook or a similar software program, but it also resembles the SYNAPSE information model used past times NSA.