Analysing The Snowden SIDToday Files: Part Three

In December 2016, The Intercept published it’s third bulk release of files from the Snowden archives, 262 documents from SIDtoday, the newsletter of the Signals Intelligence Directorate of the National Security Agency.

SIDtoday is an internal NSA publication of bite size proportions, averaging just over a page per article. Predictably upbeat and celebratory in nature, the general themes are news bulletins on:

  • HR: awards, promotions and vacancies
  • Compliance & oversight
  • Theatres of NSA operations and “customers” (other agencies)
  • Employee safety including mental health
  • Events, meetings, trainings and employee profiles

Below are our unique findings from analysing this batch of documents. Only points not already highlighted by The Intercept when the files were released are included. As promised, we are mining the gems hidden in plain sight.

NSA analysts who transcribe collections are colloquially known as ‘scribes‘ within the organisation. One Snowden SIDToday document helpfully lists the key lingo used by ‘scribes‘ and those who refer to them.

Among the terms defined in the document;

* Scribes use a ‘foot pedal’ (literally) to skip back and forward through a recording (or speed it up) – this allows them to keep their hands free for typing

* The clarity of a recording is determined by its ‘read‘ factor – 5 for near-perfect audio quality, 1 for inaudibility

* A scribe’s level of conviction or certainty regarding the integrity of their audio analysis is represented by an alpha value – A-val is a positive, B a likelihood, an assertion.

* A ‘cut’ is an audio recording

* ‘UI fem’ and ‘UI male represent an unidentified female or male voice.

While the NSA makes use of many custom tools, programs and plug-ins, fundamentally the War on Terror is being waged using Microsoft Exchange Server and Dell workstations according to this document – as well as Oracle databases.

Indeed, those databases are discussed in the context of a document about the usefulness of metadata over content, particularly in the context of chaining contact information. The same document lets slip that in 2004, the NSA’s intention was to store internet data for seven years and telephony for three (as opposed to the current day, where it is believed that most information is now being stored perennially). It also states that the collection and storage of metadata is “a growth area“.

We often hear in tech and activism circles about threat models, but the NSA have this down pat. In this handy document titled OPSEC In SID – Some Answers”, the NSA provides a helpful guide to assessing what critical information a potential target may be giving away about themselves, how to lower the risk of doing so and alter their speech and behaviour accordingly.

The Signals Intelligence Directorate Deputy Director for Analysis and Production complained about the abject lack of space for employees. Apparently the division is somewhat cramped. “I am distressed by the conditions in which many of our people are working”, he writes in this memo to staff, stating that he has passed the complaint up the food chain but finishing with “I’m not even sure what a miracle in this area would look like, but I’m not expecting one.”

Short on qualified linguists for the Iraq theatre, the NSA was trialling solutions for machine translating Arabic. This is a somewhat alarming revelation, as prior releases have confirmed that SIGINT conclusions were often the sole intelligence relied on for bombing missions.

The rapid evolution of communications technologies and the fragmentation of information across myriad platforms, devices and providers were cited by the NSA as being the core challenges they faced in collections. Some of their solutions? Distributing their own collections architecture accordingly (developing programs tailored to collect from each source) and cross-platform analysis.

As far back as the Bosnian War, and as high up as Generals, there was in fact concern about implication in or potential prosecutions for war crimes according to this document. The report claims that, in the wake of incidents of civilian deaths, a General made a point of sighting and signing off on every individual intelligence package for bombing missions.

Apparently, for the Iraq Survey Group, responsible for ingesting and analysing both physical documents and storage devices seized on the ground in Iraq, there were three major priorities in 2004: WMD’s, Counterterrorism, and information about one Captain Speicher, described as a POW from the first Gulf War. His fate was unknown until years later, when in 2009 it was determined that he had in fact died in 1991.

What seemed a huge boast by the NSA caught our eye – that their “shop had “influenced the Secretary of State and changed history” by providing intelligence to the US mission to the United Nations. The document claims that information the NSA had supplied included confirmation on how each member state would vote, ahead of UN Resolution 1511. This assured the Secretary that the US “had the votes needed to assure adoption”.

Looking into the precise wording of UN Resolution 1511, this may have been the most significant resolution post-invasion of Iraq. Among other commitments, the resolution stipulates that UN member states will provide resources including military personnel, with the aim of securing Iraq. It also provides the framework for the Governing Council to administrate over Iraq until eventual democratic elections.

The resolution essentially, delivers the responsibility for what was originally a non-UN-mandated invasion of Iraq instigated unilaterally by the United States under the AUMF directly to the doorsteps of UN member states worldwide. Effectively, it was a pathway for the world to become the clean-up crew for the US mess.

The most stunning revelation that we have found so far in this batch was buried in the strategic forecasting for 2006-2010. Perhaps more than any other finding, this belies the true prerogatives of intelligence, but also contextualises one of the biggest geopolitical issues of our current time – the refugee and migrant crisis in Europe.

Remarkably, when asking themselves “What Does The Future Hold?”, the NSA determines that the biggest issues that they would face is to “US economic and foreign policy”. They go on to list their top foreseeable threats, and the first and foremost is not terrorism, not geopolitical instability, but “the expanding EU.”

“Rising states like China”, “unstable governments”, and “competition for strategic access to resources” play second, third and fourth fiddle to the economic threat of the EU surpassing the USA permanently as the primary global economic superpower.

Lending significant credence and contextualisation to theories posited in recent years that the destruction of Libya in 2012 resulting in a refugee and migrant tsunami pouring into Europe may have in fact been a known consequence manufactured specifically to undermine the economic strength and social cohesion of the European Union, thereby neutralising the US’s biggest economic competitor.

The U.S. military presence in West Africa has increasingly featured in the news cycle in recent times. It turns out that as far back as 2004 the NSA had forecast the U.S.’s dependency on the region’s oil would reach 25% of total U.S. consumption. The NSA stated that West African oil is a higher and cleaner grade than that found in Latin and South America, and was therefore more desirable.

The document alludes to an intent to use diplomatic and economic power to gain “leverage, as well as military strength to ensure that the flow of oil to the United States and its allies is unimpeded.” Revealing that yes, the NSA does spy for economic reasons (as is often denied). This is also effectively an open proclamation that the US military is used to secure resources, rather than operating under the usual cover of human rights or counterterrorism-related missions.

The document concludes “Africa may not always be important on the international political scene, but it is important on the economic scene – and will play a more significant role in the future, supplying more and cleaner energy sources.

A document containing an interview with an NSA executive lends fascinating insights into both his mindset and more broadly of NSA operations. “The best thing,” he says, about being an NSA executive, is that at that level, they are “privy to the strategic picture”, rather than being subject to compartmentalisation as staff at lower ranks are.

The entire document is a fascinating read but most poignantly, the “senior” says that in order to be a successful NSA executive, one must have “total amnesia regarding real or perceived wrongs” done by/at the agency.

A tale of an NSA employee heading off to the Iraq War in October 2003, contains him recounting how people questioned his deployment, telling him “The war’s over. Why would they send you to Iraq now?

The soldier talks about having a New Year’s Party in one of Saddam’s palaces, and optimistically reports “I’ll leave knowing that this country is well on its way to recovery. And we have helped.“

Analysing the document fourteen years later, it’s hard to be amused by the irony when the end result of the US invasion of Iraq, where armed conflict is still ongoing, is so horrifying. One can only wonder how the soldier who wrote the report feels about his deployment now.

Thanks to this extremely insightful document, we now know a bit more about NSA’s targeting processes.

The “Target Analysis Center” at the NSA is comprised of multiple teams, including the“Metadata Analysis Cell (MAC), the Social Network Analysis Workcenter (SNAW), and Target Development Services (TDS)”.

These sub-groups exist to harvest and then “synthesize”  information about NSA targets and to feed that information to the analyst(s) assigned to the target.

This document drills down further into the work of the Social Network Analysis Workcenter. They specifically state that they are not just looking for online activity but offline social networks. The document states that the NSA collects “information on actors (people, organizations, companies, etc), attributes (facts about or properties of actors), relations (socially meaningful ties across actors), and metadata (from information source).”

They continue: “By mapping and analyzing the pattern of social interactions (‘works with’, ‘knows’, ‘receives money from’, etc.) between individuals, Social Network Analysis illuminates the scope, complexity, and structure of networks, and the roles individuals play within them.

Recently, whistleblower Chelsea Manning was famously invited and then disinvited as a Visiting Fellow at Harvard University, after an uproar by current and past CIA executives and other members of the intelligence agencies. This has led many to question the relationship between the intelligence agencies and academia.

This NSA document from 2004 describes the “SINIO Council in conjunction with the National Cryptologic School” (the National Security Agency’s “in-house academic program“) presenting an International Studies course from Johns Hopkins University on peacekeeping.

Not only does the NSA internally admit to intelligence activities and allude to military deployment decisions being made for economic reasons, one document refers to a “Global Economic Security Day where the “U.S. Economic and Intelligence Communities” seek to engage in “enhanced networking” for the purposes of better “interagency understanding”.

As of 2004, every year the NSA required that all employees read five legal documents that “govern our mission”. These documents are referred to as “Executive Order 12333, USSID 18, NSCID 6, DoD Regulation 5240.1-R & NSA Directive 10-30.” According to Wikipedia, Executive Order 12333 is a Reagan-era Executive Order that extended the power of the intelligence agencies to comply with CIA’s information requests. However, this SIDToday document states that “The basic principle behind these documents is the right to privacy. Since the SID mission involves electronic surveillance, it is subject to strict control under the U.S. Constitution, federal law, and Executive Branch regulations designed to protect the fundamental privacy rights of U.S. persons. Familiarity with the above documents is therefore an important responsibility of every SID employee.”

Another SIDToday document says that NSA “customers can request SIGINT on foreign media and press” as well as on “any other open broadcast signal.” The document goes on to refer to “combatant command customers”, meaning that this information can result in or assist with combat operations on the ground. Which seems significant given the bombing of Al-Jazeera and other media organisations, during conflicts. The document also specifies that analysis of the content is excluded as “this is the responsibility of other organisations” and says “The Foreign Broadcast Intelligence Service (FBIS) regularly reports the content of these open broadcasts.”

A document titled Advanced Analysis Seminar: Computational Neurobiology” refers to a seminar with an executive from the Fair Isaac Corporation which is, of all things, a credit score company. It makes reference to “symbolic prediction technique”, “confabulation” and “conditional probabilities” in the context of Artificial Intelligence and proposes the adoption of confabulation theory for analytical processes rather than the standard reasoning techniques employed.

“Winning the War Was the Easy Part: Challenges of Nation-Building” is a SIDToday file that sheds further light on the intentions of the U.S. in post-invasion Iraq. The NSA describes the U.S. as being engaged in “rebuilding a country from scratch”, refers to “previous nation-building experiences” and prior “U.S. and UN experiences in post-conflict reconstruction”, which suggests a historical cycle of U.S. invasions resulting in joint-UN reconstruction efforts.

One of many SIDToday documents exploring the experiences of NSA staff members when posted in various locations around the world (known as expeditionary postings) states that NSA employees were stationed inside of Saudi Arabia.

While many knew of Obama’s “Pivot To Asia” plan, where U.S. military resources were dramatically increased around Asia-Pacific and the Pacific Rim, years earlier the NSA was already internally describing the region as the “Area of Responsibility of this century.

According to Wikipedia, the existence of the 1946 UKUSA agreement which established the Five Eyes intelligence sharing partnership was unknown to even the Prime Minister of Australia for some 27 years. One SIDToday document from the Snowden files excitedly makes reference to a new agreement having been reached between the NSA and GCHQ, their UK counterpart. “The Joint Programme was established in December 2002 with a groundbreaking Principles of Agreement signed by the Directors of NSA and GCHQ”, it states.

When undertaking strategic planning for the year 2020, the National Intelligence Council employed a number of tactics to gather “plausible scenarios”. The effort was “a follow-on study” from a 2015 “Global Trends project” that had identified “7 key drivers… Demographics, Natural Resources and the Environment, Science and Technology, Global Economy and Globalization, National and International Governance, Future Conflict and the Role of the U.S.”  In addition to those seven, they also added “Social Identity” as an area they wanted to explore for 2020.

To harvest ideas for what the world could be like in 2020, they engaged academics, experts in the private/corporate sectors including in IT and technology and even interviewed their own NSA staff members to gather their ideas. But most remarkably, they partnered with a non-profit organisation called the “International Affairs Institute” to hold an essay competition, enticing students to proffer their ideas by offering various prizes. The document states “IAI essay entries may be used in NIC discussions and publications as well as in internal NSA discussions on strategic planning and input to the NIC project.”

Far from merely a benign partnership, the NSA claimed in another document that makes reference to the International Affairs Institute that the organisation is in fact an NSA “recruitment tool“. This appears to be “The International Affairs Institute For World Peace” headquartered in New York City. We have been unable to find any public reference to their relationship with the NSA.

This document demonstrates that the NSA has been spying on political activism groups for longer than may have been realised. “The events of September 11 brought new urgency to the task of identifying the dividing line between legitimate political activity and activity that is the precusor to, or is supportive of terrorism” it reads, although there is no known connection between the events of September 11th and political activism. The document refers to “otherwise legitimate organisations” and says that they must “raise questions about where political action fades into terrorism.”

An H.R. document relating to the NSA’s “Civilian Promotion Program” appears to contain the population figures for each Signals Intelligence Directorate team and the total number of staff members eligible for promotion and the percentage of the total awarded. Interestingly, it makes reference to only 1 member of the “Information Systems Security Analysis” team having received a promotion and says that person was 20% of the total eligible. Suggesting that their internal security team population is in single digits. By contrast, we know from another NSA document that they have some 6,500 cryptologic language analysts (linguists) worldwide. On the surface, this seems to lend credence to Edward Snowden’s assertion that systems defence is dramatically understaffed at NSA.

A document referring to intelligence community “failures” and titled “Adversarial Attempts To Foil The U.S. Intelligence Gathering System” bemoans the use of the “simplest, inexpensive low-tech tool to defeat our expensive, high-tech systems.”

Pen and paper, anyone?

PLEASE NOTE: Some of the findings above have been written up by Elizabeth Lea Vos of Disobedient Media in her article “Hidden Secrets of the Snowden Files” which is available at this link.

Much of the analysis was also performed live on You Tube for the DecipherYou web series by journalist Suzie Dawson, the latter episodes of which also feature Elizabeth Lea Vos. The full playlist is available at this link.

This article would not have been possible without the obviously immense amount of work invested by staff at The Intercept in preparing these files for release – you can read their report on the December 2016 SIDtoday files by clicking on this link.