Our Announcements

Not Found

Sorry, but you are looking for something that isn't here.

Posts Tagged NSA

THE  LAST  DIPLOMAT – BY ADAM ENTOUS AND DEVLIN BARRETT

Related image

THE  LAST  DIPLOMAT

As Robin Raphel worked for the State Department in Pakistan, her brand of traditional diplomacy ran into the new realities of covert surveillance. The collision turned her life upside down

BY ADAM ENTOUS AND DEVLIN BARRETT

 

BEGINNINGS /THE COMEBACK /THE INVESTIGATION THE AFTERMATH

Portrait by Stephen Voss for The Wall Street Journal

Just before 8 on the morning of Oct. 21, 2014, Robin Raphel climbed into her Ford Focus, put her purple briefcase on the passenger’s seat and began the 20-minute drive from her house in Washington to her office at the State Department.

It was a routine Tuesday. The main event on her schedule was a staff meeting.

Raphel swiped her badge at the revolving security door and headed to her office where she placed her briefcase on the floor and sat down to check her email. Later, as she joined her colleagues in a conference room to discuss office schedules, her mobile phone, which she had left at her desk, began to ring. It was Slomin’s Home Security.

When she didn’t pick up, the operator called her daughter Alexandra, who raced to the house to check the doors and windows. When Raphel returned to her desk, the phone rang again. It was Alexandra, in a panic.

Burglars hadn’t set off the alarm. It was the Federal Bureau of Investigation.

Raphel grabbed her purse and ran out. She left behind her purple briefcase—one she had bought at the Kohsar Market in Islamabad—with a bag of carrots and a Rubbermaid container full of celery sticks inside.

As she pulled up to her yellow-brick house, Raphel saw agents going in and out the front door, walking across the oriental rugs she had trundled back from tours in South Asia. They boxed up her two computers, Alexandra’s iPad and everything else electronic. In the basement, they opened the drawers of a mahogany file cabinet she had picked up during a posting in London. They pulled out a stack of files.

The agents, without saying a word, carried the boxes out to a white van.

Raphel, unsure of what was happening, paced in circles on her front porch.

Two FBI agents approached her, their faces stony. “Do you know any foreigners?” they asked.

Raphel’s jaw dropped. She had served as a diplomat in six capitals on four continents. She had been an ambassador and the State Department’s assistant secretary for South Asian affairs. Knowing foreigners had been her job.

“Of course,” she responded, “Tons…Hundreds.”

Three weeks before the FBI raided her house, Raphel had touched down at Benazir Bhutto International Airport in Islamabad. The city was in an anxious, turbulent state. Antigovernment protesters had closed off so many streets that her driver had to take a roundabout route to the diplomatic quarter.

All summer, U.S. intelligence agencies had been intercepting rumours from Pakistani officials about a possible coup. Alarm bells were ringing in the State Department’s office of the Special Representative for Afghanistan and Pakistan, where Raphel worked and went all the way to the White House. She had come to figure out what was really going on.

In her apartment at the embassy, she found a bottle of wine—a welcoming gift from U.S. Ambassador Richard Olson, who was thankful for her help in an uncertain time.

At a dinner party at the home of an American diplomat in Islamabad’s elite E-7 sector, Raphel and a group of Pakistani politicians pulled their seats into a circle in the living room to discuss the rumours. One parliamentarian said he was bullish on the idea of the populist opposition leader Imran Khan taking power. A former Pakistan ambassador to Washington countered that Khan had moved too soon and predicted the sitting prime minister would survive.

With students at Damavand College in Tehran, 1971With Arnold Raphel at a cocktail party in Islamabad, Before leaving, Raphel reported her findings to the ambassador. Pakistan was prone to coup talk, she knew, but she didn’t believe the current conditions were right for an overthrow of the government. In the end, she was correct: The rumours had been overblown. Khan’s followers would soon disperse, and Nawaz Sharif would remain prime minister. She had flown home considering her trip productive.

Over a four-decade career in the foreign service, whether in Islamabad, London, Pretoria, New Delhi or Tunis, Raphel had distinguished herself by building vast networks of contacts. She had spent as much time as she could outside the embassy, rubbing shoulders with politicians, military officers, journalists, aid workers and spies over teas, lunches and endless cocktail parties. Sources felt they could talk to her—that she understood them.

Nowhere was that truer than in Islamabad, where she had started her diplomatic career. “I could go to Robin and say, ‘does this member of parliament matter?’ ” said Cameron Munter, who took over as U.S. ambassador to Pakistan in 2010. “She knew them all.”

There was a downside to being trusted in a country that many of her colleagues in Washington loathed. Those who took a dimmer view of Pakistan, especially in intelligence circles, were suspicious of Raphel’s close connections in Islamabad. They believed she had become too close to the Pakistanis and that she was being used.

In moments when the two countries were at odds, Raphel had consistently argued against pulling up the drawbridge. In conference calls with Washington, her co-workers said, she would always say: “Let’s look at it from their point of view.” As early as the mid-1990s, intelligence officers saw her as an obstacle to isolating Pakistan over its nuclear program.

“For better or worse, she got a reputation within the intelligence community as tilting towards the Pakistanis, and she could never escape that,” said Bruce Riedel, a CIA veteran who served as deputy assistant secretary of Defense for the Near East and South Asia in the 1990s.

Unbeknownst to Raphel, as she had made her rounds in Islamabad in the fall of 2014, and spoke to contacts on the phone and on Skype, law-enforcement officials half a world away had been listening. Raphel’s old-fashioned way of doing business—working outside the confines of the embassy compound—had run headlong into the realities of America’s global surveillance web, on which the U.S. had increasingly come to depend.

Since receiving a tip from an intercepted communication months earlier, the FBI had obtained warrants to monitor Raphel’s private accounts and to secretly search her home. They had transcribed information she had discussed with Pakistanis and taken it to intelligence officials, who had told them the topics were beyond her security clearance. The message, according to a former senior intelligence official, was that “Robin needs to shut up.”

What they heard during her trip to Islamabad had been the final straw. Law enforcement officials said the people listening were convinced Raphel was a threat to national security.

The following account of the FBI investigation of Raphel is based on interviews with dozens of her co-workers, Pakistani contacts, intelligence officials, law enforcement officers and attorneys involved in the case.

PART 1 BEGINNINGS

When she landed in Tehran in 1970 to teach at a women’s college, Robin Lynn Johnson was 23, a native of the small lumber town of Longview, Wash., whose curiosity about the world had grown from reading her father’s collection of National Geographic magazines and historical novels. With blond hair, high cheekbones and a posture honed through years of ballet, she sometimes drew comparisons to the actress Candice Bergen.

There, she met Arnold Raphel, a political officer at the U.S. embassy. Arnold stood 6-foot-1, a full head taller than Robin. He wore aviator-style wire-rim glasses with conservative suits, giving him a perpetually serious look, though he was anything but. Wherever he went, a party seemed to erupt.

Tehran was in the throes of an oil boom and the young couple spent their nights dancing on the wraparound porch at the Naderi hotel, where the city’s elite turned out in the latest Paris fashions. In 1972, when Robin was 25, she married Arnold on the grounds of the U.S. embassy, which, just eight years later, would be overrun by followers of Ayatollah Khomeini.

 

Raphel’s wedding to Arnold Raphel in Tehran in 1972. 

Posted to Islamabad in 1975, the Raphels were prolific entertainers, former colleagues remembered. Over cocktails and private screenings of American movies flown in by the U.S. military, they began to unravel Pakistan’s social and political dynamics. It was then that Raphel started to get a sense of what a confusing place Pakistan could be.

Islamabad wasn’t an easy place for diplomats to operate, much less comprehend. Double talk reigned—to the point where even veterans of the game couldn’t tell who was pulling the strings, or who was manipulating whom. Because most high-ranking officials there spoke English, many diplomats from both sides “made the mistake of thinking we’re speaking the same language, when we are not,” said Marc Grossman, who served in Islamabad with the Raphels in the 1970s. “Sometimes we live on entirely different planets.”

When the Raphels returned to Washington in 1978, Robin wanted to have children. Arnold, who had a daughter whom he rarely saw from his first marriage, did not. They divorced in 1982.

Six years later, Arnold, who returned to Pakistan as the U.S. ambassador, was killed in a mysterious plane crash with then-Pakistani President Muhammad Zia al-Haq.

Though she married twice after Arnold and had two daughters, Raphel never changed her name. She told colleagues that this was how everyone knew her professionally. Because of Arnold’s stature, the Raphel name carried huge prestige in Pakistan. One of Raphel’s oldest friends said he thought she kept the name because “Arnie was the love of her life.”

In 1993, President Bill Clinton, an acquaintance from her university days, tapped Raphel to serve as the nation’s first assistant secretary of State for South Asian affairs. Eighteen years after she first arrived in Islamabad as the young wife of a diplomat, Raphel found herself at the center of the action.

During her first trip to Islamabad as assistant secretary, Raphel visited the Foreign Ministry, a whitewashed building surrounded by manicured lawns. There she met a woman named Maleeha Lodhi, who had just been named Pakistan’s ambassador to the U.S.

MALEEHA LODHI

Lodhi met Raphel in 1993 after she was tapped to serve as Pakistan’s ambassador to the U.S. for the first time. Raphel and Lodhi turned to each other, on and off, for information. In 2014, the FBI became suspicious of their relationship.PHOTO: ALEX WONG/GETTY IMAGES

Raphel already knew of Lodhi—she was the founding editor of The News, a prominent English-language paper in Pakistan, where her front-page foreign policy columns had made her a star.

At her home in Islamabad, Lodhi fostered a salon-like atmosphere where politicians, intellectuals and journalists listened to music and debated the news long into the night. Pakistan’s new prime minister, Benazir Bhutto, would sometimes make an appearance. Raphel’s colleagues from the U.S. embassy, who attended some of these sessions, had concluded, based on the assembled guests, that Lodhi was a serious player.

Lodhi wasn’t from one of the prominent families that typically produced the country’s top leaders. She learned English from Irish nuns at a convent in Rawalpindi, where she grew up in an upper-middle-class home, the daughter of an oil company executive. She made her way to England, where she studied at the London School of Economics. Tim Carney, who served as Raphel’s deputy, said he always knew where he could find Lodhi at parties—outside in the middle of a boisterous crowd, smoking Cartier cigarettes.

Lodhi was drawn to Raphel. She knew that Raphel’s State Department title and her position as a friend of President Clinton would be useful to her in navigating Washington.

Raphel found Lodhi to be intelligent, ambitious and serious—if a bit reserved. She also recognized her as someone who would be a longtime influencer.

“Pakistan is a country of 200 million people. But its leadership is like a deck of cards,” said Husain Haqqani, the former Pakistani ambassador to Washington. “However you shuffle them, the same 52 people will show up in one hand or another. Robin understood that.”

Lodhi’s ambassadorial residence in Washington was a short walk from a Ritz-Carlton Hotel, where she liked to meet Raphel and other friends next to the lobby fireplace. Lodhi was 10 years younger than Raphel but the two women had a lot in common. Like Raphel, Lodhi was a single mother—she had married a Pakistani civil servant at 25 and divorced five years later. Both had strong opinions and didn’t hesitate to share them, and were climbing the rungs of power in a profession dominated by men.

In 1995, Congress took up the Brown Amendment, a piece of legislation that would begin to ease nuclear sanctions it had imposed on Pakistan. The two women joined forces in a months-long lobbying campaign to support it.

For Lodhi, the bill’s passage helped build her credibility as a diplomat. Raphel considered the victory to be one of the signature accomplishments of her time as assistant secretary—but it also came at a price. The Brown Amendment, which President Clinton supported, had not been popular with some U.S. intelligence officials, who believed the U.S. should isolate Pakistan to pressure its leaders to end its nuclear program. Raphel took the brunt of the backlash.

Not long after the amendment passed, Deputy Secretary of State Strobe Talbott sent an aide to Raphel’s office with a disturbing message.

According to officials, the aide told Raphel U.S. spy agencies had intercepted communications in which Pakistani officials suggested that Raphel had revealed sensitive information to them about what the U.S. knew about Pakistan’s nuclear work. U.S. intelligence officials said the information was classified and the disclosure wasn’t authorized.

Raphel denied disclosing too much. She consulted with top officials at the State Department’s internal intelligence branch, who recommended she ask Diplomatic Security—the security and law enforcement arm of the State Department—to investigate the matter.

Diplomatic Security agents interviewed Raphel about the alleged disclosures. They found no evidence of wrongdoing and took no disciplinary action against her. But Raphel was rattled.

To provide “insurance” in case the allegations re-emerged, she later told friends, she took the relevant records, including papers marked as classified, and put them in her safe at the State Department.

Raphel, dressed for the Marine Ball in Islamabad, in 1975. 

In 2003, Raphel took a posting in Baghdad, where she helped steer Iraq’s postwar reconstruction in the teeth of a violent insurgency. She would don a headscarf and jump into local taxis to see Iraqi officials, or drive to meetings alone in her SUV.

“Robin was the type that did what she knew had to be done and asked for forgiveness later,” said retired Lt. Gen. Jay Garner, one of her bosses in Iraq. “She lived on the edge but she never fell off.”

After two years of working on Iraq, Raphel had seen the insurgency hollow out much of the work the U.S. had done. She decided it was time to leave the State Department.

On the day before her 2005 retirement ceremony—which was held in the State Department’s Treaty Room—Raphel packed her books, mementoes and photographs into boxes, along with the contents of her office safe, and took them home.

The next day, after the toasts and speeches had ended, Raphel had a plane to catch. She was due to appear at a conference in Dubai. She went to the basement and opened her mahogany file cabinet. She dumped the papers inside.

Raphel came from a generation of diplomats whose approach to the job had been honed in a different time. America’s presence in the world was changing.

Since 9/11, security concerns abroad had forced diplomats in volatile parts of the world to spend more time cooped up in fortified embassies. The volume of “human intelligence” or “humint” they gathered by talking to contacts began to decline. In its place, policymakers in Washington turned to another form of information—the kind collected electronically and surreptitiously.

To monitor foreign governments around the world, the U.S. uses satellites and ground-based sensors implanted in local communications networks that sweep electronic communications and reroute them to the U.S. Most of this information, known as “signals intelligence,” or “sigint,” is funneled into a steel and glass building 25 miles north of the State Department in Fort Meade, Md., the headquarters of the National Security Agency.

The Urdu-speaking analysts who covered Pakistan at the NSA sat in cubicles and worked in shifts listening to audio files that stacked up in queues on their computer screens like emails. To help them follow the conversations on their headphones, sound waves bounced on their screens. The analysts tracked political, military and economic developments in Pakistan, just like the diplomats, but by targeting the email addresses and phone numbers of senior officials, many of whom were also Raphel’s contacts. If they heard something of intelligence value, analysts wrote summaries that were compiled into signals-intelligence reports and disseminated to senior policymakers.

Raphel greeted Pakistani Prime Minister Benazir Bhutto. Maleeha Lodhi stands on the stairs of the plane. 

Making sense of these conversations wasn’t easy, especially in Pakistan. U.S. analysts who covered the region often felt as if they had entered a hall of mirrors. The cryptic and deceptive nature of talks between Pakistani officials—who often knew they were being monitored—made it difficult to understand the context or judge the veracity of what they were saying.

Often, U.S. diplomats would read signals-intelligence reports and realize the Pakistanis were misreporting what Americans had told them, either because the messages were unclear, mistranslated or simply misunderstood—or because they were twisting them on purpose for professional or political reasons.

Among Pakistani diplomats, “The desire to tell your bosses what they want to hear is overwhelming,” said Haqqani, the former Pakistani ambassador.

As the NSA’s techniques grew more sophisticated, and as the business of government increasingly shifted to email and mobile phones, the volume and quality of the intercepts grew. The information in these reports was so immediate and uninhibited—and often so salacious—senior officials could hardly wait to read them. In the four decades since Raphel joined the State Department, and especially during the Obama administration, officials say, the U.S. government’s reliance on signals intelligence had grown to the point where it made up anywhere from 60% to 75% of the information coming in. And yet it was impossible to know how much of it was reliable.

“You always have to be careful because you’re listening to a conversation. You aren’t listening to testimony. You aren’t listening to a brief that’s fully thought out,” said former NSA Director Michael Hayden. “You are trying to determine truth from a conversation that is oblique, indirect and casual, often in a language not your own and in a culture that you do not share.”

In 2009, as the Obama administration stepped up its drone war in Pakistan’s tribal areas, a staging ground for militants to launch cross-border attacks on U.S. forces in Afghanistan and to plot against the West, the embassy’s clandestine function became the top priority.

Four years into her retirement, Raphel was working as a lobbyist in Washington. Settled at home, with three ill-fated marriages behind her, she had more free time to spend with her two college-age daughters, Alexandra and Anna, and to take long walks with friends along the towpath in Georgetown.

She enjoyed her downtime but had grown tired of scaring up clients and tracking billable hours as a lobbyist.

In the spring of 2009, when she was 61, Raphel attended a cocktail party in Washington where she bumped into an old friend: Anne Patterson, the sitting U.S. ambassador to Pakistan. When the subject turned to Patterson’s work at the embassy, Patterson told Raphel she didn’t have enough people who really understood Pakistan’s complexities. Patterson often told aides that Islamabad was the “weirdest” place she had ever served.

ANNE PATTERSON

Ambassador Patterson ran into Raphel at a dinner party in Washington in 2009 and asked her to join her team at the U.S. embassy in Islamabad. Patterson held up Raphel as a model for more junior foreign-service officers because of her long list of Pakistani contacts.PHOTO: DANIEL ACKER/BLOOMBERG NEWS

Pakistan had also become a more dangerous place for diplomats. One year earlier, terrorists had detonated a dump truck full of explosives at the Marriott Hotel, killing more than 50 people and carving a 60-foot crater in the ground. Much of Patterson’s time as ambassador had been devoted to overseeing the CIA’s covert drone strikes on militant targets.

The State Department’s Diplomatic Security service, charged with protecting the U.S. embassy in Islamabad, had grown so concerned about terrorism that the compound was often put on lockdown. Fewer embassy workers ventured out and usually only then in U.S. armoured vehicles. For security reasons, the State Department had begun to limit foreign-service officers in Islamabad to one-year tours, giving them barely enough time to acclimate before shipping out. Many officials spent their time in a secure room reading signals-intelligence reports or working on their suntans by the pool.

Patterson knew Raphel wasn’t one for the “Fortress America” style of diplomacy that had taken root after 9/11, in which monitoring for threats was the top priority. Patterson needed someone to help manage billions of dollars in U.S. aid money aimed at shoring up the country’s new civilian-led government—someone who could open doors and who had deep connections within the country’s power structure. She asked Raphel if she would consider coming back.

Raphel liked the idea of serving her country again and asked Patterson for time to think.

She called one of her oldest friends from the State Department, Beth Jones, to ask her advice. “Go for it,” said Jones, who added that it sounded like an opportunity to do “things that really mattered.” A few days later, Raphel accepted the job.

PART 2   –   THE COMEBACK

In August 2009, Raphel moved into a white, two-story stucco house on First Street in Islamabad’s F-6 neighbourhood.

Like every house on First Street, it was built in the 1960s, when Pakistan laid out its capital. It had a high-security wall topped with shards of glass. Unlike most other houses, however, it also had bars on the windows.

What the house lacked in curb appeal, it made up for in proximity. The outdoor cafés of the Kohsar Market, where Pakistan’s political class gathered in the evenings to trade conspiracy theories over fruit drinks and sandwiches, was a five-minute walk.

After settling in, Raphel went to a website that specialized in inexpensive, refurbished right-hand drive Japanese cars and purchased a silver Toyota—a kind that is ubiquitous in Pakistan. She figured it wouldn’t stand out and that she could use it to roam the city freely.

Dressed in a long traditional Pakistani tunic known as a kameez, worn over a pair of loose, lightweight trousers, or shalwar, she would drive herself to party after party in Islamabad, something few of her embassy colleagues would ever do. One of her bosses referred to her as “the last of the Mohicans.”

In the 1990s, when she was the State Department’s assistant secretary for South Asian affairs, Raphel had been the one shaping U.S. policy on Pakistan. Now, her superiors in Washington, many of whom were much younger and didn’t know the country as well as she did, were calling the shots.

 

In Islamabad, however, the power players had barely changed and she fell quickly back into the whirl. In the evenings, she would huddle with local journalists at café tables in the Kohsar Market. One day she would meet with Gen. Ashfaq Parvez Kayani, the powerful army chief, to talk about aid projects, then fly to Lahore or Karachi to sit down with television talk-show hosts, bureaucrats and businessmen the next, all with a level of informality and directness that came from spending so many years in the country.

By the end of her last tour there, Raphel had become such a ubiquitous figure, and so widely trusted, that many Pakistani officials mistakenly believed she outranked the ambassador. “You weren’t talking to a U.S. diplomat,” explained Abid Hasan, a former World Bank official in Islamabad. “You were talking to Robin.”

In Islamabad, Raphel’s job was to focus on aid projects. But she also “delivered the mail,” as State Department officials say, for other diplomats who didn’t have her level of access. In that informal role, co-workers recalled, Raphel was sometimes asked to raise issues that went beyond her remit.

The NSA regularly swept up Pakistani communications “to, from or about” senior U.S. officials working in the country. Some American officials would appear in Pakistani intercepts as often as once a week. What Raphel didn’t realize was that her desire to engage with foreign officials, the very skill set her supervisors encouraged, had put a target on her back.

As Raphel settled into Islamabad, she was reunited with Maleeha Lodhi, and the two women fell back into their working friendship. Once again, Lodhi became one of Raphel’s best contacts, and Raphel, in turn, became one of Lodhi’s.

Lodhi was out of government. She had returned to the news business, writing a regular column and appearing as a commentator on Pakistani television. American officials said they had no doubt that Lodhi was more than an ordinary journalist, however.

In her six years in Washington as Pakistan’s ambassador, Lodhi had earned a reputation as a reliable source for what Pakistani officials were thinking, and in particular, as a trusted conduit for relaying messages to Pakistan’s senior military leadership in Rawalpindi, U.S. officials said. She was, in State Department parlance, an “influencer.” One reason U.S. officials trusted her: The NSA had long been monitoring her communications.

Pakistani officials with ties to Lodhi said the Americans exaggerated her influence. They said she was a journalist first, not a go-between. If she picked up something interesting in a conversation, she would occasionally share it with her Pakistani military contacts, but only if they reached out to her.

“Yes, she was in this game of information,” one of the officials said. “American diplomats would ask her, ‘What’s the thinking here?’ Others would ask, ‘What do you think the Americans will do next?’ ”

When Raphel and Lodhi met, Lodhi would take notes. Officials close to her said they were for her newspaper columns. The Americans said the notes were for reports she would send to government and military officials. Raphel, always concerned with maintaining informality, kept her notebook in her purse and scribbled down information once she got back to her car.

Raphel’s boss was Richard Holbrooke, who had been named to a new role in the State Department—the Special Representative for Afghanistan and Pakistan, or SRAP. Holbrooke encouraged his team of advisers to embrace “creative chaos,” work through informal channels and bypass government bureaucracy to get things accomplished.

RICHARD HOLBROOKE

A diplomatic troubleshooter who sought to forge a political solution to the war in Afghanistan, Holbrooke encouraged his advisers to work outside established diplomatic channels.PHOTO: SUSAN WALSH/ASSOCIATED PRESS

U.S. intelligence officials had always chafed at the way the State Department handled sensitive information. They long suspected Pakistani diplomats in Washington tried to pry information out of the SRAP office, viewing it as more forthcoming than other departments—a charge SRAP officials deny. From the perspective of intelligence agencies, including the FBI, the very existence of the Holbrooke team, working outside regular channels, “was a disaster waiting to happen,” said one former law-enforcement official.

After Cameron Munter took over as the U.S. ambassador to Pakistan in 2010, the competing forces of intelligence and diplomacy began to collide. When Munter pushed the CIA to be more “judicious” in its drone strikes in the tribal areas, the CIA’s station chief responded by telling diplomats not to discuss the drone program even in private meetings with senior Pakistani officials. If asked, he told them, they should change the subject.

Senior diplomats in Islamabad knew this was impossible. The drone program came up all the time. There was no way to avoid the topic.

Raphel didn’t know the key details because her Top Secret clearance didn’t include access to the “compartment” that covered the covert program. When her Pakistani contacts complained about the strikes, Raphel told them what other diplomats would say—that the U.S. wouldn’t need to do so many if the Pakistani army did more to rein in militants in the tribal areas, according to people she spoke with.

She would argue drones caused less collateral damage than the alternatives: American ground troops, Pakistani artillery strikes or F-16 bombing runs.

The populist politician Imran Khan, the loudest advocate in Pakistan against the drone program, said he had two sit-downs with Raphel in which he protested the strikes and that Raphel came across as “sympathetic” to his concerns. “I actually didn’t know what her position was, but I thought that I could make her understand me,” he said.

In December 2010, Holbrooke died of a torn aorta. In his absence, hard-liners in Washington who saw Pakistan as the enemy worked to undo many of his team’s efforts, officials said.

The deaths of two Pakistanis at the hands of a CIA contractor inflamed tensions between the countries. Then, in May of 2011, U.S. commandos violated Pakistani airspace during a mission that killed Osama bin Laden, setting off a new furore.

With the CIA’s influence growing larger, and the U.S.-Pakistan relationship crashing down around her, Raphel urged the State Department to keep working hard to maintain strong ties. “Everyone else wanted to take a hard line against the Pakistanis,” Munter remembered. “She was saying, ‘We want to salvage what we can because it is so important.’ ”

As she managed the U.S. aid program, Raphel spent little time in her embassy office. Sometimes she would leave her calendars and other papers on her desk instead of locking them away for the night. Marines who policed the embassy for security infractions cited her for these lapses. After three citations, Raphel received a reprimand from the State Department. Though it was a boilerplate letter many diplomats receive, and represented the lowest level of sanction the department could take, its language sounded ominous to outsiders. It went in her personnel file.

With Afghan Foreign Minister Amin Arsala, Kabul, 1993Raphel after the flight in training aircraft in Tunisia, 1998With Pakistani interim Prime Minister Moeen Qureshi, Indian Ambassador Siddhartha Shankar Ray and Indian Finance Minister Manmohan Singh, Washington, 1993Beside a fallen statue from Saddam Hussein’s palace, Baghdad, 2004With Nelson Mandela in Tunis, 1999

 

After the bin Laden raid, Raphel emerged as one of the few U.S. diplomats the Pakistanis were still eager to talk to. As Pakistanis scaled back contacts with American officials, “doors would still open for her,” said Mushahid Hussain Sayed, a prominent Pakistani senator.

As her tour in Islamabad was nearing its end, then-President Asif Ali Zardari invited Raphel to his residence for a private dinner, a signal he was ready to re-engage after the bin Laden raid. Munter, the ambassador, wasn’t invited.

After two years in Pakistan, the deterioration in relations made it harder to get aid projects done. Raphel was offered a new post in Washington as an adviser to Marc Grossman, who had replaced Holbrooke. Her new job was to collect political intelligence on Pakistan and help explain U.S. policy to officials there.

Before Raphel’s frequent trips to Islamabad, Grossman’s team would sit down with her to create a detailed itinerary of whom she would see and what she would tell them, her friend and diplomatic colleague Beth Jones recalled. Despite her past experience, Raphel had been excluded from the White House’s secret talks with the Afghan Taliban, and when high-level meetings took place at the Pakistan embassy, she wasn’t invited.

In Islamabad, the dynamics were different. Many Pakistanis still considered her to be the central player she was in the 1990s. Some of Raphel’s friends complained about the Obama administration’s approach to Pakistan. They thought Raphel was the one who should be formulating U.S. policy. The NSA picked up Lodhi and others criticizing Raphel’s superiors, officials said.

Though she scheduled her official meetings through the embassy and typically brought a note-taker, Raphel had fewer people to check in with and fewer constraints on her movements. She usually reported what she learned to a small number of senior State Department officials in informal emails that weren’t widely disseminated.

Some of the regular U.S. embassy diplomatic staffers, more isolated than ever, resented Raphel’s easy access. They seized on the old complaint that she was too quick to see things from Pakistan’s perspective. Over drinks at the American Bar at the embassy, said a senior official who worked there during Raphel’s final tour, “they badmouthed her. She was disrupting their comfort zone and they didn’t like it and they assumed she was doing something wrong.”

On Nov. 26, 2011, U.S. forces in Afghanistan accidentally attacked two Pakistani military checkpoints along the Afghan border, killing about two dozen Pakistani soldiers. Pakistan responded by blocking the Pentagon from using land routes to resupply U.S. and international forces in Afghanistan. Pakistan demanded an apology. The White House refused.

Raphel was exasperated. She couldn’t believe the U.S. would risk its relationship with Pakistan by failing to acknowledge what had clearly been a mistake. “We have to do this,” she would tell senior officials.

In January, in an email to her boss, Raphel wrote that in Pakistan, “The lack of a U.S. apology for the 24 dead still rankles very deeply.”

During her trips to Islamabad, Raphel was often more candid about her views with Pakistani officials, whom she felt comfortable confiding in, several of her colleagues said.

Raphel knew what intelligence analysts did at the NSA. She knew that when they swept up phone calls and emails from the Pakistanis she met with, they might see accounts of the things she had said. Some of her co-workers say she should have realized that her private comments would be reported by the Pakistanis and potentially twisted. They figured she might get in trouble for this.

They didn’t think anyone would accuse her of espionage.

PART 3   – THE INVESTIGATION

As Raphel settled back into her house in Northwest Washington in 2011, spy fears at home had soared to heights not seen since the Cold War. After an Army intelligence analyst leaked thousands of classified diplomatic cables, the White House issued an executive order establishing a governmentwide program to deter and detect “insider threats.”

President Barack Obama gave U.S. spy agencies and the FBI a one-year deadline to put the crackdown into motion.

By the time Edward Snowden leaked classified documents detailing the NSA’s global operations in 2013, the pressure to catch government moles had increased exponentially, former FBI officials say. The bureau was eager to bring cases.

Hunting for spies and moles had long been one of the FBI’s most secretive, time consuming, complex and unpopular assignments. Many of the bureau’s counterintelligence agents worked out of a field office in Washington, in specially designed spy-proof rooms without internet access where they read the daily bounty of signals intelligence for anything that suggests an American shared classified information.

When analysts at the NSA heard chatter about classified information, they would send the FBI what is known as an “811 referral.” Of the hundreds of these referrals the bureau receives in a year, its agents typically investigate one in five.

In February 2013, according to law-enforcement officials, the FBI received information that made its agents think Raphel might be a Pakistani mole.

The tip came in the form of intercepted communications that suggested Raphel had shared sensitive inside information without authorization. Two officials said this included information collected on wiretaps of Pakistani officials in the U.S.

Two FBI agents—a man and a woman—were assigned to investigate. Both were experienced in so-called “65 work,’’ FBI-speak for espionage cases. One of the agents had past experience investigating alleged Pakistani spying. The other had done 65 work involving Israel.

Investigators began what they call “circling the target,” which means examining the parts of Raphel’s life they could explore without subpoenas or warrants. Sitting in their cubicles on the fourth floor of the FBI’s Washington Field Office, a modern sandstone-coloured building on the edge of Chinatown, the agents began to map her network of contacts and search for signs of disloyalty.

One of the first things they looked at was her “metadata”—the electronic traces of who she called or emailed, and also when and for how long. Her metadata showed she was in frequent contact with a host of Pakistan officials that didn’t seem to match what the FBI believed was her rank and role.

The agents didn’t talk to the State Department officials who oversaw Raphel’s work. Instead, they approached the head of Diplomatic Security, Gregory Starr, to gain access to her personnel files and other records. Starr, in turn, kept State Department leaders who knew Raphel in the dark, worried about compromising the FBI investigation, State Department officials said.

State Department files showed she had been formally reprimanded for security infractions while working at the embassy in Islamabad. Over the course of her career, going back to 1977, she had been cited more than a dozen times. Raphel’s colleagues said this was a minor issue, considering her decades on the job. To the FBI it was a red flag.

After months of circling the target, FBI supervisors decided it was time to delve deeper. To monitor Raphel’s private conversations with Lodhi and other contacts on Skype, the FBI obtained a warrant from the Foreign Intelligence Surveillance Court—a decision approved at the highest levels of the FBI and the Justice Department.

 

The agents dug into her personal life. They probed her finances and looked at who was making college tuition payments for her daughters. The agents wanted to see if the Pakistanis might be covering her bills. They noticed when Raphel was a lobbyist, she had once registered as a “foreign agent” in order to lobby for Pakistan.

The FBI didn’t have a clear picture of where Raphel fit on the State Department organizational chart. She was a political adviser with the rank of ambassador but she wasn’t a key policymaker anymore. She seemed to have informal contacts with everyone who mattered in Islamabad—more, even, than the sitting ambassador and the CIA station chief.

The sheer quantity of Raphel’s communications on the thorniest issues of the day raised suspicions for the FBI agents who were reading the transcripts.

The agents investigating Raphel didn’t have extensive experience dealing with State Department diplomats. They had even less exposure to diplomats of Raphel’s generation. By the way, she spoke, Raphel sometimes made it sound as if she was giving Lodhi and other Pakistani contacts extremely valuable information.

For months, the agents read emails, pored over records and listened to intercepts to try to learn whether Raphel was giving away U.S. secrets. While they didn’t find any smoking-gun evidence of wrongdoing, there was plenty of “smoke,” one former law-enforcement official said. The FBI decided it was time to up the ante.

In January 2014, the bureau obtained a court-issued “sneak and peek” warrant, allowing agents to secretly search Raphel’s northwest Washington home while she was away.

The FBI sent a special Evidence Response Team trained in surreptitious searches. Raphel’s home had an alarm system, which the FBI team bypassed. Once inside, agents searched the living room and the three bedrooms. From the kitchen, they descended the stairs into the basement where they found the mahogany file cabinet.

When the FBI agents looked inside, they discovered the 20-year-old classified documents from Raphel’s Diplomatic Security investigation—a group of papers officials would later refer to as “the nuclear file.”

The agents put everything back as they found it. At the least, they believed they had enough evidence to pursue charges against Raphel for the crime of mishandling classified information. The agents thought they could be dealing with a decades-old asset of the Pakistani government, and suspected Maleeha Lodhi, who had been a figure in her life since the 1990s, was her point of contact.

In the same month the FBI searched Raphel’s house, James Comey, the new FBI director, visited a field office in Birmingham, Ala., where reporters asked him if the government was spying on people.

JAMES COMEY

Comey became the director of the FBI in September 2013. The Raphel investigation had already begun at that point, but Mr Comey oversaw and approved key decisions to proceed further with the case. Earlier this year, speaking about the Clinton email investigation, Mr Comey faulted the “security culture” of the State Department when it came to protecting classified information.PHOTO: KEVIN LAMARQUE/REUTERS

He said no—with a caveat. “Well, not the average person…Now, if you’re involved in one of the things I’m worried about, if you’re trafficking drugs, if you’re involved in violent crime, if you’re a terrorist or spy, I would like to be spying on you because I need to know what you’re doing,” he said. “That’s our business.”

While the FBI agents conducted their own surveillance, the bureau approached the NSA for assistance in gathering foreign intercepts involving Raphel and emanating from Islamabad, law-enforcement officials say. They were looking for what they call “flags on the target.”

The FBI’s suspicions were piqued, the officials said, when in some intercepts, Pakistanis referred to Raphel as a “source,” rather than by name. To the investigators, it sounded like spycraft.

The agents listening to the back-and-forth between Raphel and Lodhi and her other contacts were struck by what law-enforcement officials described as the “one-way” nature of the conversations. It seemed to the FBI as though Raphel did most of the talking and provided most of the information. One law-enforcement official said Raphel appeared in those discussions to be what cops sometimes call a “hip pocket source’’—not a formal intelligence asset or informant, but a “friendly’’ who was willing to share the information she came across informally.

As the agents listened to the back-and-forth, they would check with U.S. intelligence officials to see if the topics which Raphel discussed with Lodhi— drones, coups and reconciliation talks with the Taliban—were classified. They were repeatedly told that yes, they were.

FBI officials could have raised concerns about Raphel’s communications with her State Department superiors to get her to back off, but they didn’t. They wanted to catch her in the act, officials said.

For the FBI, the tipping point was Raphel’s trip to Islamabad where she looked into the coup rumours.

During her visit, Raphel was in regular phone contact with Lodhi, who invited her to come to her home library to talk privately over tea. Officials briefed on the investigation said the information they exchanged during the trip about the prospects of a coup was similar to what U.S. spy agencies were picking up—the same kind of information that intelligence officials were put in the President’s Daily Brief.

The agents at the FBI’s Washington Field Office decided it was time to confront her.

As Raphel stood on the small porch of her house in Washington on Oct. 21, 2014, the FBI agents leading the raid asked her for the names of the Pakistanis she spoke to most.

Raphel mentioned the Pakistani ambassador to the U.S., Jalil Abbas Jilani. She told the agents she had known him for a long time and that he was her primary contact. She didn’t mention Lodhi.

The agents, who had been monitoring her conversations for more than a year, though she was being evasive, according to law-enforcement officials. They asked Raphel if she had any classified documents in her house. She said she didn’t.

The agents were holding some documents during the conversation. The male agent flashed one of the pages. She could see that it bore classification markings.

Raphel’s mind was spinning. She told the agents that she had taken the classified documents home in 2005 and forgotten about them.

The agents didn’t think she offered a clear reason as to why she would have the authority to possess them.

As the conversation went on, the agents’ questions became more aggressive. Raphel started to think about lawyers she knew.

Beth Jones heard from a mutual acquaintance that something bad was happening to Raphel. Jones called her office phone but got no answer. She tried her mobile, and Raphel picked up right away. “What in the world is going on?” asked Jones.

Raphel told her FBI agents were going through all of her personal things, and that Alexandra was terrified. “I don’t know what this is all about,” Raphel said.

“It must be some horrific mistake,” Jones said.

The agents saw Raphel talking on her cellphone on the porch. They asked her to hand it over.

Back at the State Department, as Raphel’s co-workers watched, plainclothes investigators snapped pictures in her office and put adhesive seals on the doors. A few days later, they replaced the seals with a lock.

The only person in the State Department who really knew what was going on was Gregory Starr, who had been briefed by the FBI in early 2013. Starr informed Raphel’s bosses about a “serious situation,” and recommended that Raphel’s Top Secret clearance be suspended.

Starr told David Wade, the chief of staff to Secretary of State John Kerry. According to Wade, Starr’s description of the case made him think the evidence against Raphel was “unimpeachable” and that the State Department could do nothing to push back. Wade informed his boss.

The next morning, agents from Diplomatic Security knocked on Raphel’s door. They took her State Department badge and BlackBerry. She was summoned to the State Department’s human-resources department and told that her employment contract, which was about to expire, wouldn’t be renewed.

Eight days later, on Oct. 30, FBI agents sent Raphel a list of personal items she would be allowed to take home. Among them: her purple briefcase, the bag of carrots and the Rubbermaid plastic container with celery sticks.

Prosecutors with the U.S. Attorney’s office wouldn’t tell her lawyers anything about the allegations. Everything, including the means by which the FBI obtained the evidence, was a national-security secret.

To keep the story out of the media, Raphel’s bosses hadn’t told her co-workers why she wouldn’t be coming back to work. Yet on Nov. 21, a story about the espionage investigation appeared on the front page of the New York Times.

That evening, Richard Hoagland, a former ambassador who worked closely with Raphel in Pakistan and Washington, met her at Bar Dupont, a popular hangout on one of Washington’s busiest traffic circles. Figuring the FBI was tailing her, Hoagland chose a table at the bar where the two of them would be easy to spot. “I wanted the FBI to see us together,” he recalled.

The next day Hoagland posted a message on his Facebook page: “Robin’s a friend of many years. We met last night for drinks. She said it’s like falling into Kafka World. People, we are a democracy with rule of law. Let’s remember every citizen is presumed innocent.”

Beth Jones worked to keep Raphel’s friends and colleagues informed. Jones figured the FBI was monitoring her office phone at the U.S. mission to the United Nations in New York, so she made her calls on Raphel’s behalf from her cell phone while walking the streets of Manhattan.

As the drama unfolded, Alexandra was in the middle of planning her wedding. She talked about postponing it—concerned that her future in-laws would think their son was marrying the daughter of a spy.

In Islamabad, the allegations were the talk of the town. Pakistani businessman Rashid Khan pulled aside Richard Olson, the U.S. ambassador, to ask him about the case against Raphel.

“Rashid, I can’t talk about it,” Olson said.

On Nov. 7, Lodhi tapped out an email to Raphel—knowing full well the FBI would likely read it. “I just wanted you to know my thoughts and prayers are with you,” she wrote. “I can think of no one more loyal to her country than you. I am sure this is a huge mistake.”

Thanks, Maleeha,” Raphel replied cautiously five hours later. “I am in total shock of course. I know you appreciate my patriotism as I have appreciated and respected yours over the years. I am confident this will be resolved.”

After this exchange, Raphel decided to cut off communications with most of her Pakistani contacts. To keep her mind occupied, she attended seminars. At an event sponsored by the Atlantic Council, she ran into Munter, the former U.S. ambassador. Munter could see how distressed she was about the allegations and how adamantly she rebutted them.

“They’re screwing her,” he thought to himself.

PART 4THE AFTERMATH

In the fall of 2014, the FBI began interviewing Raphel’s State Department superiors and co-workers to try to fill in the missing pieces of their investigation.

They asked Grossman why he employed her, why she travelled to Pakistan, who she met with while she was there, whether he would give her instructions on what to tell her Pakistani interlocutors during her visits and whether she reported back on her conversations.

“Yes, yes, yes, because that was her job,” Grossman told them, according to an official briefed on the investigation.

Grossman told the FBI he “trusted her to do and say the right things,” the official said.

In other interviews, the agents asked her colleagues about a series of “incidents” that seemed suspicious to the FBI. Officials briefed on the investigation said the “incidents” referred to specific communication intercepts in which Raphel discussed sensitive topics, such as coup rumours, with Lodhi and others. The FBI agents wanted to know if she was authorized to discuss these things.

State Department officials told them she may not have been specifically “instructed” to do so in every instance, but she was “authorized” to discuss anything related to U.S.-Pakistan relations if her contacts wanted to—and so long as she didn’t divulge classified information.

“Any dinner party in E-7 is going to include a discussion about what are the odds of a coup,” one of Raphel’s superiors told the agents. “It may look secret from Washington’s perspective but it’s actually pretty widely known in Pakistan.”

State Department officials said that when they spoke to the FBI agents, they had the feeling they were explaining the basics of how diplomats worked.

At times, Raphel’s colleagues pushed back—warning the FBI that their investigation risked “criminalizing diplomacy,” according to a former official who was briefed on the interviews.

In one interview, the agents asked James Dobbins, who served as SRAP from 2013 to 2014, whether it was OK for Raphel to talk to a Pakistani source about information that wasn’t restricted at the time but would later be deemed classified.

“If somebody tells you something in one conversation, you might write that up and it becomes classified,” he said. “But that doesn’t mean the next time you see them that you can’t talk about what you’d already talked about.”

Agents asked if she was authorized to discuss topics in the President’s Daily Brief—the daily gathering of the U.S. intelligence agencies’ most valuable information. State Department officials were baffled by the question because she had no access to such a sensitive document. If she discussed similar information, they told the FBI, it came from her Pakistani contacts, not from reading U.S. intelligence reports.

Added together, the interviews undercut the notion that Raphel was working on behalf of Pakistan. Two senior law enforcement officials who were involved in the case said the bureau had misconstrued her conversations with Lodhi and others, and incorrectly identified her as a spy. The bureau had not fully understood Raphel’s role within the State Department and her bosses’ expectations of her. The critical distinction, many officials said, was in how differently the FBI and the State Department operate.

“It’s cultural,” a former official said. “The FBI is very structured about communications. Agents see things as binary—on or off, authorized or unauthorized, black and white. The state has a bunch of informal communications channels. Things are grey. It’s just the way State is.”

In the meantime, the FBI had ignited a wider debate about how the State Department handles secrets. In 2016, several diplomats who worked closely with Raphel were questioned by the FBI for sending vaguely worded emails related to U.S. drone strikes that were found on Hillary Clinton ’s private email server when she was secretary of state. Some of Raphel’s emails were included in the trove that was reviewed by the FBI during their now-closed investigation.

In July, FBI Director James Comey decried the “security culture” within the State Department as “generally lacking in the kind of care for classified information found elsewhere in the government.”

State Department officials, in turn, said it was the FBI probe that damaged national security.

In the spring of 2015, a prosecutor in the U.S. Attorney’s Office handling the Raphel case notified Amy Jeffress, one of Raphel’s attorneys, that the Justice Department was no longer investigating her client for espionage.

That was the good news. Yet the FBI still wanted her to be prosecuted for mishandling classified information—a charge that could result in jail time.

Alexandra got married on May 23, 2015, in a ceremony in Washington that was attended by more than 250 guests, including Jilani, the Pakistani ambassador, who sat at a table with several other Pakistani friends.

Alexandra had invited Lodhi, who had taken a post as Pakistan’s ambassador to the United Nations in New York. Lodhi sent word at the last minute that she had to attend a conference in Europe.

Raphel heard nothing for months from the FBI. She had already spent about $100,000 on legal fees, which she paid by tapping into her savings, but the bills were piling up. Jones set up a legal-defence fund and 103 of Raphel’s friends and colleagues, mostly from the State Department, donated nearly $122,000.

Inside the Justice Department, prosecutors went back and forth on the merits of the case against Raphel, officials say. The most sensitive document the FBI recovered was 20 years old, and if she were charged, it could well have been routinely declassified while she awaited trial.

More importantly, the officials said, federal prosecutors tend to charge people with mishandling national secrets when they have reason to believe the suspect has in fact done worse—in part to avoid bringing spy charges that might result in having secrets aired in court.

On March 21, 2016, 17 months after the raid on her house, a U.S. prosecutor informed Jeffress the Justice Department had decided to decline prosecution.

Raphel called Jones to give her the news. “Can you believe it?” she said.

“We’re having a celebratory dinner tomorrow night,” Jones said. “Tell me who to invite.”

As Raphel and her close friends sipped Champagne, officials at the FBI and Diplomatic Security tried to come to terms with the outcome.

A senior law-enforcement official said given another chance the bureau would follow the same path again. “Clearly she was not a spy,” the official said. “But there was smoke. The FBI had to get to the bottom of it.”

Another official said that even though no charges were ever filed against Raphel, investigators were partially satisfied by the outcome. To law enforcement and intelligence officials, the loss of her government job was justified by the discovery of the documents in her house and by the signals intelligence that showed her allegedly discussing topics that the FBI considered off limits, this official said.

Raphel’s lawyer, Amy Jeffress, called it “deeply disturbing’’ that law enforcement officials “continue to make anonymous and self-serving allegations about her conduct,’’ adding that “there was no evidence she ever provided classified information to anyone without authority.’’

State Department officials now say they feel guilty about what happened. They think the FBI went off half-cocked and boxed them in by overstating the facts of the case.

Gregory Starr and other State Department officials briefed on the investigation now suspect the FBI agents wrongly assumed the information Raphel was exchanging with Lodhi and others came from classified intelligence reports, rather than from her own conversations with her contacts, according to officials.

It was a mistake, they said, to assume U.S. spy agencies had a monopoly on information in a place like Pakistan, where “secret” U.S. efforts were openly discussed in parliament, at dinner parties and in the press.

Though the FBI probe of Raphel was dropped, Diplomatic Security has been reviewing the documents found in her basement to decide whether to cite her with a security violation. The outcome could clear the way for her to have her security clearance restored. They have yet to reach a verdict.

Over the past two years, diplomats in Pakistan and the U.S. have scaled back contacts, according to officials in both countries. U.S. diplomats say they are afraid of what the NSA and the FBI might hear about them.

“What happened to Raphel could happen to any of us,” said Ryan Crocker, one of the State Department’s most highly decorated career ambassadors. Given the empowerment of law enforcement after 9/11 and the U.S.’s growing reliance on signals intelligence in place of diplomatic reporting, he said, “we will know less and we will be less secure.”

“Look what happened to the one person who was out talking to people,” said Dan Feldman, Raphel’s former boss at State. “Does that not become a cautionary tale?”

Raphel returned to Islamabad this August. It was a personal trip. Ambassador Jilani had invited her to his son’s wedding.

To welcome her, and also to show Pakistani officials she was no longer an outcast, U.S. Ambassador David Hale hosted a dinner for Raphel in his residence. Several former ambassadors accepted the invitation, including Lodhi.

Raphel was honoured by the gesture but wary of how the dinner might be perceived. She told the embassy she didn’t want any cameras present.

Dinner was called at around 8 p.m., early by Pakistan standards. The guests moved into the adjoining dining room and took their seats around the table, where Raphel, wearing a Pakistani kurta over narrow trousers, was placed directly across from Hale.

Still relatively new to Pakistan, Hale had yet to establish deep connections with many of the guests in the room. Colleagues describe him as reserved, in many ways the opposite of Raphel. After Hale delivered a gracious toast, calling Raphel one of his mentors, Raphel thanked him and thanked her old friends for their support. She didn’t mention the FBI.

At around 10 p.m., also early by Pakistan standards, Hale left the party. He told his guests he had phone calls to make to Washington. Hale declined to comment about the dinner party, citing embassy protocol.

Before the guests dispersed, Lodhi pulled Raphel aside to talk. The FBI investigation had a chilling effect on their relationship, mutual friends say. Raphel knew that her voluminous conversations with Lodhi had helped to fuel the bureau’s suspicions.

As they stood there together, apart from the other guests, Lodhi leaned in close to Raphel.

“I’m glad this is over,” she said.

In March 2016, Raphel wrote a personal letter to Secretary of State John Kerry, urging the department to do more to protect diplomats who are trying to do their jobs. She has yet to receive a response. Officials said Kerry was awaiting the outcome of the internal review of the classified documents found in Raphel’s house.

On Nov. 28, she attended a ceremony in the State Department’s seventh-floor Treaty Room to mark Ambassador Olson’s retirement.

More than 100 of Olson’s colleagues, contacts and friends attended, including Beth Jones, Patterson and Ambassador Jilani, who had supported Raphel during the investigation.

After the speeches were given and the photographs taken, Kerry and Raphel pulled away from the crowd for a private chat. It was their first face-to-face since the FBI torpedoed her diplomatic career.

Diplomatic Security had yet to restore her security clearance. Some of her friends at the State Department said they believed the FBI opposed the idea.

Kerry and Raphel stood close together for only a couple of minutes. On the sidelines of the noisy gathering, Kerry leaned over and whispered into Raphel’s ear: “I am sorry about what has happened to you.”

—Saeed Shah contributed to this article.

Write to Adam Entous and Devlin Barrett at  [email protected]

 

THE LAST DIPLOMAT 

, , , ,

No Comments

IS NSA SPYING ON CITIZENS & INSTITUTIONS PART OF DEMOCRACY? :A must-read for all Risk-Managers: NSA has Targeted SWIFT and cracked much online encryption endagering banking online transactions

 RESEARCH REPORT

COURTESY

MAQSOOD KAYANI

 

 

nsa-prism1

 

 

   
 
 
The new Globo report also said the Belgium-based Society for Worldwide Interbank Financial Telecommunication, an organization better known as SWIFT that oversees international bank transfers thought to be secure transactions, were targeted by the NSA.

 

– Washington Post

 

 

The report, based on documents obtained from Edward J. Snowden, the former N.S.A. contractor, says the Society for Worldwide Interbank Financial Telecommunication, or SWIFT, a consortium based in Belgium that aims to allow banks around the world to securely exchange financial information and transactions, figures among prominent N.S.A. targets.

 

– New York Times

 

 

The chairman of SWIFT is Yawar Shah, who is from Pakistan. The CEO is Gottfried Leibbrandt, who is from the Netherlands. SWIFT was founded in Brussels in 1973 under the leadership of its inaugural CEO Carl Reuterskiöld (1973–1983) and was supported by 239 banks in 15 countries. It started to establish common standards for financial transactions and a shared data processing system and worldwide communications network designed by Logica. Fundamental operating procedures, rules for liability, etc., were established in 1975and the first message was sent in 1977. SWIFT’s first United States operating center was inaugurated by Governor John N. Dalton of Virginia in 1979.

 

The Society for Worldwide Interbank Financial Telecommunication (SWIFT) provides a network that enables financial institutions worldwide to send and receive information about financial transactions in a secure, standardized and reliable environment. Swift also sells software and services to financial institutions, much of it for use on the SWIFTNet Network, and ISO 9362. Business Identifier Codes (BICs) are popularly known as “SWIFT codes”.

 

The majority of international interbank messages use the SWIFT network. As of September 2010, SWIFT linked more than 9,000 financial institutions in 209 countries and territories, who were exchanging an average of over 15 million messages per day (compared to an average of 2.4 million daily messages in 1995). SWIFT transports financial messages in a highly secure way [how?] but does not hold accounts for its members and does not perform any form of clearing or settlement.

 

SWIFT does not facilitate funds transfer; rather, it sends payment orders, which must be settled by correspondent accounts that the institutions have with each other. Each financial institution, to exchange banking transactions, must have a banking relationship by either being a bank or affiliating itself with one (or more) so as to enjoy those particular business features.

 

SWIFT hosts an annual conference every year called SIBOS which is specifically aimed at the financial services industry. SWIFT is a cooperative society under Belgian law and it is owned by its member financial institutions. It has offices around the world. SWIFT headquarters, designed by Ricardo Bofill Taller de Arquitectura are in La Hulpe, Belgium, near Brussels. 

 

 

http://www.motherjones.com/kevin-drum/2013/09/nsa-targeting-swift-network-petrobras-french-ministry-foreign-affairs

 

NSA Has Apparently Targeted SWIFT Network

 

Sep. 9, 2013

 Inline image 2

 

 

Henry Farrell catches something interesting today. In a show on Brazilian TV about NSA surveillance, the PowerPoint slide (above) appears on the screen. Among other things, it suggests that the NSA has targeted the SWIFT payment network for penetration. Now, it’s always a good idea to take PowerPoints with a grain of salt, and it’s worth noting that this one is even less clear than usual. It merely says that many targets use private networks, which doesn’t necessarily mean that the NSA has actually cracked these networks. At the very least, though, this slide certainly implies that NSA is trying to crack them.

 

Here’s why this is interesting. You may recall that shortly after 9/11, the Bush administration worked out a deal with SWIFT officials to turn over all or most of their database voluntarily on a monthly basisThe idea was to use the information to try and track the money flows of al-Qaeda and other terrorist networks. That lasted until 2006. Farrell picks up the story from there:

 

When EU decision makers became aware of this (thanks to a New York Times story which the Bush administration tried to get spiked), there was political uproar, resulting in the negotiation of a framework under which the US agreed to impose limits and safeguards in return for continued access.

 

….This is interesting for two reasons. First — the EU thought the US had signed onto a binding deal on access to SWIFT data. If, as appears likely at this point, the US was letting the EU see what it did when it came in through the front door, while retaining a backdoor key for the odd bit of opportunistic burglary, it will at the least be highly embarrassing. Second — there are people in the EU who never liked this deal in the first place, and have been looking for reasons to get rid of it….

 

If the US has demonstrably lied to the EU about the circumstances under which it has been getting access to SWIFT, it will be hard for the EU to continue with the arrangement (and, possibly, a similar arrangement about sharing airline passenger data) without badly losing face. Even though the people who dominate the agenda (officials in the Council and European Commission) probably don’t want to abandon the agreement, even after this, they’ll have a bloody hard time explaining why they want to keep it. The EU-US homeland security relationship, which had been looking pretty cosy a few months ago, is now likely to be anything but.

 

Of more interest to the Brazilian reporters, of course, is the fact that Petrobras, their national oil company, is an NSA target. And the French will certainly be interested in the fact that their Ministry of Foreign Affairs network is also a target. Stay tuned for further fireworks.

 

 ​

 

 

 

 

 

http://www.juancole.com/2013/09/employee-parliament-cooperate.html

 

NSA Spying: Indian Gov’t Bans Employee Google Use as Euro Parliament Weighs Law Fining Cooperative Firms

 

by Juan Cole, 08-Sep-2013

 

The rest of the world is much more appalled at the spying of the National Security Agency on telephone, email, web browsers and other personal information than is the US public. As new revelations come out almost daily about the cavalier way in which the NSA has spied on the world’s presidents, parliaments and ordinary citizens it is natural that the rest of the world should begin responding to what they see as a dire threat to government and personal privacy.

 

The Indian government is preparing to ban government employees from using Google mail (gmail) or Yahoo mail for official purposes.

 

India is also considering requiring that all Indian-to-Indian email be carried solely on Indian servers inside the country. At the moment, Indian email (like that of most countries) bounces around the world before being delivered to the recipient, and likely will pass through US servers, opening it to being spied on by the NSA. One of the likely outcomes of NSA overreaching is that the internet will become more fragmented and hence less useful to the rest of us.

 

Meanwhile, the European Parliament is considering legislation that would fine private telecom and internet firms operating in Europe that turn data over to the NSA or give it a back door into their systems.

 

RT has a video report:

 

 

 

http://www.washingtonpost.com/business/technology/google-encrypts-data-amid-backlash-against-nsa-spying/2013/09/06/9acc3c20-1722-11e3-a2ec-b47e45e6f8ef_story.html

 Inline image 1

 

 

Google encrypts data amid backlash against NSA spying

 

September 7, 2013

 

Google is racing to encrypt the torrents of information that flow among its data centers around the world in a bid to thwart snooping by the NSA and the intelligence agencies of foreign governments, company officials said Friday.

 

The move by Google is among the most concrete signs yet that recent revelations about the National Security Agency’s sweeping surveillance efforts have provoked significant backlash within an American technology industry that U.S. government officials long courted as a potential partner in spying programs. Google’s encryption initiative, initially approved last year, was accelerated in June as the tech giant struggled to guard its reputation as a reliable steward of user information amid controversy about the NSA’s PRISM program, first reported in The Washington Post and the Guardian that month. PRISM obtains data from American technology companies, including Google, under various legal authorities.

 

Encrypting information flowing among data centers will not make it impossible for intelligence agencies to snoop on individual users of Google services, nor will it have any effect on legal requirements that the company comply with court orders or valid national security requests for data. But company officials and independent security experts said that increasingly widespread use of encryption technology makes mass surveillance more difficult — whether conducted by governments or other sophisticated hackers. “It’s an arms race,” said Eric Grosse, vice president for security engineering at Google, based in Mountain View, Calif. “We see these government agencies as among the most skilled players in this game.”

 

Experts say that, aside from the U.S. government, sophisticated government hacking efforts emanate from China, Russia, Britain and Israel. The NSA seeks to defeat encryption through a variety of means, including by obtaining encryption “keys” to decode communications, by using super-computers to break codes, and by influencing encryption standards to make them more vulnerable to outside attack, according to reports Thursday by the New York Times, the Guardian and ProPublica, based on documents provided by former NSA contractor Edward Snowden.

 

But those reports made clear that encryption — essentially converting data into what appears to be gibberish when intercepted by outsiders — complicates government surveillance efforts, requiring that resources be devoted to decoding or otherwise defeating the systems. Among the most common tactics, experts say, is to hack into individual computers or other devices used by people targeted for surveillance, making what amounts to an end run around coded communications. Security experts say the time and energy required to defeat encryption forces surveillance efforts to be targeted more narrowly on the highest-priority targets — such as terrorism suspects — and limits the ability of governments to simply cast a net into the huge rivers of data flowing across the Internet.

 

“If the NSA wants to get into your system, they are going to get in . . . . Most of the people in my community are realistic about that,” said

Christopher Soghoian, a computer security expert at the American Civil Liberties Union. “This is all about making dragnet surveillance impossible.” The NSA declined to comment for this article. The Office of the Director of National Intelligence issued a statement Thursday saying: “Throughout history, nations have used encryption to protect their secrets, and today terrorists, cybercriminals, human traffickers and others also use code to hide their activities. Our intelligence community would not be doing its job if we did not try to counter that.”

 

 

The U.S. intelligence community has been reeling since news reports based on Snowden’s documents began revealing remarkable new detail about how the government collects, analyzes and disseminates information — including, in some circumstances, the e-mails, video chats and phone communications of American citizens. Many of the documents portray U.S. companies as pliant “Corporate Partners” or “Providers” of information. While telecommunications companies have generally declined to comment on their relationships with government surveillance, some technology companies have reacted with outrage at the depictions in the NSA documents released by Snowden.

 

They have joined civil liberties groups in demanding more transparency and insisting that information is turned over to the government only when required by law, often in the form of a court order. In June, Google and Microsoft asked the Foreign Intelligence Surveillance Court to allow them greater latitude in reporting how much information they must turn over to the government. On Friday, Yahooissued its first “government transparency report,” saying it had received 12,444 requests for data from the U.S. government this year, covering the accounts of 40,322 users.

 

Google has long been more aggressive than its peers within the U.S. technology industry in deploying encryption technology. It turned on encryption in its popular Gmail service in 2010, and since then has added similar protections for Google searches for most users. Yet even as it encrypted much of the data flowing between Google and its users, the information traveling between its data centers offered rare points of vulnerability to potential intruders, especially government surveillance agencies, security officials said. User information — including copies of e-mails, search queries, videos and Web browsing history — typically is stored in several data centers that transmit information to each other on high-speed fiber-optic lines.

 

Several other companies, including Microsoft, Apple and Facebook, increasingly have begun using encryption for some of their services, though the quality varies by company. Communications between services — when an e-mail, for example, is sent from a user of Gmail to a user of Microsoft’s Outlook mail — are not generally encrypted, appearing to surveillance systems as what experts call “clear text.” Google officials declined to provide details on the cost of its new encryption efforts, the numbers of data centers involved, or the exact technology used. Officials did say that it will be what experts call “end-to-end,” meaning that both the servers in the data centers and the information on the fiber-optic lines connecting them will be encrypted using “very strong” technology. The project is expected to be completed soon, months ahead of the original schedule.

 

Grosse echoed comments from other Google officials, saying that the company resists government surveillance and has never weakened its encryption systems to make snooping easier — as some companies reportedly have, according to the Snowden documents detailed by the Times and the Guardian on Thursday. “This is a just a point of personal honor,” Grosse said. “It will not happen here.” Security experts said news reports detailing the extent of NSA efforts to defeat encryption were startling. It was widely presumed that the agency was working to gain access to protected information, but the efforts were far more extensive than understood and reportedly contributed to the creation of vulnerabilities that other hackers, including foreign governments, could exploit.

 

Matthew Green, a Johns Hopkins cryptography expert, applauded Google’s move to harden its defenses against government surveillance, but said recent revelations make clear the many weaknesses of commonly used encryption technology, much of which dates back to the 1990s or earlier. He called for renewed efforts among companies and independent researchers to update systems — the hardware, the software and the algorithms. “The idea that humans can communicate safely is something we should fight for,” Green said. But he said he wasn’t sure that would happen: “A lot of people in the next week are going to say, this is too hard. Let’s forget about the NSA.”

 

 

http://edition.cnn.com/2013/09/06/us/nsa-surveillance-encryption/

 

logo CNN.gif

 

 

NSA Campaign Against Encryption Reports: NSA has cracked much online encryption

 

CNN – September 6, 2013

 

The U.S. National Security Agency has secretly succeeded in breaking much of the encryption that keeps people’s personal data safe online, according to reports by The New York Times, The Guardian and ProPublica.

 

The reports, produced in partnership and published Thursday, are the latest to emerge based on documents leaked by former NSA contractor Edward Snowden to Britain’s Guardian newspaper. According to the reports, the NSA, alongside its UK equivalent, Government Communications Headquarters, better known as GCHQ, has been able to unscramble much of the encoding that protects everything from personal e-mails to banking systems, medical records and Internet chats.

 

The agencies’ methods include the use of supercomputers to crack codes, covert measures to introduce weaknesses into encryption standards and behind-doors collaboration with technology companies and Internet service providers themselves. “Through these covert partnerships, the agencies have inserted secret vulnerabilities — known as backdoors or trapdoors — into commercial encryption software,”

 

The Guardian says. The Guardian cites a 2010 GCHQ memo that it says describes a briefing on NSA accomplishments given to GCHQ employees. “For the past decade, NSA has lead (sic) an aggressive, multi-pronged effort to break widely used Internet encryption technologies,” the memo reportedly says. “Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.” A second memo is quoted as saying that when the British analysts, who often work alongside NSA officers, were first told about the program, “those not already briefed were gobsmacked.”

 

Another document states that GCHQ has been working to find ways into the encrypted data sent via four big Internet firms, Google, Yahoo, Facebook and Microsoft’s Hotmail, the reports claim. GCHQ told CNN it had no comment on The Guardian report. The reports claim that the NSA worked to develop more covert ways of unscrambling online data after losing a public battle in the 1990s to insert a government “back door” into all programming.

 

‘Foundation of web security’

 

Computer security expert Mikko Hypponen believes the revelation is the most important leak to date from Snowden. “It may not have gained as many headlines as some of his other stories, because most people don’t understand how crypto systems work. If indeed U.S intelligence does indeed have such a wide range of systems, then I’m surprised,” he told CNN. Crypto encryption is relevant to everyday applications that everyone uses, for example in communications and transactions, he said. “Now we learn that the foundation of web security has been compromised.”

 

Hypponen, the chief research officer for F-Secure, said he believes the NSA and GCHQ had probably cracked the encryption by placing moles in key companies at key locations. “Any major service provider must have sizable amounts of moles from intelligence agencies. Remember that the NSA has 35,000 people working for it,” he said. “The ordinary user should not be worried by these revelations — it’s obvious that intelligence agencies are not interested in hacking financial transactions — but they should be outraged.”

 

He suggested those outside the United States should be the most concerned. “How many U.S. politicians use French cloud-services? Almost none. But how many French politicians use U.S. cloud services? All of them,” he said. “Remember that 96% of the planet’s inhabitants are foreigners to the United States, so it’s wrong that the U.S. has a legal right to access foreign communications.”

 

Public concern

 

The scope of hidden U.S. surveillance programs has been brought to public light through leaks to media outlets by Snowden, who fled the United States and is now in Russia under temporary asylum. He faces espionage charges. The revelations have led many Americans, according to polls, to harbor skepticism about the NSA programs. They’ve also generated concern in Congress as well as from privacy groups and libertarians. Last month, President Barack Obama sought to allay people’s unease over the work of the intelligence agency in an interview with CNN “New Day” anchor Chris Cuomo.

 

Obama said he was confident no one at the NSA is “trying to abuse this program or listen in on people’s e-mail.” The president chalked much of the concern with domestic snooping on changes in technology. “I think there are legitimate concerns that people have that technology is moving so quick,” Obama said. “What I recognize is that we’re going to have to continue to improve the safeguards and as technology moves forward, that means that we may be able to build technologies that give people more assurance.”

 

 

New leak: NSA program taps all you do online

August 1, 2013 — Updated 1854 GMT (0254 HKT)

http://i2.cdn.turner.com/cnn/dam/assets/130731173311-lead-dnt-nsa-xkeyscore-glenn-greenwald-00010515-video-tease.jpg

You’ve never heard of XKeyscore, but it definitely knows you. The National Security Agency’s top-secret program essentially makes available everything you’ve ever done on the Internet.

 

Don’t let U.S. government read your e-mail

August 18, 2013 — Updated 1304 GMT (2104 HKT)

http://i2.cdn.turner.com/cnn/dam/assets/130816193804-obama-lies-poster-video-tease.jpg

You may have never heard of Lavabit and Silent Circle. That’s because they offered encrypted (secure) e-mail services, something most Americans have probably never thought about needing.

 

 

 

http://www.nytimes.com/interactive/2013/09/05/us/unlocking-private-communications.html?ref=us

 

logo NYT.JPG

 

Secret Documents Reveal N.S.A. Campaign Against Encryption

 

Unlocking Private Communications.JPG

 

 

 

http://www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html?ref=us

 

Documents show that the N.S.A. has been waging a war against encryption using a battery of methods that include working with industry to weaken encryption standards, making design changes to cryptographic software, and pushing international encryption standards it knows it can break. Related Article »

 

Excerpt from 2013 Intelligence Budget Request        Bullrun Briefing Sheet

 

This excerpt from the N.S.A.’s 2013 budget request outlines the ways in which the agency circumvents the encryption protection of everyday Internet communications. The Sigint Enabling Project involves industry relationships, clandestine changes to commercial software to weaken encryption, and lobbying for encryption standards it can crack.

 

The N.S.A.’s Sigint Enabling Project is a $250 million-a-year program that works with Internet companies to weaken privacy by inserting back doors into encryption products. This excerpt from a 2013 budget proposal outlines some methods the agency uses to undermine encryption used by the public.

 

The agency works with companies to insert back doors into the commercial products. These back doors allow the agency, and in theory only the agency, to gain access to scrambled information that it would not be able to view otherwise.

 

Because the N.S.A. has long been considered the world’s top authority on encryption, it has dual, sometimes competing, roles. One responsibility of the agency is to safeguard United States communications by promoting encryption standards, and the other is to break codes protecting foreign communications. Part of the Sigint Enabling Project’s goal is to influence these standards — which are often used by American companies — and weaken them.

 

The agency defines capability as “the NSA/CSS ability to exploit a specific technology,” according to a 2010 document outlining the Bullrun program. Here, the agency is claiming that it can gain access to the text and audio of an Internet chat service. It is unclear from the documents that The New York Times and ProPublica have access to which service this document refers to.

 

Large Internet companies use dedicated hardware to scramble traffic before it is sent. In 2013, the agency planned to be able to decode traffic that was encoded by one of these two encryption chips, either by working with the manufacturers of the chips to insert back doors or by exploiting a security flaw in the chips’ design.

 

NSA Campaign Against Encryption 1.JPG

 

NSA Campaign Against Encryption 2.JPG

 

NSA Campaign Against Encryption 3.JPG

 

 

 

http://www.bbc.co.uk/news/world-us-canada-23981291

 

logo BBC inverse.JPG

 

Snowden leaks: US and UK ‘crack online encryption’

 

6 September 2013

 

US and UK intelligence have reportedly cracked the encryption codes protecting the emails, banking and medical records of hundreds of millions of people.

 

Disclosures by leaker Edward Snowden allege the US National Security Agency (NSA) and the UK’s GCHQ successfully decoded key online security protocols. They suggest some internet companies provided the agencies backdoor access to their security systems. The NSA is said to spend $250m (£160m) a year on the top-secret operation. It is codenamed Bullrun, an American civil-war battle, according to the documents published by the Guardian in conjunction with the New York Times and ProPublica. The British counterpart scheme run by GCHQ is called Edgehill, after the first major engagement of the English civil war, say the documents.

 

‘Behind-the-scenes persuasion’

 

The reports say the UK and US intelligence agencies are focusing on the encryption used in 4G smartphones, email, online shopping and remote business communication networks. The encryption techniques are used by internet services such as Google, Facebook and Yahoo. Under Bullrun, it is said that the NSA has built powerful supercomputers to try to crack the technology that scrambles and encrypts personal information when internet users log on to access various services.

 

The NSA also collaborated with unnamed technology companies to build so-called back doors into their software – something that would give the government access to information before it is encrypted and sent over the internet, it is reported. As well as supercomputers, methods used include “technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications”, the New York Times reports. The US reportedly began investing billions of dollars in the operation in 2000 after its initial efforts to install a “back door” in all encryption systems were thwarted.

 

‘Gobsmacked’

 

During the next decade, it is said the NSA employed code-breaking computers and began collaborating with technology companies at home and abroad to build entry points into their products. The documents provided to the Guardian by Mr Snowden do not specify which companies participated. The NSA also hacked into computers to capture messages prior to encryption, and used broad influence to introduce weaknesses into encryption standards followed by software developers the world over, the New York Times reports. When British analysts were first told of the extent of the scheme they were “gobsmacked”, according to one memo among more than 50,000 documents shared by the Guardian.

 

NSA officials continue to defend the agency’s actions, claiming it will put the US at considerable risk if messages from terrorists and spies cannot be deciphered. But some experts argue that such efforts could actually undermine national security, noting that any back doors inserted into encryption programs can be exploited by those outside the government. It is the latest in a series of intelligence leaks by Mr Snowden, a former NSA contractor, who began providing caches of sensitive government documents to media outlets three months ago.

 

In June, the 30-year-old fled his home in Hawaii, where he worked at a small NSA installation, to Hong Kong, and subsequently to Russia after making revelations about a secret US data-gathering programme. A US federal court has since filed espionage charges against Mr Snowden and is seeking his extradition. Mr Snowden, however, remains in Russia where he has been granted temporary asylum.

 

Analysis

 

Mark Ward – Technology correspondent, BBC News

Encryption involves scrambling text to make it unreadable without the right key. Typically data encryption uses numbers hundreds of digits long as those keys. That renders data secure because it would take thousands of years to try all possible keys for a particular message. The NSA and GCHQ have apparently managed to get around this several different ways. They have used supercomputers to crank through potential keys very quickly, exploited known weaknesses in widely used web and mobile security protocols to read messages, and forced tech firms to install backdoors in software. In addition, the NSA is believed to have subverted a US federal program to create new encryption algorithms so it can more easily get at any messages or data they were supposed to protect. Critics say the NSA/GCHQ approaches are short-sighted because any backdoor could equally be used by spies and crooks and undermines the role the web plays in modern life.

 

 

http://www.latimes.com/opinion/opinion-la/la-ol-nsa-introduced-vulnerabilities-into-encryption-snowden-reveals-20130905,0,2218463.story

 

logo L A Times.png

 

Latest Snowden revelation: NSA sabotaged electronic locks

 

September 5, 2013,

 

NSA HQ Fort Meade, Md.jpg

NSA HQ – This undated photo provided by the National Security Agency shows its headquarters in Ft. Meade, Md. (May 11, 2006)

 

The latest Edward Snowden-powered exposé published by the New York Times, ProPublica and the Guardian is, to me, the most frightening. It reveals that the National Security Agency has moved beyond its historic role as a code-breaker to become a saboteur of the encryption systems. Its work has allegedly weakened the scrambling not just of terrorists’ emails but also bank transactions, medical records and communications among coworkers.

 

Here’s the money graf:

 

“The NSA hacked into target computers to snare messages before they were encrypted. And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world.” I’d be disappointed if the NSA hadn’t figured out how to do that hacking trick. But adding vulnerabilities to standard encryption techniques? That’s just making the job easier for hackers to make sense of the scrambled data they steal. The outrage is still pouring in from various advocacy groups. Here’s a succinct condemnation by the Center on Democracy and Technology, one of the more centrist of these organizations:

 

“These revelations demonstrate a fundamental attack on the way the Internet works,” senior staff technologist Joseph Lorenzo Hall wrote in a statement. “In an era in which businesses, as well as the average consumer, trust secure networks and technologies for sensitive transactions and private communications online, it’s incredibly destructive for the NSA to add flaws to such critical infrastructure. The NSA seems to be operating on the fantastically naïve assumption that any vulnerabilities it builds into core Internet technologies can only be exploited by itself and its global partners.”

 

Every form of encryption can theoretically be cracked, given enough time and processing power. But the mere use of encryption has encouraged data thieves to look elsewhere for targets, on the same principle that even weak bike locks are effective when there are unlocked bikes nearby. The easier it is to pick the electronic locks used online, the less of a deterrent they become. The NSA’s efforts appear to be the Plan B implemented after the Clinton administration failed to persuade the communications industry in the mid-1990s to usegovernment-developed encryption technologies for voice and data transmissions.

 

The decryption keys would have been held by the government, available to the NSA as necessary. But industry ultimately rejected the plan because of a fundamental vulnerability: a stolen or cracked “master key” could have unlocked every bit of scrambled data. The latest Snowden-leaked documents outline a multi-pronged assault by the NSA on the various forms of encryption used online. Its techniques included more traditional code-breaking as well as the aforementioned hacking and weakening efforts. Thursday’s stories didn’t identify the forms of encryption that the NSA undermined, saying more generally that the agency had targeted the secure version of HTTP, Secure Sockets Layer, virtual private networking technology and the encryption used on 4G smartphones.

 

In short, the implication of the mass of documents leaked thus far is that the NSA is not just monitoring seemingly every utterance on the planet, it is planting weaknesses in the security technology that protects legitimate online communications for the sake of decrypting illegitimate ones. I’m looking forward to hearing the NSA’s defenders explain why we should feel safer now.

 

 

 

http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security

 

logo Guardian.gif

 

Revealed: how US and UK spy agencies defeat internet privacy and security

 

• NSA and GCHQ unlock encryption used to protect emails, banking and medical records

• $250m-a-year US program works covertly with tech companies to insert weaknesses into products

• Security experts say programs ‘undermine the fabric of the internet’

 

by Glenn Greenwald

Guardian Weekly, 6 September 2013

Jump to comments (3922)

 

This story has been reported in partnership between the New York Times, the Guardian and ProPublica based on documents obtained by the Guardian.

For the Guardian: James Ball, Julian Borger, Glenn Greenwald

For the New York Times: Nicole Perlroth, Scott Shane

For ProPublica: Jeff Larson

 

Computer-screen-data-008.jpg

Through covert partnerships with tech companies, the spy agencies have inserted secret vulnerabilities into encryption software. Photograph: Reuters

 

US and British intelligence agencies have successfully cracked much of the online encryption relied upon by hundreds of millions of people to protect the privacy of their personal data, online transactions and emails, according to top-secret documents revealed by former contractor Edward Snowden. The files show that the National Security Agency and its UK counterpart GCHQ have broadly compromised the guarantees that internet companies have given consumers to reassure them that their communications, online banking and medical records would be indecipherable to criminals or governments.

 

The agencies, the documents reveal, have adopted a battery of methods in their systematic and ongoing assault on what they see as one of the biggest threats to their ability to access huge swathes of internet traffic – “the use of ubiquitous encryption across the internet”. Those methods include covert measures to ensure NSA control over setting of international encryption standards, the use of supercomputers to break encryption with “brute force”, and – the most closely guarded secret of all – collaboration with technology companies and internet service providers themselves. Through these covert partnerships, the agencies have inserted secret vulnerabilities – known as backdoors or trapdoors – into commercial encryption software.

 

The files, from both the NSA and GCHQ, were obtained by the Guardian, and the details are being published today in partnership with the New York Times and ProPublica. They reveal:

 

• A 10-year NSA program against encryption technologies made a breakthrough in 2010 which made “vast amounts” of data collected through internet cable taps newly “exploitable”.

 

• The NSA spends $250m a year on a program which, among other goals, works with technology companies to “covertly influence” their product designs.

 

• The secrecy of their capabilities against encryption is closely guarded, with analysts warned: “Do not ask about or speculate on sources or methods.”

 

• The NSA describes strong decryption programs as the “price of admission for the US to maintain unrestricted access to and use of cyberspace”.

 

• A GCHQ team has been working to develop ways into encrypted traffic on the “big four” service providers, named as Hotmail, Google, Yahoo and Facebook.

 

NSA-diagram-001.jpg

NSA diagram – This network diagram, from a GCHQ pilot program, shows how the agency proposed a system to identify encrypted traffic from its internet cable-tapping programs and decrypt what it could in near-real time. Photograph: Guardian

 

The agencies insist that the ability to defeat encryption is vital to their core missions of counter-terrorism and foreign intelligence gathering. But security experts accused them of attacking the internet itself and the privacy of all users. “Cryptography forms the basis for trust online,” said Bruce Schneier, an encryption specialist and fellow at Harvard’s Berkman Center for Internet and Society. “By deliberately undermining online security in a short-sighted effort to eavesdrop, the NSA is undermining the very fabric of the internet.” Classified briefings between the agencies celebrate their success at “defeating network security and privacy”.

 

“For the past decade, NSA has lead [sic] an aggressive, multi-pronged effort to break widely used internet encryption technologies,” stated a 2010 GCHQ document. “Vast amounts of encrypted internet data which have up till now been discarded are now exploitable.” An internal agency memo noted that among British analysts shown a presentation on the NSA’s progress: “Those not already briefed were gobsmacked!”

 

The breakthrough, which was not described in detail in the documents, meant the intelligence agencies were able to monitor “large amounts” of data flowing through the world’s fibre-optic cables and break its encryption, despite assurances from internet company executives that this data was beyond the reach of government. The key component of the NSA’s battle against encryption, its collaboration with technology companies, is detailed in the US intelligence community’s top-secret 2013 budget request under the heading “Sigint [signals intelligence] enabling”.

 

NSA-Bullrun-1-001.jpg

NSA Bullrun 1 – Classified briefings between the NSA and GCHQ celebrate their success at ‘defeating network security and privacy’. Photograph: Guardian

 

Funding for the program – $254.9m for this year – dwarfs that of the Prism program, which operates at a cost of $20m a year, according to previous NSA documents. Since 2011, the total spending on Sigint enabling has topped $800m. The program “actively engages US and foreign IT industries to covertly influence and/or overtly leverage their commercial products’ designs”, the document states. None of the companies involved in such partnerships are named; these details are guarded by still higher levels of classification. Among other things, the program is designed to “insert vulnerabilities into commercial encryption systems”. These would be known to the NSA, but to no one else, including ordinary customers, who are tellingly referred to in the document as “adversaries”.

 

“These design changes make the systems in question exploitable through Sigint collection … with foreknowledge of the modification. To the consumer and other adversaries, however, the systems’ security remains intact.” The document sets out in clear terms the program’s broad aims, including making commercial encryption software “more tractable” to NSA attacks by “shaping” the worldwide marketplace and continuing efforts to break into the encryption used by the next generation of 4G phones. Among the specific accomplishments for 2013, the NSA expects the program to obtain access to “data flowing through a hub for a major communications provider” and to a “major internet peer-to-peer voice and text communications system”.

 

Technology companies maintain that they work with the intelligence agencies only when legally compelled to do so. The Guardian has previously reported that Microsoft co-operated with the NSA to circumvent encryption on the Outlook.com email and chat services. The company insisted that it was obliged to comply with “existing or future lawful demands” when designing its products. The documents show that the agency has already achieved another of the goals laid out in the budget request: to influence the international standards upon which encryption systems rely.

 

Independent security experts have long suspected that the NSA has been introducing weaknesses into security standards, a fact confirmed for the first time by another secret document. It shows the agency worked covertly to get its own version of a draft security standard issued by the US National Institute of Standards and Technology approved for worldwide use in 2006. “Eventually, NSA became the sole editor,” the document states. The NSA’s codeword for its decryption program, Bullrun, is taken from a major battle of the American civil war. Its British counterpart, Edgehill, is named after the first major engagement of the English civil war, more than 200 years earlier. A classification guide for NSA employees and contractors on Bullrun outlines in broad terms its goals.

 

“Project Bullrun deals with NSA’s abilities to defeat the encryption used in specific network communication technologies. Bullrun involves multiple sources, all of which are extremely sensitive.” The document reveals that the agency has capabilities against widely used online protocols, such as HTTPS, voice-over-IP and Secure Sockets Layer (SSL), used to protect online shopping and banking. The document also shows that the NSA’s Commercial Solutions Center, ostensibly the body through which technology companies can have their security products assessed and presented to prospective government buyers, has another, more clandestine role.

 

It is used by the NSA to “to leverage sensitive, co-operative relationships with specific industry partners” to insert vulnerabilities into security products. Operatives were warned that this information must be kept top secret “at a minimum”. A more general NSA classification guide reveals more detail on the agency’s deep partnerships with industry, and its ability to modify products. It cautions analysts that two facts must remain top secret: that NSA makes modifications to commercial encryption software and devices “to make them exploitable”, and that NSA “obtains cryptographic details of commercial cryptographic information security systems through industry relationships”.

 

The agencies have not yet cracked all encryption technologies, however, the documents suggest. Snowden appeared to confirm this during a live Q&A with Guardian readers in June. “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on,” he said before warning that NSA can frequently find ways around it as a result of weak security on the computers at either end of the communication. The documents are scattered with warnings over the importance of maintaining absolute secrecy around decryption capabilities.

 

NSA-Bullrun-2-001.jpg

NSA Bullrun 2 – A slide showing that the secrecy of the agencies’ capabilities against encryption is closely guarded. Photograph: Guardian

 

Strict guidelines were laid down at the GCHQ complex in Cheltenham, Gloucestershire, on how to discuss projects relating to decryption. Analysts were instructed: “Do not ask about or speculate on sources or methods underpinning Bullrun.” This informaton was so closely guarded, according to one document, that even those with access to aspects of the program were warned: “There will be no ‘need to know’.” The agencies were supposed to be “selective in which contractors are given exposure to this information”, but it was ultimately seen by Snowden, one of 850,000 people in the US with top-secret clearance.A 2009 GCHQ document spells out the significant potential consequences of any leaks, including “damage to industry relationships”.

 

“Loss of confidence in our ability to adhere to confidentiality agreements would lead to loss of access to proprietary information that can save time when developing new capability,” intelligence workers were told. Somewhat less important to GCHQ was the public’s trust which was marked as a moderate risk, the document stated. “Some exploitable products are used by the general public; some exploitable weaknesses are well known eg possibility of recovering poorly chosen passwords,” it said. “Knowledge that GCHQ exploits these products and the scale of our capability would raise public awareness generating unwelcome publicity for us and our political masters.”

 

The decryption effort is particularly important to GCHQ. Its strategic advantage from its Tempora program – direct taps on transatlantic fibre-optic cables of major telecommunications corporations – was in danger of eroding as more and more big internet companies encrypted their traffic, responding to customer demands for guaranteed privacy. Without attention, the 2010 GCHQ document warned, the UK’s “Sigint utility will degrade as information flows changes, new applications are developed (and deployed) at pace and widespread encryption becomes more commonplace.” Documents show that Edgehill’s initial aim was to decode the encrypted traffic certified by three major (unnamed) internet companies and 30 types of Virtual Private Network (VPN) – used by businesses to provide secure remote access to their systems.

 

By 2015, GCHQ hoped to have cracked the codes used by 15 major internet companies, and 300 VPNs. Another program, codenamed Cheesy Name, was aimed at singling out encryption keys, known as ‘certificates’, that might be vulnerable to being cracked by GCHQ supercomputers. Analysts on the Edgehill project were working on ways into the networks of major webmail providers as part of the decryption project. A quarterly update from 2012 notes the project’s team “continue to work on understanding” the big four communication providers, named in the document as Hotmail, Google, Yahoo and Facebook, adding “work has predominantly been focused this quarter on Google due to new access opportunities being developed”.

 

To help secure an insider advantage, GCHQ also established a Humint Operations Team (HOT). Humint, short for “human intelligence” refers to information gleaned directly from sources or undercover agents. This GCHQ team was, according to an internal document, “responsible for identifying, recruiting and running covert agents in the global telecommunications industry.” “This enables GCHQ to tackle some of its most challenging targets,” the report said. The efforts made by the NSA and GCHQ against encryption technologies may have negative consequences for all internet users, experts warn.

 

“Backdoors are fundamentally in conflict with good security,” said Christopher Soghoian, principal technologist and senior policy analyst at the American Civil Liberties Union. “Backdoors expose all users of a backdoored system, not just intelligence agency targets, to heightened risk of data compromise.” This is because the insertion of backdoors in a software product, particularly those that can be used to obtain unencrypted user communications or data, significantly increases the difficulty of designing a secure product.” This was a view echoed in a recent paper by Stephanie Pell, a former prosecutor at the US Department of Justice and non-resident fellow at the Center for Internet and Security at Stanford Law School.

 

“[An] encrypted communications system with a lawful interception back door is far more likely to result in the catastrophic loss of communications confidentiality than a system that never has access to the unencrypted communications of its users,” she states. Intelligence officials asked the Guardian, New York Times and ProPublica not to publish this article, saying that it might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read. The three organisations removed some specific facts but decided to publish the story because of the value of a public debate about government actions that weaken the most powerful tools for protecting the privacy of internet users in the US and worldwide.

 

 

 

http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?hp&_r=0

 

logo New York Times.gif

 

N.S.A. Able to Foil Basic Safeguards of Privacy on Web

 

September 5, 2013

1466 Comments Readers shared their thoughts on this article

 

The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.

 

The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show. Many users assume — or have been assured by Internet companies — that their data is safe from prying eyes, including those of the government, and the N.S.A. wants to keep it that way. The agency treats its recent successes in deciphering protected information as among its most closely guarded secrets, restricted to those cleared for a highly classified program code-named Bullrun, according to the documents, provided by Edward J. Snowden, the former N.S.A. contractor.

 

Beginning in 2000, as encryption tools were gradually blanketing the Web, the N.S.A. invested billions of dollars in a clandestine campaign to preserve its ability to eavesdrop. Having lost a public battle in the 1990s to insert its own “back door” in all encryption, it set out to accomplish the same goal by stealth. The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated.

 

The N.S.A. hacked into target computers to snare messages before they were encrypted. In some cases, companies say they were coerced by the government into handing over their master encryption keys or building in a back door. And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world. “For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies,” said a 2010 memo describing a briefing about N.S.A. accomplishments for employees of its British counterpart, Government Communications Headquarters, or GCHQ. “Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”

 

When the British analysts, who often work side by side with N.S.A. officers, were first told about the program, another memo said, “those not already briefed were gobsmacked!” An intelligence budget document makes clear that the effort is still going strong. “We are investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit Internet traffic,” the director of national intelligence, James R. Clapper Jr., wrote in his budget request for the current year. In recent months, the documents disclosed by Mr. Snowden have described the N.S.A.’s reach in scooping up vast amounts of communications around the world. The encryption documents now show, in striking detail, how the agency works to ensure that it is actually able to read the information it collects.

 

The agency’s success in defeating many of the privacy protections offered by encryption does not change the rules that prohibit the deliberate targeting of Americans’ e-mails or phone calls without a warrant. But it shows that the agency, which was sharply rebuked by a federal judge in 2011 for violating the rules and misleading the Foreign Intelligence Surveillance Court, cannot necessarily be restrained by privacy technology. N.S.A. rules permit the agency to store any encrypted communication, domestic or foreign, for as long as the agency is trying to decrypt it or analyze its technical features. The N.S.A., which has specialized in code-breaking since its creation in 1952, sees that task as essential to its mission. If it cannot decipher the messages of terrorists, foreign spies and other adversaries, the United States will be at serious risk, agency officials say.

 

Just in recent weeks, the Obama administration has called on the intelligence agencies for details of communications by leaders of Al Qaeda about a terrorist plot and of Syrian officials’ messages about the chemical weapons attack outside Damascus. If such communications can be hidden by unbreakable encryption, N.S.A. officials say, the agency cannot do its work. But some experts say the N.S.A.’s campaign to bypass and weaken communications security may have serious unintended consequences. They say the agency is working at cross-purposes with its other major mission, apart from eavesdropping: ensuring the security of American communications.

 

Some of the agency’s most intensive efforts have focused on the encryption in universal use in the United States, including Secure Sockets Layer, or SSLvirtual private networksor VPNs; and the protection used on fourth-generation, or 4G, smartphones. Many Americans, often without realizing it, rely on such protection every time they send an e-mail, buy something online, consult with colleagues via their company’s computer network, or use a phone or a tablet on a 4G network.

 

For at least three years, one document says, GCHQ, almost certainly in collaboration with the N.S.A., has been looking for ways into protected traffic of popular Internet companies: Google, Yahoo, Facebook and Microsoft’s Hotmail. By 2012, GCHQ had developed “new access opportunities” into Google’s systems, according to the document. (Google denied giving any government access and said it had no evidence its systems had been breached). “The risk is that when you build a back door into systems, you’re not the only one to exploit it,” said Matthew D. Green, a cryptography researcher at Johns Hopkins University. “Those back doors could work against U.S. communications, too.”

 

Paul Kocher, a leading cryptographer who helped design the SSL protocol, recalled how the N.S.A. lost the heated national debate in the 1990s about inserting into all encryption a government back door called the Clipper Chip. “And they went and did it anyway, without telling anyone,” Mr. Kocher said. He said he understood the agency’s mission but was concerned about the danger of allowing it unbridled access to private information. “The intelligence community has worried about ‘going dark’ forever, but today they are conducting instant, total invasion of privacy with limited effort,” he said. “This is the golden age of spying.”

 

A Vital Capability

 

The documents are among more than 50,000 shared by The Guardian with The New York Times and ProPublica, the nonprofit news organization. They focus on GCHQ but include thousands from or about the N.S.A. Intelligence officials asked The Times and ProPublica not to publish this article, saying it might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read. The news organizations removed some specific facts but decided to publish the article because of the value of a public debate about government actions that weaken the most powerful privacy tools. The files show that the agency is still stymied by some encryption, as Mr. Snowden suggested in a question-and-answer session on The Guardian’s Web site in June.

 

“Properly implemented strong crypto systems are one of the few things that you can rely on,” he said, though cautioning that the N.S.A. often bypasses the encryption altogether by targeting the computers at one end or the other and grabbing text before it is encrypted or after it is decrypted. The documents make clear that the N.S.A. considers its ability to decrypt information a vital capability, one in which it competes with China, Russia and other intelligence powers. “In the future, superpowers will be made or broken based on the strength of their cryptanalytic programs,” a 2007 document said. “It is the price of admission for the U.S. to maintain unrestricted access to and use of cyberspace.”

 

The full extent of the N.S.A.’s decoding capabilities is known only to a limited group of top analysts from the so-called Five Eyes: the N.S.A. and its counterparts in Britain, Canada, Australia and New Zealand. Only they are cleared for the Bullrun program, the successor to one called Manassas — both names of an American Civil War battle. A parallel GCHQ counter-encryption program is called Edgehill, named for the first battle of the English Civil War of the 17th century. Unlike some classified information that can be parceled out on a strict “need to know” basis, one document makes clear that with Bullrun, “there will be NO ‘need to know.’ ” Only a small cadre of trusted contractors were allowed to join Bullrun. It does not appear that Mr. Snowden was among them, but he nonetheless managed to obtain dozens of classified documents referring to the program’s capabilities, methods and sources.

 

Ties to Internet Companies

 

When the N.S.A. was founded, encryption was an obscure technology used mainly by diplomats and military officers. Over the last 20 years, it has become ubiquitous. Even novices can tell that their exchanges are being automatically encrypted when a tiny padlock appears next to a Web address. Because strong encryption can be so effective, classified N.S.A. documents make clear, the agency’s success depends on working with Internet companies — by getting their voluntary collaboration, forcing their cooperation with court orders or surreptitiously stealing their encryption keys or altering their software or hardware.

 

According to an intelligence budget document leaked by Mr. Snowden, the N.S.A. spends more than $250 million a year on its Sigint Enabling Project, which “actively engages the U.S. and foreign IT industries to covertly influence and/or overtly leverage their commercial products’ designs” to make them “exploitable.” Sigint is the acronym for signals intelligence, the technical term for electronic eavesdropping. By this year, the Sigint Enabling Project had found ways inside some of the encryption chips that scramble information for businesses and governments, either by working with chipmakers to insert back doors or by exploiting security flaws, according to the documents.

 

The agency also expected to gain full unencrypted access to an unnamed major Internet phone call and text service; to a Middle Eastern Internet service; and to the communications of three foreign governments. In one case, after the government learned that a foreign intelligence target had ordered new computer hardware, the American manufacturer agreed to insert a back door into the product before it was shipped, someone familiar with the request told The Times. The 2013 N.S.A. budget request highlights “partnerships with major telecommunications carriers to shape the global network to benefit other collection accesses” — that is, to allow more eavesdropping.

 

At Microsoft, as The Guardian has reported, the N.S.A. worked with company officials to get pre-encryption access to Microsoft’s most popular services, including MS Outlook e-mailSkype Internet phone calls and chats, and SkyDrive, the company’s cloud storageservice. Microsoft asserted that it had merely complied with “lawful demands” of the government, and in some cases, the collaboration was clearly coerced. Some companies have been asked to hand the government the encryption keys to all customer communications, according to people familiar with the government’s requests. N.S.A. documents show that the agency maintains an internal database of encryption keys for specific commercial products, called a Key Provisioning Service, which can automatically decode many messages. If the necessary key is not in the collection, a request goes to the separate Key Recovery Service, which tries to obtain it.

 

How keys are acquired is shrouded in secrecy, but independent cryptographers say many are probably collected by hacking into companies’ computer servers, where they are stored. To keep such methods secret, the N.S.A. shares decrypted messages with other agencies only if the keys could have been acquired through legal means. “Approval to release to non-Sigint agencies,” a GCHQ document says, “will depend on there being a proven non-Sigint method of acquiring keys.” Simultaneously, the N.S.A. has been deliberately weakening the international encryption standards adopted by developers.

 

One goal in the agency’s 2013 budget request was to “influence policies, standards and specifications for commercial public key technologies,” the most common encryption method.  Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of Standards and Technology and later by the International Organization for Standardization, which has 163 countries as members. Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency. The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort “a challenge in finesse.”

 

“Eventually, N.S.A. became the sole editor,” the memo says. Even agency programs ostensibly intended to guard American communications are sometimes used to weaken protections. The N.S.A.’s Commercial Solutions Center, for instance, invites the makers of encryption technologies to present their products to the agency with the goal of improving American cybersecurity. But a top-secret N.S.A. document suggests that the agency’s hacking division uses that same program to develop and “leverage sensitive, cooperative relationships with specific industry partners” to insert vulnerabilities into Internet security products.

 

By introducing such back doors, the N.S.A. has surreptitiously accomplished what it had failed to do in the open. Two decades ago, officials grew concerned about the spread of strong encryption software like Pretty Good Privacy, designed by a programmer named Phil Zimmermann. The Clinton administration fought back by proposing the Clipper Chip, which would have effectively neutered digital encryption by ensuring that the N.S.A. always had the key. That proposal met a backlash from an unlikely coalition that included political opposites like Senator John Ashcroft, the Missouri Republican, and Senator John Kerry, the Massachusetts Democrat, as well as the televangelist Pat Robertson, Silicon Valley executives and the American Civil Liberties Union. All argued that the Clipper would kill not only the Fourth Amendment, but also America’s global technology edge.

 

By 1996, the White House backed down. But soon the N.S.A. began trying to anticipate and thwart encryption tools before they became mainstream. Each novel encryption effort generated anxiety. When Mr. Zimmermann introduced the Zfone, an encrypted phone technology, N.S.A. analysts circulated the announcement in an e-mail titled “This can’t be good.”

But by 2006, an N.S.A. document notes, the agency had broken into communications for three foreign airlines, one travel reservation system, one foreign government’s nuclear department and another’s Internet service by cracking the virtual private networks that protected them. By 2010, the Edgehill program, the British counter-encryption effort, was unscrambling VPN traffic for 30 targets and had set a goal of an additional 300.

 

But the agencies’ goal was to move away from decrypting targets’ tools one by one and instead decode, in real time, all of the information flying over the world’s fiber optic cables and through its Internet hubs, only afterward searching the decrypted material for valuable intelligence. A 2010 document calls for “a new approach for opportunistic decryption, rather than targeted.” By that year, a Bullrun briefing document claims that the agency had developed “groundbreaking capabilities” against encrypted Web chats and phone calls. Its successes against Secure Sockets Layer and virtual private networks were gaining momentum.

 

But the agency was concerned that it could lose the advantage it had worked so long to gain, if the mere “fact of” decryption became widely known. “These capabilities are among the Sigint community’s most fragile, and the inadvertent disclosure of the simple ‘fact of’ could alert the adversary and result in immediate loss of the capability,” a GCHQ document warned. Since Mr. Snowden’s disclosures ignited criticism of overreach and privacy infringements by the N.S.A., American technology companies have faced scrutiny from customers and the public over what some see as too cozy a relationship with the government. In response, some companies have begun to push back against what they describe as government bullying.

 

Google, Yahoo, Microsoft and Facebook have pressed for permission to reveal more about the government’s requests for cooperation. One e-mail encryption company, Lavabit, closed rather than comply with the agency’s demands for customer information; another, Silent Circle, ended its e-mail service rather than face such demands. In effect, facing the N.S.A.’s relentless advance, the companies surrendered. Ladar Levison, the founder of Lavabit, wrote a public letter to his disappointed customers, offering an ominous warning. “Without Congressional action or a strong judicial precedent,” he wrote, “I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.”

 

This article has been reported in partnership among The New York Times, The Guardian and ProPublica based on documents obtained by The Guardian. For The Guardian: James Ball, Julian Borger, Glenn Greenwald. For The New York Times: Nicole Perlroth, Scott Shane. For ProPublica: Jeff Larson.

 

 

More:

 

Revealed: how US and UK spy agencies defeat internet privacy and security

 

Obama assembles fragile alliance blaming Assad for chemical attacks

 

NSA surveillance: A guide to staying secure

 

NSA decryption revelations ‘provide roadmap’ to adversaries, US warns

 

  

 


 

 

— 


“How can they (Americans) have the arrogance to dictate to us where we should go or which countries should be our friends? Gadhafi is my friend. He supported us when we were alone and when those who tried to prevent my visit here (Libya) today were our enemies. They have no morals. We cannot accept that a state assumes the role of the world’s policeman.” 
– Nelson Mandela, 1997 (while on a State visit to Libya)

“Never before in modern history has a country dominated the earth so totally as the United States does today. […] The Americans are acting, in the absence of limits put to them by anybody or anything, as if they own a blank check in their ‘McWorld.’ Strengthened by the end of communism and an economic boom, Washington seems to have abandoned its self-doubts from the Vietnam trauma. America is now the Schwarzenegger of international politics: showing off muscles, obtrusive, intimidating.”
– Der Spiegel, Germany’s leading news magazine, 1997

, , , , , , , ,

No Comments