US State Dept Official Position on Torture

USA and Torture: A History of Hypocrisy

DECEMBER 9, 2014

•  EMAIL

RELATED MATERIALS: 

• Kenneth Roth on Bush Era Torture and CIA Denials
  DECEMBER 9, 2014 
  Press release

After the September 11, 2001 attacks on the United States, the US government authorized the use of so-called “enhanced interrogation techniques” on terrorism suspects in US custody. For years US officials, pointing to Department of Justice memorandums authorizing these techniques, denied that they constituted torture. But many clearly do: International bodies and US courts have repeatedly found that “waterboarding” and other forms of mock execution by asphyxiation constitute torture and are war crimes,[1] Other authorized techniques, including stress positions, hooding during questioning, deprivation of light and auditory stimuli, and use of detainees’ individual phobias (such as fear of dogs) to induce stress, violate the protections afforded all persons in custody – whether combatants or civilians – under the laws of armed conflict and international human rights law, and can amount to torture or "cruel, inhuman, or degrading treatment."[2] Accordingly, the United Nations Committee against Torture and the UN Special Rapporteur on Torture have clearly stated that these techniques are torture.[3]

US President Barack Obama has acknowledged that the US used torture as part of the CIA’s post 9/11 interrogation program, and has said that waterboarding constitutes torture.[4] However, many current and former US officials still argue that the “enhanced interrogation techniques” were not torture.[5]The recent release of the summary of the Senate Intelligence Committee’s report on the CIA’s detention and interrogation program has heightened debate around this issue.

The claims of those who argue these techniques did not constitute torture are contradicted by past US statements criticizing other countries for using those same techniques. Below are some examples of such statements, drawn from the US Department of State’s annual Human Rights Reports.

Technique	Criticized by United States	Some Examples Used by United States
Waterboarding	The State Department’s 2003-2007 Human Rights Reports on Sri Lanka classified “near-drowning” as among “methods of torture.” In the reports on Tunisia from 1996 to 2004, “submersion of the head in water” is classified as “torture.”[6]	The United States government has officiallyacknowledged waterboarding only three detainees: Khalid Sheikh Mohammed, Abu Zubaydah, and Abd al-Rahim al-Nashiri. Mohammed was waterboarded 183 times, Zubaydah 83 times, and al-Nashiri twice.[7] In Human Rights Watch’s 2012 reportDelivered into Enemy Hands, detainee Mohammed Shoroeiya described being repeatedly waterboarded during interrogations in Afghanistan. Another detainee cited in the same report, Sharif, said he was subjected to a similar method of water suffocation where he was made to lie down in a plastic sheet filled with icy water while wearing a hood as jugs of freezing water were poured over his nose and mouth. Their accounts contradict statements about the practice from senior US officials, such as former CIA Director Michael Hayden, whotestified to the Senate that the CIA waterboarded only three individuals. Human Rights Watch’s 2011 report Getting Away with Torture details the numerous times US courts found that waterboarding, or variations of it, constitutes torture and is a war crime. Examples include a congressional inquiry of the early 1900s US occupation of the Philippines that led to the court martialing of several US soldiers, and several US military commissions in the World War II Pacific Theater which found that variants of waterboarding constituted torture.
Stress Positions, Forced Standing, Forced Nudity	The State Department’s 2006 Human Rights Report on Jordan deemed subjecting detainees to “forced standing in painful positions for prolonged periods” as torture.[8]In its 2000, 2001 and 2002 reports on Iran, “suspension for long periods in contorted positions” is described as torture.[9] In the 2002 report on Sri Lanka, “suspension by the wrists or feet in contorted positions” and remaining in “unnatural positions for extended periods” are described as “methods of torture.”[10] In the 2005 report on North Korea, “being forced to kneel or sit immobilized for long periods, being hung by one's wrists, being forced to stand up and sit down to the point of collapse” is classified as a method of torture. The 2005 Egypt reports cited the stripping and blindfolding of prisoners among the “principal methods of torture.”[11]	According to a report by the International Committee of the Red Cross, some detainees in US custody were subjected to “[p]rolonged stress standing position, naked, held with the arms extended and chained above the head … for periods from two or three days continuously, and for up to two or three months intermittently, during which period toilet access was sometimes denied resulting in allegations from four detainees that they had to defecate and urinate over themselves.” Many of the detainees also described being subjected to extended periods of nudity, ranging from several weeks to several months. In Human Rights Watch’s Delivered into Enemy Hands, five former detainees in CIA custody described being chained to walls naked – sometimes while diapered – in pitch black, windowless cells, for weeks or months; restrained in painful stress positions for long periods; and forced into cramped spaces. As Human Rights Watch detailed in Getting Away with Torture, stress positions were among a number of interrogation and detention techniques authorized for use by the Bush administration.
Threats of Harm to Person, Family	In the 2006 report on Turkey,“threats to detainees or family members,” and “mock executions” are classified as torture. In the 2006 report on Jordan, “threats of extreme violence or sexual or physical abuse of family members” are deemed as torture. In the 2002 report on Iraq, “threats to rape or otherwise harm family members and relatives” is considered torture.	According to a 2009 CIA Inspector General’sreport, during interrogations a CIA debriefer put an unloaded semi-automatic handgun to detainee Abd al-Rahim al-Nashiri’s head, and also turned a power drill on and off to frighten him while he was naked and hooded. Interrogators also made threats against Nashiri’s family, telling him, “We can get your mother in here,” and, “We can get your family in here.” In the ICRC report Nashiri also alleges that interrogators threatened to sodomize him and rape his family. The CIA report also states that interrogators told Khalid Sheikh Mohammed: “We're going to kill your children.”
Sleep Deprivation, Use of Loud Music	In the 2005 and 2006 reports on Indonesia, Iran, Jordan, Libya, Saudi Arabia and Turkey, sleep deprivation was classified as torture.[12] In the 2002 State Department report on Pakistan, denial of sleep is described as a “common torture method.”[13] The 2002 report on Turkey lists “loud music” as a “torture method.”	In Human Rights Watch’s Delivered into Enemy Hands , detainees Mohammed Ahmed Mohammed al-Shoroeiya and Khalid al-Sharif stated that they were denied sleep by continuous, deafeningly loud Western music played from speakers right next to their ears. The ICRC report details various methods used against detainees for sleep deprivation, from the continuous blaring of loud music or hissing noises to long interrogations and stress positions.[14] Abu Zubaydah, also known to have been held by the CIA, claimed that sometimes as he was falling asleep guards would splash water in his face to keep him awake.[15]
Prolonged Solitary Confinement, Confinement in Small Space	In the 2005 and 2006 reports on Jordan, “extended solitary confinement” is classified as “torture.”[16] The 2002 report on Iraq described “extended solitary confinement in dark and extremely small compartments” as torture. In the 2005 report on North Korea, “being forced to kneel or sit immobilized for long periods, being hung by one's wrists, being forced to stand up and sit down to the point of collapse” is classified as a method of torture. In the 2002 report on China, “prolonged periods of solitary confinement” and “incommunicado detention” are listed as torture.	The ICRC report describes how detainees were kept in prolonged solitary confinement and incommunicado detention (with no access to family or attorneys) for periods ranging from 16 months to as long as four-and-a-half years. In Delivered into Enemy Hands , detainees describe being held in very small cells for prolonged periods of solitary confinement and incommunicado detention through much of their imprisonment. Getting Away with Torture describes the CIA’s secret detention program as entailing “prolonged incommunicado detention.”

 

---

[1] Human Rights Watch, Getting Away with Torture, July 12, 2011, http://www.hrw.org/sites/default/files/reports/us0711webwcover_1.pdf, p. 55.

[2] Ibid.

[3] Ibid., p. 58.

[4] “Obama: ‘We Tortured Some Folks’ after 9/11,” CBS News, August 1, 2014,http://www.cbsnews.com/news/obama-we-tortured-some-folks-after-911/ (accessed December 5, 2014).

[5] Jose Rodriguez, former chief of the Central Intelligence Agency’s clandestine operations, recently said of the CIA’s enhanced interrogation program for example, that “it worked because it was not torture (“Watching ‘Zero Dark Thirty’ with the CIA: Separating Fact from Fiction,” Moderated Discussion at American Enterprise Institute Transcript, January 29, 2013, http://www.aei.org/wp-content/uploads/2013/01/-event-transcript_111915959376.pdf

(accessed December 5, 2014); Senate Intelligence Committee Vice-Chairman Saxby Chambliss has disputed the use of the term “torture” to describe the CIA’s enhanced interrogation program and said that waterboarding is “not torture, (Sandy Fitzgerald, “Saxby Chambliss: Senate Probe of CIA Interrogations “a Mistake,’” Newsmax August 3, 2014,http://www.newsmax.com/Newsfront/Chambliss-hacking-probe-CIA/2014/08/03/id/586557/(accessed December 5, 2014); Former US President George W. Bush has also said that “enhanced interrogation techniques” authorized by the Justice Department were legal and that waterboarding is not torture (see “Waterboarding is Torture, Downing Street Confirms,” The Guardian, November 9, 2010, http://www.theguardian.com/world/2010/nov/09/george-bush-memoirs-waterboarding(accessed December 5, 2014).  

[6] The Constitution Project, “The Report of The Constitution Project’s Task Force on Detainee Treatment,” 2013, http://detaineetaskforce.org/pdf/Full-Report.pdf (accessed December 2, 2014), p. 359; U.S. Department of State, Human Rights Report, 1996 - 2007, available athttp://www.state.gov/g/drl/rls/hrrpt/ (accessed December 2, 2014).

[7] Testimony of Michael Hayden in front of the Senate Select Committee on Intelligence, February 5, 2008, http://www.intelligence.senate.gov/pdfs/110824.pdf, p. 71-72. CIA Office of the Inspector General, “Special Review: Counterterrorism Detention and Interrogation Activities (September 2001 – October 2003),” May 7, 2004, declassified in August 2009,http://graphics8.nytimes.com/packages/pdf/politics/20090825-DETAIN/2004CIAIG.pdf (accessed July 2, 2012), (“CIA OIG report”), p. 90-91.

[8] The Constitution Project, “The Report of The Constitution Project’s Task Force on Detainee Treatment,” p. 359; U.S. Department of State, Human Rights Report, “Jordan,” 2006,http://www.state.gov/j/drl/rls/hrrpt/2006/78855.htm (accessed December 2, 2014).

[9] The Constitution Project, “The Report of The Constitution Project’s Task Force on Detainee Treatment,” p. 359; U.S. Department of State, Human Rights Report, “Iran,” 2000-2002, available at http://www.state.gov/j/drl/rls/hrrpt/2006/78855.htm (accessed December 2, 2014).

[10] The Constitution Project, “The Report of The Constitution Project’s Task Force on Detainee Treatment,” p. 359; U.S. Department of State, Human Rights Report, “Sri Lanka,” 2002, http://www.state.gov/j/drl/rls/hrrpt/2002/18315.htm (accessed December 2, 2014).

[11] Human Rights Watch, “Descriptions of Techniques Allegedly Authorized by the CIA,” November 21, 2005, http://www.hrw.org/legacy/english/docs/2005/11/21/usdom12071_txt.htm; US Department of State, Human Rights Report, “Egypt,” 2005, http://www.state.gov/j/drl/rls/hrrpt/2005/61612.htm (accessed December 2, 2014).

[12] The Constitution Project, “The Report of The Constitution Project’s Task Force on Detainee Treatment,” p. 360; U.S. Department of State, Human Rights Report, 2005-2006, available at http://www.state.gov/g/drl/rls/hrrpt/ (accessed December 2, 2014).

[13] Human Rights Watch, “Descriptions of Techniques Allegedly Authorized by the CIA”; U.S. Department of State, Human Rights Report, “Pakistan,” 2002, http://www.state.gov/j/drl/rls/hrrpt/2002/18314.htm (accessed December 2, 2014).

[14] ICRC, Regional Delegation for United States and Canada, “ICRC Report on the Treatment of Fourteen “High Value Detainees” in CIA Custody,” p. 9, 29.

[15] Ibid., p. 15.

[16] The Constitution Project, “The Report of The Constitution Project’s Task Force on Detainee Treatment,” p. 360; U.S. Department of State, Human Rights Report, “Jordan,” 2005-2006, available at http://www.state.gov/j/drl/rls/hrrpt/ (accessed December 2, 2014).

TORTURE Report Coming, Promise....

by DAN FROOMKIN - The Intercept

The Senate Intelligence Committee’s torture report will be released “in a matter of days,” a committee staffer tells The Intercept. The report, a review of brutal CIA interrogation methods during the presidency of George W. Bush, has been the subject of a contentious back-and-forth, with U.S. intelligence agencies and the White House on one side pushing for mass redactions in the name of national security and committee staffers on the other arguing that the proposed redactions render the report unintelligible.

Should something emerge, here are some important caveats to keep in mind:

1) You’re not actually reading the torture report. You’re just reading an executive summary. The full Senate Select Committee on Intelligence report on the CIA’s interrogation and detention program runs upward of 6,000 pages. The executive summary is 480 pages. So you’re missing more than 80 percent of it.

2) The CIA got to cut out parts. The summary has been redacted – ostensibly by the White House, but in practice by officials of the CIA, which, lest we forget, is the agency that is being investigated, that spied on and tried to intimidate the people conducting the investigation, and whose director has engaged in serial deception about the investigation. The original redactions proposed by the White House included eliminating even the use of pseudonyms to let readers keep track of major recurring characters, and appeared intended to make the summary unintelligible.

3) Senate Democrats had their backs to the wall. Senate Intelligence Committee chair Dianne Feinstein faced enormous pressure to get the summary out in some form, before the incoming Republican Senate majority could do the White House a solid and squelch it completely.

4) The investigation was extremely narrow in its focus. Committee staffers only looked at what the CIA did in its black sites; whether it misled other officials; and whether it complied with orders. That is somewhat like investigating whether a hit man did the job efficiently and cleaned up nicely.

5) The investigation didn’t examine who gave the CIA its orders, or why. The summary doesn’t assess who told the CIA to torture – despite the abundant evidence that former vice president Dick Cheney and his cabal architected, choreographed and defended its use, with former president George W. Bush’s knowing or unknowing support.

6) Torture was hardly limited to the CIA. In fact, the worst of it was done by the military. Want to read a quality investigation of the U.S. torture of detainees? Go read this 2008 report from the Senate Armed Services Committee. That committee’s inquiry didn’t just expose the horrific, routinized abuse of detainees at Guantanamo, Abu Ghraib and elsewhere, it also laid out a clear line of responsibility starting with Bush and exposed his administration’s repeated explanation for what happened as a pack of lies. For some reason, it never got anywhere near the attention it deserved.

7) Senate investigators conducted no interviews of torture victims. As the Guardian reportedin late November: “Lawyers for four of the highest-value detainees ever held by the CIA, all of whom have made credible allegations of torture and all of whom remain in US government custody, say the Senate committee never spoke with their clients.”

8) Senate investigators conducted no interviews of CIA officials. As the Washington Times reported in August, committee staffers never spoke to either the senior managers of the torture program or the directors who oversaw it.

9) In fact, Senate investigators conducted no interviews at all. “We did not conduct interviews, but did make significant use of transcripts of interviews done by the CIA IG [Inspector General] and others during the program,” a Senate Intelligence Committee staffer emailed me recently. “That, together with the literally millions of pages of contemporaneous documents, emails, chat sessions, etc. make us confident in the accuracy and comprehensive nature of the report.” So it’s basically aggregation.

10) Bush and Cheney have acknowledged their roles in the program.  Bush and Cheney have both publicly acknowledged approving the use of waterboarding and other abusive forms of interrogation that are nearly universally considered torture. Cheney said in 2008 that he was “involved in helping get the process cleared.” “Yeah, we waterboarded Khalid Sheikh Mohammed,”Bush said in 2010. “I’d do it again to save lives.”

11) The report’s conclusion that torture didn’t do any good is a big deal. You may argue, as I do, that even if torture sometimes “worked”, it’s still immoral, criminal and ultimately counterproductive. As I wrote during the “Zero Dark Thirty” furor, torture is not about extracting information, it’s about power, revenge, rage and cruelty. It’s about stripping people of their humanity. Throughout its history, its only reliable byproduct has been false confessions. But the pro-torture argument is simple: The ends justify the means. So if the evidence is overwhelming that torture achieves nothing — or less than nothing — then we win the argument by default. 

12) No one has been held accountable. Aside from a handful of low-level soldiers at Abu Ghraib, no one has been held accountable for the U.S.’s embrace and widespread use of torture after the terror attacks of 9/11. And there are no signs that anyone will be. As a result, torture critics conclude that despite President Obama’s decision not to torture, there is no reason to assume that we won’t do it again in the future.

Photo: Charles Dharapak/AP

Email the author: dan.froomkin@theintercept.com

NSA Illegally Invades Earth's Emails

By Ryan Gallagher, 

The Intercept

In March 2011, two weeks before the Western intervention in Libya, a secret message was delivered to the National Security Agency. An intelligence unit within the U.S. military’s Africa Command needed help to hack into Libya’s cellphone networks and monitor text messages.

For the NSA, the task was easy. The agency had already obtained technical information about the cellphone carriers’ internal systems by spying on documents sent among company employees, and these details would provide the perfect blueprint to help the military break into the networks.

The NSA’s assistance in the Libya operation, however, was not an isolated case. It was part of a much larger surveillance program—global in its scope and ramifications—targeted not just at hostile countries.

According to documents contained in the archive of material provided toThe Intercept by whistleblower Edward Snowden, the NSA has spied on hundreds of companies and organizations internationally, including in countries closely allied to the United States, in an effort to find security weaknesses in cellphone technology that it can exploit for surveillance.

The documents also reveal how the NSA plans to secretly introduce new flaws into communication systems so that they can be tapped into—a controversial tactic that security experts say could be exposing the general population to criminal hackers.

Codenamed AURORAGOLD, the covert operation has monitored the content of messages sent and received by more than 1,200 email accounts associated with major cellphone network operators, intercepting confidential company planning papers that help the NSA hack into phone networks.

One high-profile surveillance target is the GSM Association, an influential U.K.-headquartered trade group that works closely with large U.S.-based firms including Microsoft, Facebook, AT&T, and Cisco, and is currently being funded by the U.S. government to develop privacy-enhancing technologies.

Karsten Nohl, a leading cellphone security expert and cryptographer who was consulted by The Intercept about details contained in the AURORAGOLD documents, said that the broad scope of information swept up in the operation appears aimed at ensuring virtually every cellphone network in the world is NSA accessible.

THE OPERATION APPEARS AIMED AT ENSURING VIRTUALLY EVERY CELLPHONE NETWORK IN THE WORLD IS NSA ACCESSIBLE.

“Collecting an inventory [like this] on world networks has big ramifications,” Nohl said, because it allows the NSA to track and circumvent upgrades in encryption technology used by cellphone companies to shield calls and texts from eavesdropping. Evidence that the agency has deliberately plotted to weaken the security of communication infrastructure, he added, was particularly alarming.

“Even if you love the NSA and you say you have nothing to hide, you should be against a policy that introduces security vulnerabilities,” Nohl said, “because once NSA introduces a weakness, a vulnerability, it’s not only the NSA that can exploit it.”

NSA spokeswoman Vanee’ Vines told The Intercept in a statement that the agency “works to identify and report on the communications of valid foreign targets” to anticipate threats to the United States and its allies.

Vines said: “NSA collects only those communications that it is authorized by law to collect in response to valid foreign intelligence and counterintelligence requirements—regardless of the technical means used by foreign targets, or the means by which those targets attempt to hide their communications.”

Network coverage

The AURORAGOLD operation is carried out by specialist NSA surveillance units whose existence has not been publicly disclosed: the Wireless Portfolio Management Office, which defines and carries out the NSA’s strategy for exploiting wireless communications, and the Target Technology Trends Center, which monitors the development of new communication technology to ensure that the NSA isn’t blindsided by innovations that could evade its surveillance reach. The center’s logo is a picture of the Earth overshadowed by a large telescope; its motto is “Predict – Plan – Prevent.”

The NSA documents reveal that, as of May 2012, the agency had collected technical information on about 70 percent of cellphone networks worldwide—701 of an estimated 985—and was maintaining a list of 1,201 email “selectors” used to intercept internal company details from employees. (“Selector” is an agency term for a unique identifier like an email address or phone number.) From November 2011 to April 2012, between 363 and 1,354 selectors were “tasked” by the NSA for surveillance each month as part of AURORAGOLD, according to the documents. The secret operation appears to have been active since at least 2010.

The information collected from the companies is passed onto NSA “signals development” teams that focus on infiltrating communication networks. It is also shared with other U.S. Intelligence Community agencies and with the NSA’s counterparts in countries that are part of the so-called “Five Eyes” surveillance alliance—the United Kingdom, Canada, Australia, and New Zealand.

Aside from mentions of a handful of operators in Libya, China, and Iran, names of the targeted companies are not disclosed in the NSA’s documents. However, a top-secret world map featured in a June 2012 presentation on AURORAGOLD suggests that the NSA has some degree of “network coverage” in almost all countries on every continent, including in the United States and in closely allied countries such as the United Kingdom, Australia, New Zealand, Germany, and France.

One of the prime targets monitored under the AURORAGOLD program is the London-headquartered trade group, the GSM Association, or the GSMA, which represents the interests of more than 800 major cellphone, software, and internet companies from 220 countries.

The GSMA’s members include U.S.-based companies such as Verizon, AT&T, Sprint, Microsoft, Facebook, Intel, Cisco, and Oracle, as well as large international firms including Sony, Nokia, Samsung, Ericsson, and Vodafone.

The trade organization brings together its members for regular meetings at which new technologies and policies are discussed among various “working groups.” The Snowden files reveal that the NSA specifically targeted the GSMA’s working groups for surveillance.

Claire Cranton, a spokeswoman for the GSMA, said that the group would not respond to details uncovered by The Intercept until its lawyers had studied the documents related to the spying.

“If there is something there that is illegal then they will take it up with the police,” Cranton said.

By covertly monitoring GSMA working groups in a bid to identify and exploit security vulnerabilities, the NSA has placed itself into direct conflict with the mission of the National Institute for Standards and Technology, or NIST, the U.S. government agency responsible for recommending cybersecurity standards in the United States. NIST recently handed out a grant of more than $800,000 to GSMA so that the organization could research ways to address “security and privacy challenges” faced by users of mobile devices.

The revelation that the trade group has been targeted for surveillance may reignite deep-seated tensions between NIST and NSA that came to the fore following earlier Snowden disclosures. Last year, NIST was forced to urge people not to use an encryption standard it had previously approved after it emerged NSA had apparently covertly worked to deliberately weaken it.

Jennifer Huergo, a NIST spokewoman, told The Intercept that the agency was “not aware of any activities by NSA related to the GSMA.” Huergo said that NIST would continue to work towards “bringing industry together with privacy and consumer advocates to jointly create a robust marketplace of more secure, easy-to-use, privacy-enhancing solutions.”

GSMA headquarters in London (left)

Encryption attack

The NSA focuses on intercepting obscure but important technical documents circulated among the GSMA’s members known as “IR.21s.”

Most cellphone network operators share IR.21 documents among each other as part of agreements that allow their customers to connect to foreign networks when they are “roaming” overseas on a vacation or a business trip. An IR.21, according to the NSA documents, contains information “necessary for targeting and exploitation.”

The details in the IR.21s serve as a “warning mechanism” that flag new technology used by network operators, the NSA’s documents state. This allows the agency to identify security vulnerabilities in the latest communication systems that can be exploited, and helps efforts to introduce new vulnerabilities “where they do not yet exist.”

The IR.21s also contain details about the encryption used by cellphone companies to protect the privacy of their customers’ communications as they are transmitted across networks. These details are highly sought after by the NSA, as they can aid its efforts to crack the encryption and eavesdrop on conversations.

Last year, the Washington Post reported that the NSA had already managed to break the most commonly used cellphone encryption algorithm in the world, known as A5/1. But the information collected under AURORAGOLD allows the agency to focus on circumventing newer and stronger versions of A5 cellphone encryption, such as A5/3.

The documents note that the agency intercepts information from cellphone operators about “the type of A5 cipher algorithm version” they use, and monitors the development of new algorithms in order to find ways to bypass the encryption.

In 2009, the British surveillance agency Government Communications Headquarters conducted a similar effort to subvert phone encryption under a project called OPULENT PUP, using powerful computers to perform a “crypt attack” to penetrate the A5/3 algorithm, secret memos reveal. By 2011, GCHQ was collaborating with the NSA on another operation, calledWOLFRAMITE, to attack A5/3 encryption. (GCHQ declined to comment for this story, other than to say that it operates within legal parameters.)

The extensive attempts to attack cellphone encryption have been replicated across the Five Eyes surveillance alliance. Australia’s top spy agency, for instance, infiltrated an Indonesian cellphone company and stole nearly 1.8 million encryption keys used to protect communications, the New York Times reported in February.

Click to enlarge.

The NSA’s documents show that it focuses on collecting details about virtually all technical standards used by cellphone operators, and the agency’s efforts to stay ahead of the technology curve occasionally yield significant results. In early 2010, for instance, its operatives had alreadyfound ways to penetrate a variant of the newest “fourth generation” smartphone-era technology for surveillance, years before it became widely adopted by millions of people in dozens of countries.

The NSA says that its efforts are targeted at terrorists, weapons proliferators, and other foreign targets, not “ordinary people.” But the methods used by the agency and its partners to gain access to cellphone communications risk significant blowback.

According to Mikko Hypponen, a security expert at Finland-based F-Secure, criminal hackers and foreign government adversaries could be among the inadvertent beneficiaries of any security vulnerabilities or encryption weaknesses inserted by the NSA into communication systems using data collected by the AURORAGOLD project.

“If there are vulnerabilities on those systems known to the NSA that are not being patched on purpose, it’s quite likely they are being misused by completely other kinds of attackers,” said Hypponen. “When they start to introduce new vulnerabilities, it affects everybody who uses that technology; it makes all of us less secure.”

“IT AFFECTS EVERYBODY WHO USES THAT TECHNOLOGY; IT MAKES ALL OF US LESS SECURE.”

In December, a surveillance review panel convened by President Obama concludedthat the NSA should not “in any way subvert, undermine, weaken, or make vulnerable generally available commercial software.” The panel also recommended that the NSA should notify companies if it discovers previously unknown security vulnerabilities in their software or systems—known as “zero days” because developers have been given zero days to fix them—except in rare cases involving “high priority intelligence collection.”

In April, White House officials confirmed that Obama had ordered NSA to disclose vulnerabilities it finds, though qualified that with a loophole allowing the flaws to be secretly exploited so long as there is deemed to be “a clear national security or law enforcement” use.

Vines, the NSA spokeswoman, told The Intercept that the agency was committed to ensuring an “open, interoperable, and secure global internet.”

“NSA deeply values these principles and takes great care to honor them in the performance of its lawful foreign-intelligence mission,” Vines said.

She declined to discuss the tactics used as part of AURORAGOLD, or comment on whether the operation remains active.

———

Documents published with this article:

• AURORAGOLD – Project Overview
• AURORAGOLD Working Group
• IR.21 – A Technology Warning Mechanism
• AURORAGOLD – Target Technology Trends Center support to WPMO
• NSA First-Ever Collect of High-Interest 4G Cellular Signal
• AURORAGOLD Working Aid
• WOLFRAMITE Encryption Attack
• OPULENT PUP Encryption Attack
• NSA/GCHQ/CSEC Network Tradecraft Advancement Team

———

Photo: Cell tower: Justin Sullivan/Getty Images; GSMA headquarters: Google Maps

Email the author: ryan.gallagher@theintercept.com