NSA’s mass surveillance of NZers online
I was therefore quite surprised yesterday when Prime Minister John Key said he has no reason to believe the NSA has undertaken mass surveillance on New Zealanders. To help the prime minister, let’s look at what we know about it and whether an objective person should come to the same conclusion.
At the same time, let’s not overlook the FBI’s (NarusInsight) and GCHQ’s (Tempora) sterling efforts in collecting and making the data available to the NSA. In fact, the GCHQ collects even more metadata off international cables than the NSA.
I’ll cover both the direct and indirect ways known to be used (thanks Edward Snowden and other whistleblowers). By way of context, note that it is entirely legal for the NSA to undertake mass (and targeted) surveillance of New Zealanders. There are virtually no limits on the NSA’s surveillance of non-Americans in the US "national interest."
And, no, being part of the Five Eyes does not buy us immunity from being spied on by the NSA and GCHQ.
Southern Cross Cable primary means
Almost all of New Zealanders’ international Internet traffic travels on the Southern Cross Cable system. Some of it goes via Australia but the bulk of it is to or via US. This includes all data on the internet- web, emails, IP voice/video, apps, etc.
The quickest way to understand the significance of this is the superb NZ Herald article that David Fisher reminded me of yesterday. It demonstrates how the Southern Cross Cable folks tried to take commercial advantage of NSA mass surveillance.
Note: I do accept their defence that they are merely complying with legal obligations placed on them. That doesn’t, however, stop them or others in seeking commercial advantage from doing so.
Another angle is the Snowden documents.
The main NSA program for bulk surveillance of fibre optic international cables is Fairview. Fairview’s goal is to “own the Internet” and is an ‘umbrella program’ that refers to individual efforts including BLARNEY, OAKSTAR, and STORMBREW.
But does Fairview cover the Southern Cross Cable? Absolutely. Have a look a this and you’ll quickly see it at the far right:
Note that FAA702 in the slide refers to operations under section 702 of the FISA Amendment Act (FAA) of 2008. Section 702 is the one that authorises foreign surveillance programs by the NSA.
Under the various Fairview programs, the NSA works with international partners, including telcos. There has been some speculation about the role of New Zealand telcos (with Telstra’s role now public knowledge) but that might have to wait for Snowden’s New Zealand documents expected to be made public this year.
These programs are ‘full take’- they collect all the data passing through for analysis, both metadata and content. Data is not collected based on selectors or targeting or any suspicion whatsoever.
Everything flowing through the Southern Cross Cable system at the US landing points is passed on to the NSA. That’s mass surveillance of New Zealanders. Whether our prime minister considers that to be sufficient reason to believe it is happening or not, the fact is that it is.
Indirect Mass Surveillance
In addition to direct, legal mass surveillance of New Zealanders, the NSA also has several indirect means. These are mass global surveillance programs in which New Zealanders’ data is hoovered up as a part of their indiscriminate global scope.
Chief among these is PRISM. The NSA always uses multiple ways to get the same information, even if one is working well. This slide shows how the direct surveillance above (upstream collection as data flows past) combines with indirect means to provide comprehensive mass surveillance:
It’s not news to anyone that New Zealanders are extensively using online services from the US-based companies named above. All of that’s available to the NSA. Documents indicate that PRISM is “the number one source of raw intelligence used for NSA analytic reports” and it accounts for 91% of the NSA’s Internet traffic acquired under FISA Section 702.
In addition to PRISM which is like knocking on the front door of these online service providers, the NSA in keeping with its use of multiple paths to get the same information, also works with the GCHQ at the back end to scoop up data on the connections between Google’s and Yahoo’s global data centres under a program called MUSCULAR.
Other Mass Surveillance of New Zealanders
In addition to Internet mass surveillance, there are NSA spying programs that involve phones (including text messages via Dishfire), financial transactions, and travel data. There are also various additional GCHQ programs, including the wonderfully named Squeaky Dolphin aimed at social media networks.
The bottomline is that the NSA would be failing in its stated mission if it wasn’t putting New Zealanders under mass (and targeted) surveillance. If it makes us feel better, New Zealand is amongst the countries least under surveillance by the NSA according to their global heatmap Boundless Informant.
I firmly believe that, contrary to the prime minister’s statement, we have every reason to believe that New Zealanders are indeed subject to mass surveillance by the NSA on the basis of known programs alone.
And that’s before we’ve even got Snowden’s New Zealand specific disclosures.
Former State Services Commission strategy & innovation manager and InternetNZ chief executive Vikram Kumar is the former CEO of Mega. He posts at Internet Ganesha.