German disclosure raises questions about Danish NSA-partnership
New information obtained by the German newspaper Süddeutsche Zeitung (SZ) raises questions about the partnership between the Danish Defence Intelligence Service (DDIS) and the NSA.
SZ has uncovered how the German Foreign intelligence ervice, Bundesnachrichtendienst (BND), cooperated with the NSA in monitoring internet and phone traffic at the world’s biggest internet hub in Frankfurt. This operation took place for a number of years up to 2008. As a point of particular controversy, BND appears to have handed over personal data about German citizens to NSA on a large scale, although German law only permits such transfers in exceptional, individual cases. According to top secret NSA documents seen by Information, the surveillance operation codenamed Eikonal, was part of the NSA's surveillance program RAMPART-A.
As described in Information’s coverage, RAMPART-A gathers an unknown number of allied countries that assist NSA in tapping fiber-optic cables carrying international and national telephone and internet traffic on the territory of the countries concerned. These allied countries form part of the circle of so-called third-party partners whose intelligence services cooperate closely with the NSA, though not as closely as the intelligence services in the so-called second party countries (United Kingdom, Canada, Australia and New Zealand).
As Information has uncovered, Germany and Denmark in all likelihood are both partners in the RAMPART-A-program. A source well versed in the Danish partnership told Information that data collected from cable taps in Denmark are filtered in order to eliminate Danish data before handing them over to NSA. The filters, however, do not remove all Danish data, since this is not technically feasible.
This seems to be the case in Germany, as well. SZ has gained insight into internal papers from the BND, which show that the German intelligence service established a filter to remove German data before handing it over to NSA. The problem, however, was that the filter did not work particularly well. A test showed that the filter could only weed out 95 percent of the German traffic, and although the NSA assured that it would not take advantage of the possibility to tap into the German traffic, BND’s legal staff was concerned. They wrote a memo explaining that the German Intelligence service, due to its 'technical inferiority' could not verify whether the NSA did in fact comply with its promises, and that 'full control ' with the exchange of data, therefore ‘in reality was not possible’. As a consequence, BND warned about potential ‘political damage’ from the collaboration and 'insurmountable consequences'.
In 2005 the Germans discovered that the NSA had abused its access to gather data about companies, that involved German interests, SZ reports. BND protested, and the Germans evens considered to terminate their partnership-programme. Eventually, they decided to continue, because, as the memo says, it was only through cooperation with the NSA, that BND could learn to master the art of handling huge amounts of data from Internet surveillance.
The cooperation was, however, terminated in 2008 – according to SZ, because the filter did not work, and German data kept ending up with the NSA. As the head of a Department in the BND acknowledged in a memo: »The endeavor failed because it was not technically possible to achieve an absolute and flawless separation of (legally, ed.), protected and unprotected communications«.
According to SZ, the NSA reacted angrily to German plans to terminate the joint monitoring of the Frankfurt internet exchange, and the Germans tried to accomodate the Americans by offering access to another »communication string of global importance «. According to the documents seen by SZ, the NSA thus became the BND's 'silent partner' in another monitoring operation, which may still exist.
In a Danish context, the SZ story seems to confirm previous reports by Information saying that the Danish filtering of data collected in cooperation with the NSA does not provide an effective protection against sensitive Danish data getting handed over to the NSA.
A top secret NSA document on the RAMPART-A program published by Information, says »No U.S. collection by Partner and No Host Country collection by U.S.«. An SSO presentation marked NOFORN, (which means it cannot be seen by non-US nationals) repeats the same point. Here, however, a small, but significant modification, is added to the same sentence: » – there ARE exceptions«.
What those exceptions may be, or how the partner country can ensure that the NSA complies with the agreement, cannot be established on account of the documents on RAMPART-A seen by Information. But it is noteworthy that Germany – with a much larger intelligence apparatus at a higher technological level than Denmark – has been unable to prevent German data from being sent to the NSA. It is equally noteworthy that the NSA, according to SZ, has abused its access to the Frankfurt internet exchange to collect data concerning German interests.
While the Germans ultimately chose to stop the EIKONAL-operation as a result of the above vulnerabilities and in order not to break the law, Denmark has given statutory authority which permits tranfers of Danish data to the NSA. As previously reported in Information, new laws governing DDIS adopted in early 2014 enable a wide distribution of Danish data to foreign intelligence services, as long as the data remain untreated or so-called ‘raw data’. This led to several political spokepersons from parties that voted in favor of adopting the law declaring that they were not aware of this. Nevertheless, they have made sure that Danish NSA-partnership is not disputed, despite of the fact that it is impossible to prevent the Americans from collecting Danish data.
Translation by Henrik Moltke. Original article in Danish
German cable taps
Documents seen by Information show that the NSA tap fiber cables and hubs are located in so-called third party countries that cooperate with the NSA, including, by all accounts, Denmark and Germany.
In an internal overview from the NSA's Special Source Operations Department (SSO), which handles the NSA’s numerous cable access programs, an operation codenamed EIKANOL is listed as part of the RAMPART-A program. Despite the slight difference in spelling, it seems likely that EIKANOL is identical to the EIKONAL program reported by Süddeutsche Zeitung (SZ). According to SZ, a BND employee in july 2008 wrote a memo about the operation and why it was closed. It seems to correspond with the SSO document stating that the operation was decommissioned in June 2008.
According to the SSO document, a RAMPART-A access the same size as EIKANOL opened in February 2013. The access, codenamed WHARPDRIVE, was, according to Der Spiegel, also located in Germany. Whether WHARPDRIVE could be a reopening of EIKANOL is not known. Der Spiegel revealed that the access was temporarily closed only six weeks after becoming operational, when non-initiated employees of the telecommunications company that housed the fiber cable, discovered the operation. »Witting partner personnel have removed the evidence«, the NSA document says, »and a plausible cover story was provided«. According Der Spiegel the team was subsequently tasked with reinstating the WHARPDRIVE access.