New NSA Revelations Inside Snowden's Germany File
Part 2: Targets in Africa, Targets in Europe
Much of what happens in Griesheim is classic intelligence work and threat identification, but a presentation dating from 2012 suggests that European data streams are also monitored on a broad scale. One internal document states there are targets in Africa as well as targets in Europe. The reason being that "most terrorists stop thru Europe." For reconnaissance, the document mentions, the ECC relies on its own intelligence gathering as well as data and assistance from Britain's Government Communications Headquarters (GCHQ) intelligence service.
The latter is likely a reference to the Tempora program, located in the British town of Bude, which collects all Internet data passing through several major fiber-optic cables. GCHQ, working together with the NSA, saves the data that travels through these major European network connections for at least three days. The ECC claims to have access to at least part of the GCHQ data.
NSA staff in Griesheim use the most modern equipment available for the analysis of the data streams, using programs like XKeyscore, which allows for the deep penetration of Internet traffic. Xkeyscore's sheer power even awakened the interest of Germany's BND foreign intelligence service as well as that of the Federal Office for the Protection of the Constitution, which is responsible for monitoring extremists and possible terrorists within Germany.
An internal NSA report suggests that XKeyscore was being used at Griesheim not only to collect metadata -- e.g. the who, what, where, with whom and at what time -- but also the content of actual communications. "Raw content" is saved for a period of between "3 days to a couple of weeks," an ECC slide states. The metadata are stored for more than 90 days. The document states that XKeyscore also makes "complex analytics like 'Pattern of Life'" possible.
The NSA said in a statement that XKeyscore is an element of its foreign intelligence gathering activities, but it was using the program lawfully and that it allows the agency to help "defend the nation and protect US and allied troops abroad." The statement said it engages in "extensive, close consultations" with the German government. In a statement provided to SPIEGEL, NSA officials pointed to a policy directive Barack Obama issued in January in which the US president affirmed that all persons, regardless of nationality, have legitimate privacy interests, and that privacy and civil liberties "shall be integral considerations in the planning of US signals intelligence activities."
The statement reveals the significant gap between Germany's understanding of what surveillance means and that of the Americans. In overseas operations, the NSA does not consider searching through emails to be surveillance as long as they are only stored temporarily. It is only considered to be a deeper encroachment on privacy when this data is transferred to the agency's databases and saved for a longer period of time. The US doesn't see it as a contradiction when Obama ensures that people won't be spied upon, even as the NSA continues monitoring email traffic. The NSA did not respond to SPIEGEL's more detailed questions about the agency's outposts in Germany.
'The Endangered Habitat of the NSA Spies'
The bustling activity inside the Dagger Complex listening station at Griesheim stands in stark contrast to its outward appearance. Only a few buildings can be recognized above ground, secured by two fences and a gate made of steel girders and topped by barbed wire.
Activist Daniel Bangart would love to see what is on the other side of that fence. He's rattled the fence a number of times over the past year, but so far no one has let him in. Instead, he's often been visited by police.
When Bangert first began inviting people to take a "walk" at Griesheim to "explore together the endangered habitat of the NSA spies," he intended it as a kind of subversive satirical act. But with each new revelation from the Snowden archive, the 29-year-old has taken the issue more seriously. These days, the heating engineer -- who often wears a T-shirt emblazoned with "Team Edward" -- and a small group of campaigners regularly attempt to provoke employees at the Dagger Complex. He has developed his own method of counter-espionage: He writes down the license plate numbers of suspected spies from Wiesbaden and Stuttgart.
At one point, the anti-surveillance activist even tried to initiate a dialogue with a few of the Americans. At a street fair in Griesheim, he convinced one to join him for a beer, but the man only answered Bangert's questions with queries of his own. Bangert says another American told him: "What is your problem? We are watching you!"
Spying as They Please
It's possible Bangert has also attracted the attention of another NSA site, located in the US Consulate General in Frankfurt, not far from Griesheim. The "Special Collection Service" (SCS) is a listening station that German public prosecutors have taken a particular interest in since announcing earlier this month that it was launching an investigation into the spying on Angela Merkel's mobile phone. The trail leads from the Chancellery in Berlin via the US Embassy next to the Brandenburg Gate and continues all the way to Laurel, Maryland, north of Washington DC.
That's where the SCS is headquartered. The service is operated together by the NSA and the CIA and has agents spread out across the globe. They are the eyes and ears of the US and, as one internal document notes, establish a "Home field advantage in adversary's space."
The SCS is like a two-parent household, says Ron Moultrie, formerly the service's vice president. "We must be mindful of both 'parents'." Every two years, leadership is swapped between the NSA and the CIA. The SCS, says Moultrie, is "truly a hybrid." It is divided into four departments, including the "Mission Support Office" and the "Field Operations Office," which is made up of a Special Operations unit and a center for signal development. In Laurel, according to internal documents, the NSA has established a relay station for communications intercepted overseas and a site for training.
Employees are stationed in US embassies and consulates in crisis regions, but are also active in countries that are considered neutral, like Austria. The agents are protected by diplomatic accreditation, even though their job isn't covered by the international agreements guaranteeing diplomatic immunity: They spy pretty much as they please. For many years, SCS agents claimed to be working for the ominous-sounding "Defense Communications Support Group." Sometimes, they said they worked for something called the "Defense Information Systems Agency."
Spying Stations, from Athens the Zagreb
According to an internal document from 2011, information related to the SCS and the sites it maintains was to be kept classified for at least 75 years. It argued that if the agency's activities were ever revealed, it would hamper the "effectiveness of intelligence methods currently in use" and result in "serious harm" to relations between the US and foreign governments.
In 1979, there were just over 40 such SCS branch offices. During the chilliest days of the Cold War, the number reached a high point of 88 only to drop significantly after the fall of the Berlin Wall and the collapse of communism in Eastern Europe. But following the Sept. 11, 2001 terror attacks, the government established additional sites, bringing the number of SCS spy stations around the world up to a total of around 80 today. The documents indicate that the SCS maintains two sites in Germany: in the US Consulate General in Frankfurt and the US Embassy in Berlin, just a few hundred meters away from the Chancellery.
The German agencies responsible for defending against and pursuing espionage -- the Office for the Protection of the Constitution and the office of the chief federal prosecutor -- are particularly interested in the technology deployed by the SCS. The database entry relating to Merkel's cell phone, which SPIEGEL first reported on in October 2013, shows that the SCS was responsible for its surveillance.
According to an internal presentation about the work done by the SCS, equipment includes an antenna rotator known as "Einstein," a database for analysis of microwaves called "Interquake" and a program called "Sciatica" that allows for the collection of signals transmitted in gigahertz frequencies. A program called "Birdwatcher," which intercepts encrypted signals and prepares them for analysis, can be remotely controlled from the SCS headquarters in Maryland. The tool allows the NSA to identify protected "Virtual Private Networks" or VPNs that might be of interest. VPNs are used by many companies and embassies for internal communication.
200 American Intelligence Workers in Germany
Following the revelations that Merkel's mobile phone had been monitored, Hans-Georg Maassen of the domestic intelligence agency BfV, turned to US Ambassador to Germany John Emerson to learn more about the technology and the people behind it. Maassen also wanted to know what private contractors the NSA was working with in Germany. When Emerson said during a visit to the Chancellery that he assumed the questions had been straightened out, Maassen countered, in writing, that they remained pertinent.
Maassen says he received a "satisfactory" answer from Emerson about intelligence employees. But that could be because the US government has officially accredited a number of the intelligence workers it has stationed in Germany. SPIEGEL research indicates more than 200 Americans are registered as diplomats in Germany. There are also employees with private firms who are contracted by the NSA but are not officially accredited.
The list of questions the German government sent to the US Embassy makes it clear that German intelligence badly needs help. "Are there Special Collection Services in Germany?" reads one question. "Do you conduct surveillance in Germany?" And: "Is this reconnaissance targeted against German interests? " There are many questions, but no answers.
Ultimately, Maassen will have to explain to the parliamentary investigative committee what he has learned about US spying in Germany and how he intends to fulfill his legally mandated task of preventing espionage. The explanation provided by the BfV thus far -- that it is uncertain whether the chancellor was spied on from the US Embassy in Berlin or remotely from the headquarters in Maryland, making it unclear whether German anti-espionage officials should get involved -- is certainly an odd one. Germany's domestic intelligence agency is responsible for every act of espionage targeting the country, no matter where it originates. Cyber-attacks from China are also viewed by the BfV as espionage, even if they are launched from Shanghai.
The order to monitor the chancellor was issued by the department S2C32, the NSA unit responsible for Europe. In 2009, Merkel was included in a list of 122 heads of state and government being spied on by the NSA. The NSA collects all citations relating to a specific person, including the different ways of referring to them, in a database called "Nymrod."
The NSA introduced Nymrod in January 2008 and the entries refer to a kind of register of "intelligence reports from NSA, CIA, and DoD (Department of Defense) databases." In Merkel's case, there are more than 300 reports from the year 2009 in which the chancellor is mentioned. The content of these reports is not included in the documents, but according to a Nymrod description from 2008, the database is a collection of "SIGINT-Targets." SIGINT stands for signals intelligence.