Benni June 20, 2014 10:14 AM

Not only one new story, but several ones

together with more than 50 packages with new slides:

This catalogue of slides is comparable to the TAO catalogue they published earlier.

And here is the answer from snowden’s lawyer to the german NSA investigation comission of the parliament:

No, a real interrogation can not take place in Moskow. No, for informal coffee talks, Ed does neither have time nor is there any room for. Yes, if the comittee is willing to interrogate Snowden in germany, he would like to come and deliver answerscontaining detailed information that he has not been published before…

Thats exactly what his lawyer should have done.

Now the comission has to arrange a meeting somehow in germany….

Simon June 20, 2014 11:07 AM

“The current authority for the NSA’s bulk collection of telephone metadata expires today. A bunch of organizations has tried to urge the president not to renew it. I don’t think that’ll happen, either.”

You don’t think what will happen?
That the President won’t renew it, or that the President won’t NOT renew it?

Chris McLeod June 20, 2014 11:14 AM

I too am concerned by the total lack of run these stories and others like them are getting in the US press. I know that there is a vicious news cycle and things come and go but the almost total silence is disturbing. It may be that we need to look overseas for not only our cloud storage and VPN’s but also our news.

Joe June 20, 2014 11:23 AM

Defunding the backdoor program is meaningless, as it is too important to do away with. It will now get funding from black sources and other NSA divisions. The only way to stop it is with perp walks. Real laws and effective enforcement. Maybe they will fund it now by charging other countries for their data feeds 😛

Joe June 20, 2014 11:27 AM

Oh, and before you criticize, that is pretty much how the CIA got around congress defunding aid to the contras in the iran-contra scandal.

DB June 20, 2014 11:33 AM

It really ticks me off that hardly anyone in this country gives a f*** if the Constitution disappears and we turn into a totalitarian government! It’s just “yawn” to most people.

Anura June 20, 2014 12:05 PM

Not to drag this into a partisan debate, but:

And in related news, the US House of Representatives voted to ban NSA backdoor searches, as well as it weakening commercial products and protocols. There’s no chance it’ll become a law, but the 293-123 vote is a big deal nonetheless.

Republicans: 135 Ayes, 95 Noes
Democrats: 158 Ayes, 29 Noes

Given how much the right has been hammering Obama about the NSA domestic-spying, authoritarian police-state stuff (and rightly so), I’m very surprised that the Democrats supported it more than the Republicans.

M Welinder June 20, 2014 12:29 PM

s/Dagbladet/Information/ (that’s how the newspaper is generally known)

s/Dagbladet/Dagbladet Information/ (that form seems to be used less often)

It is never abbreviated “Dagbladet”.

Benni June 20, 2014 12:31 PM

In the last squid post, I have made some commentary what is in these new spiegel articles.

I try to summarize this here:

First, it is revealed that the Snowden data lists all american surveillance stations in Germany since 1917:

Over the years, the Americans had 150 of them in Germany, but they often closed and were opened up somewhere else, upgraded with new technology.

The files say that the German BND was not very interesting to the NSA, because in earliest days, the Americans monitored whom they wanted to, whereas the BND imposed restrictions on itself. Even though the services were partners from the very beginning in 1962.

During the year 2000, this changed. Now BND had massively upgraded its technology.

Since 2005, NSA agents worked as integral part of a BND operation called “orion”, side by side with BND agents.

Then, the Spiegel articles reveal the existence of a new secret US agency, which was born: JSA.

It is a merger of BND and NSA, with its sign showing the NSA eagle and a german flag….

“JSA is a joint NSA/BND organization whose mission is Sigint development and collection of digital network communications and international communications traffic.”

However, this NSA slide shows that the BND has a very different technique for analyzing the collected content.

While the NSA uses automated tools first, in order to protect the privacy, BND uses humans who read the emails first. It seems that for the first time, NSA got really worried about privacy

NSA writes:

“Where NSA primarily relies on equipment for selection and analyst minimization for privacy protection, the BND relies on analysts to manually scan traffic for selection and then equipment to filter data for privacy protection. Full use of NSA DNI processing systems and analysts methodologies at JSA will be key to influencing the BND to allter their stratigic DNI processing approach”

One should note that the agents reading all emails is not because the BND is technically backward:

At one of their monitoring sites (and BND has many of these) BND collects 62.000 emails per day. Of course they also monitor communication via mobile phones (GSM). NSA agents were impressed by the Software demos from BND:

“In some ways these tools have features that outperform US sigint capabilities”.

With that, they ment the unique capability of BND tools to select an area, and then immediately an agent can listen to all the phone calls coming from there.

Also BND seems to have unique algorithms in place for analyzing patterns that they get from phone metadata. They apparently take data from mobiles in order to find out who communicates with whom, or which people stay together in groups and so on. And their algorithms for that are better than the NSA ones.

So, why are BND agents insisting on reading the communication content personally?

NSA’s writing: “Full use of NSA DNI processing systems and analysts methodologies at JSA will be key to influencing the BND to allter their stratigic”

Implies that they have entered some real difficulties when they tried to prevent the german agents to personally read and hear the calls.

Well, the answer lies in the german culture, I think.

German toroughness and precision means that german agents can not rely on some unprecise automata. What if some automated program misses an email that describes an imminent terror attack?

Certainly, algorithms do not have the quality to decide whether an email describes any content of interest to the BND, which has to monitor emails in order to investigate terrorism, weapon deals, drug trade, organized crime, and everything else that the german government is interested in.

Therefore BND agents must read all emails personally.

Dear NSA, in Deutschland, we work gründlich. Deutsche Gründlichkeit. Yes, the same thing which made the STASI or the precisely executed holocaust possible. You know, during the holocaist every jew, one by one was exterminated after carefully designed lists and plans. The same deutsche Gründlichkeit, that is repsonsible for the precision and durability of our machines that we develop and export.

That the BND in fact had something to do with Nazis (the first BND boss was an ex Nazi), with the BND even being responsible of a secret Nazi army in the 60’s was revealed by Spiegel here:

But this german toroughness is nothing only Nazi related, but it is deep in the german culture and practiced by all german authorities.

For BND, it implies its agents must read all emails personally,

And of course terrorism is an international problem. It could be, that there are terrorists from america.

This here is a diagram showing all countries in red, whose communications between germany are broadly monitored by BND:

this was revealed in a recent lawsuit and of course, the united states are in the list. It can not be that american terrorists enter germany, so we have to broadly monitor the US:

if a coutry is not in this graphics, it does not mean it is not monitored. For example, in the german versions of the spiegel articles it is revealed that BND tried to impress the NSA with its knowledge on North Korea:

But how does the BND monitor so many coutries?

This telecommunication firm they monitor can not be just deutsche Telekom. Telekom is one ISP, but there are many others like this in germany. Of course, the BND monitors them too

But they certainly need some system that somehow unifies many of the world’s ISP’s in order to monitor all the countries in that graphic:

And there we have it. In Frankfurt:

De-cix is the largest internet hub of the world and its Frankfurt node has this customer list:

These are more than 500 telcos. And companies like google and facebook.

Recently, de-cix have opened up nodes in america, and the near east, and they gathered russian telcos as customers:

(that way BND can finally monitor american communication. And in case of BND that means agents reading or hearing the communication personally….)

By law, BND can copy 20% of the “network capacity” of internet nodes.

The judges of the NSA comission of the german parliament noted that 20% of the “network capacity” of De-cix is its current maximum load.

This maximum load is around 3,4 Tbit/s,see .

The NSA’s program to tap fibers is called Rampart-A. Here is a slide with some technical information on this:

They say:
“RAMPART-A has access to international communications from anywhere around”
which is completely analog to GCHQ’s full take of Tempora.

And now we have this slide on NSA’s program Rampart-A, saying:

“RAMPART-A has access to over 3 Terabits per second of data streaming world-wide and encompasses all communication technologies such as voice, fax, telex, modem, e-mail internet chat, Virtual Private Network (VPN), Voice over IP (VoIP), and Voice Call records.”

By pure accident this is just the maximum load of de-cix, which the german BND is allowed to copy.

One should note that Spiegel only writes in its articles that BND is a Rampart-A partner of the NSA.

But the magazine, for some reason, has not published the slides of this.

This is also noted by these bloggers here:

But that is the usual tactics of Spiegel.

It publishes something, and then it waits until some politician says some nonsense. Just to reveal further information later, in order to depict the politician as a liar.

The hardware of De-cix is provided by Deutsche Telekom.

DER SPIEGEL also notes in its german articles, that general Alexander is officially invited as a speaker by the german telecommunication company Deutsche Telekom for their upcoming conference “24 hours 2014” in Munich.

Wikileaks revealed some time ago that Deutsche Telekom is the hardware provider of the BND.

Yes, the BND seems to be such important to the NSA that an NSA boss holds speeches for BND’s network provider.

When germany’s highest court ruled that an early version of the G10 law was in compilance with the german constitution, the highest court stated that it was told by BND, that the german service was just able to monitor some satellite communication:

In the NSA slides, this looks like that:

“Most RAMPART-A Third-party partners work the fiber projects
under the cover of an overt Comsat effort ”

So the satellite dishes of these sites are just for cover of their underground operations.

By the way, this is a file of sites and email adresses that are NOT monitored by JSA, the merger of NSA and BND:

The rest assumed to be under surveillance.

Also, this slide here contains a funny list of NSA IP adresses. You may consider to set your firewall appropriately:

Wael June 20, 2014 1:12 PM

@Nick P,

Isn’t self-censorship nice?

Yes! Sometimes I read posts that make me want to kick the poster’s ##$% and reply with a $#%^&. Problem is I am afraid the $%^$ Moderator will #$%^^ @#$%% my #$#$%^ and #%$^&&* ban me. Self-sensorship in that form is not effective, because as the moderator once said:

The word substitution really doesn’t make it any better. — Moderator, June 4, 2014 12:18 PM

Benni June 20, 2014 1:25 PM

“I too am concerned by the total lack of run these stories and others like them are getting in the US press. ”

Well, I think the problem here is that people in the US somehow still believe they are somewhat superior, or that their country has the best tech and the best hardware and so on.

But wake up. The world’s largest internet node is in germany. It is not in the US or the UK:

“Deutscher Commercial Internet Exchange (German Commercial Internet Exchange) (DE-CIX) is a carrier- and data center-neutral internet exchange point (IXP) situated in Frankfurt (Germany). It is the largest exchange point worldwide in terms of peak traffic with a maximum throughput of more than 3.4 terabit per second”

The british program tempora can not be as nearly as powerful as the german one., since the briths do not have a network node that is as large as de-cix.

british agents therefore can not access as many communication volumes as the german BND.

And it is this network de-cix, where BND is allowed by law to make a complete full take.

And this allows the germans to monitore communications of all these countries:

Consequently, it is a german secret service of whose tools the NSA says:

“In some ways these tools have features that outperform US sigint capabilities”.

The americans seem to think the NSA is evil, just because since its their own agency, and they therefore believe it to be the most scary one.

But it is a german agency which has the primary access to the world’s largest internet node. They only share this with the NSA by courtesy. And it is the german BND whose agents are reading communications of americans personally.

This here:

“Where NSA primarily relies on equipment for selection and analyst minimization for privacy protection, the BND relies on analysts to manually scan traffic for selection and then equipment to filter data for privacy protection. Full use of NSA DNI processing systems and analysts methodologies at JSA will be key to influencing the BND to allter their stratigic DNI processing approach”

Just makes clear how the NSA is worried about the privacy of their american citizens. The guys who, in NSA’s terms “collect” the communication, by “reading them personally”, they sit in germany, not in the US or the UK

Bruce Schneier June 20, 2014 2:28 PM

“s/Dagbladet/Dagbladet Information/ (that form seems to be used less often)”

Thank you. I corrected it this way, since it seems more explanatory to us foreigners and it’s what the Intercept used — so less confusing.

Bob S. June 20, 2014 7:05 PM

The degree of infiltration is mind boggling and staggering. The amount of data they collect is unimaginable. And, that’s one big weakness. No one person, or small cadre of managers can possibly make clear sense of it in general or in particular.

50 billion grains of sand on the beach all look alike after while. One beach looks like another.

Also, since they work is secrecy right hand does not know left, etc AND even if they did come up with valuable actionable data they might have to keep it secret, to keep other secrets.

Ultimately the degree of surveillance is mostly to dominate and control the innocent citizenry via fear mongering, constant threats and simply acting crazy.

We need bold new leadership to take them on. Politics and business as usual will not work. They have gone too far for that.

Benni June 20, 2014 8:19 PM

There was a recent hearing of professors for constitutional law by the comission of the german parliament that investigates the BND and NSA. The law professors insisted that making a full take of de-cix is illegal (this is a full take of every bit that goes through these international providers here: )

But the chairman of the comission then told the press that he wants an “open minded” investigation, which could even lead to “more rights and capabilities” of the german secret service BND.!139093/

At that point, I think what has happened here should be mentioned by the international press.

Or someone must sue them at the highest court.

In view of the Spiegel documents, it seems clear that the listening station in Bad Aibling was some kind of exchange. Germany gets access to the fornsat station Bad Aibling, and the NSA in exchange gets their copy of BND’s monitored de-cix. In the Spiegel book, “the nsa complex” you find that BND monitors international fibers since 1970.

In the spiegel articles, project “wharpdrive” is identified with a Rampart-A sub project, a codename for the monitoring of a large internet node (which I assume is de-cix, since we know that BND monitors it, according to the company itself. Also, the name wharpdrive makes sense for de-cix, since there is no faster and larger internet node in the world)

The NSA says in its spiegel slides that the germans have the leading role in project “wharpdrive” and that the NSA is just there for technical support:

The slides on wharpdrive also say that this project almost was cut by BND, due to lack of financial support, and that the partners were told nothing about this.

Apparently, someone in the germman government had questioned whether monitoring the largest internet node in the world is really an efficient measure against terrorism.

Unfortunately, the german politicians seem to be unable to stop the BND. And so project wharpdrive continues, among other things.

Recently BND wanted additional 300 mio euro. Now it got them.

Officially, the politicians who decided this went to the press and said they stopped the BND plans, giving it only 6 millions. But no, BND wanted this money over several years until 2020. For 2014, it has got exactly the sum that wanted.

And the 300 mio euros for later years are already planned in germany’s federal budget:

I guess that goes on until they get sued at germany’s highest court.

Jordan June 20, 2014 8:37 PM

I take issue with the way Der Spiegel has released these documents. For one, they distributed almost 200 pages at once. It would have been better to copy Glen Greenwald’s approach, releasing in-depth articles slowly so that the public can digest them. But more importantly, I disagree with Der Speigel’s choices about what to redact. I don’t see the public interest in the release of any of the following information:

  • IP addresses related to NSA programs in #34056 and #34064.
  • A list of domains JSA is not targeting in #34086.
  • Maps showing general locations of “Cryptologic Services Groups” and “FORNSAT collection operations” in #34094 and #34095.
  • Frequencies of “Emitters” related to “INTERQUAKE” in #34100.

I also think there are two cases where Der Spiegel released information accidentally:

  • Three peoples’ first names, titles, and last initials (but not last names) were published in #3411[6-9].
  • Only the faces (but not full images) of people mentioned in “Anchory Reports” were redacted in #34099.

In both cases these people can be identified using the information that’s left behind. If these identities were not OK to release, those names and images should have been completely removed. All in all I hope Der Spiegel will change their approach to releasing information.

Chris June 20, 2014 9:30 PM

Yes its littlebit disturbing that the US media coverage is not focused. I thought the day would never come when i start to read russian news! However it so happens that today is relevant and had a nice app too

Benni June 20, 2014 9:37 PM


1) Hello BND or NSA or GCHQ colleague:


Spiegel has a third article here where it explains why it is publishing this:

“- IP addresses related to NSA programs in #34056 and #34064.”

Certainly, we all want to put NSA IP’s into our blacklist. Since Spiegel previously revealed that NSA targets are innocent german companies and telcos, this is essential information for them to protect themselves:

“- Maps showing general locations of “Cryptologic Services Groups” and “FORNSAT collection operations” in #34094 and #34095.”

This is essential information. In germany, Spying from a foreign power is illegal according to § 99 STGB:

“Who ever performs an activity where he gives information or delivers things to a secret service of a foreign power, gets a prison sentence up to 5 years”

Spiegel has revealed here some locations from which german law is broken on german ground.

Furthermore, these locations were already known since they were made public by Süddeutsche long ago:

Hopefully, weekly protests and demonstrations will take place not only at the dagger complex, but also at the other sites on a regular basis.
In Darmstadt, there is the regular demonstation also this weekend at the Dagger Complex. So if you want to protest against NSA, come to this place:

“- Frequencies of “Emitters” related to “INTERQUAKE” in #34100.”

Certainly, not only german companies, but also the german government, who is attacked by NSA must defend itself. And this is usefull information for them. The german parliament and the german government, which is attacked by NSA’s Einstein system has a right to know which frequencies this thing emitts.

” All in all I hope Der Spiegel will change their approach to releasing information.”

Dear NSA, BND or GCHQ spy, you can cry all you want. Like Konrad Adenauer, who saw an Abyss of treason in the country. Der Spiegel is not some propaganda magazine for the NSA or the BND.


Spiegel explains why it has released a slide showing what they are not targeting:

You should also read the articles that were provided with the documents:

“Stemming from 2009, it includes a list of companies and organizations with domain endings such as .com, .net and .org that are explicitly to be removed from the surveillance efforts because they are German web addresses. Among them are and, but also such domains as and

The list includes addresses that appear to have fallen into the surveillance crosshairs and were only later revealed to be German.

This indicates that the filtering system the BND reportedly uses does not reliably prevent German targets with .com and .org domain names from being monitored, and that those names must be removed retroactively.”

That is why the magazine posted the slide what BND is not targeting: It shows that the system can not reliably prevent germans communication to get analyzed.

Flynn June 20, 2014 10:05 PM

A little quick to conclude the lack of US press is a “measure of the popular interest”, I think.

Hopefully we’ll at least consider the possibility that it might be a measure of something a smidge closer to self-censorship and – oh I don’t know – maybe the existence of an incestuous relationship between Washington and the US mainstream press – with the press serving as sycophantic government mouthpieces rather than exercising a healthy skepticism and reporting towards the greater public good?

…just spitballing it here.

Chris June 21, 2014 7:49 AM

Benni: Gone through the IP List for the UK part and there are 3 intresting notes havent looked into the US part yet.

-Hotspot Shield VPN Provider
-OpenVPN Technologies
-And that there is a listening post at Amsterdam Schiphol runned by GCHQ

I found those three the top intresting IP ranges sofar.


AdIsAProblem June 21, 2014 12:48 PM

@Flynn: “self-censorship and – oh I don’t know – maybe the existence of an incestuous relationship between Washington and the US mainstream press.

This is simpler: Microsoft and other companies have privately announced that they will stop putting advertisements in media that talk about this renewal. They did that for the alphabet soup agencies.

Don’t forget that when you happen to see an advertisement-less information media.

In an unrelated ad problem, you will only see scarce and minimized information about alcoholism in media that have advertisement about alcoholic beverages.

Skeptical June 21, 2014 4:27 PM

The Spiegel articles are interesting stories, although I agree with Jordan’s points.

Benni, do you know if the magazine contacts the German Government before publishing, so that it can make a more informed decision as to what to publish and what to withhold?

Some of those involved in the construction of their stories seem to have, in the past, pushed for more disclosure at first than was ultimately given in the final publication.

I’d add that some of the information contained in those stories should serve to further persuade anyone unconvinced that the Snowden material contains a significant amount of legitimately classified information (i.e. information revealing of no criminal activity that has proper justification for classification).

Re: Massie Amendment

The text of the amendment is here. Oddly some of the organizations advocating for it did not include a link to the text.

As written, the amendment would, among other things, prohibit the NSA and CIA from using funds to ask any entity to “alter” its product or service to enable “electronic surveillance” on any user.

The amendment specifically notes that “electronic surveillance” has the meaning given in 50 USC 1801(f), and carves out an exception for CALEA.

So the upshot:

Prohibited: CIA to Company X – “Can you adjust procedure z1 so that we can intentionally acquire radio communications sent to or from intentionally targeted US persons under circumstances that would ordinarily require a search warrant, in exchange for $$ ?”

Allowed: CIA to Company X – “Can you adjust procedure z1 so that we can intentionally acquire radio communications between two users? We’re specifically interested in acquiring communications between foreign users outside the US, but how you alter the product is up to you. In consideration for your help, we’ll give you $$.”

And entities other than CIA or NSA? No restrictions at all.

The amendment is mostly smoke, adding to a lack of clarity and to a need for government lawyers.

The specific types of surveillance in 1801(f) are those the use of which is already controlled by FISA. If the FISA limits are insufficient, then those limits should be altered. If they are sufficient, but more oversight is needed, then we should add more oversight.

But, as I illustrate above, this amendment has loopholes you could drive a haul truck through, and neither adds to those limits nor adds to oversight. It increases uncertainty in a way that’s bad for everyone.

However, all of this illustrates a point that I’ve made before: if you’re concerned about back doors, the limits on what the US Government can do within the United States are far greater than the limits on what it can do outside the United States. This amendment makes a nod in the direction of adding to those internal limits, but obviously is silent on limits outside the US.

All of which returns us to a point I’ve made before: unless you’re a very well connected insider in a foreign government, there is no security advantage to being outside the US or buying products made outside the US, and considerable advantage to being inside the US or buying/using products from a reputable company/entity within the US. Here, for instance, is the Tor Project on the possibility of a back door: Nobody has asked us to put one in, and we know some smart lawyers who say that it’s unlikely that anybody will try to make us add one in our jurisdiction (U.S.). If they do ask us, we will fight them, and (the lawyers say) probably win.

Nick P June 21, 2014 10:34 PM

@ Skeptical

“All of which returns us to a point I’ve made before: unless you’re a very well connected insider in a foreign government, there is no security advantage to being outside the US or buying products made outside the US, and considerable advantage to being inside the US or buying/using products from a reputable company/entity within the US.”

You haven’t substantiated that statement. The U.S. government has all kinds of secret orders, interpretations of law, etc. What they can actually do isn’t public knowledge. Unlike U.S. government, there are countries that don’t do a lot of that stuff and still have laws protecting businesses and I.P. Countries with freedoms, laws protecting business, courts with low corruption, and few secret laws/organizations. Shocking, ain’t it?

I’d put my money on those countries being safer than one with powerful TLA’s and programs like BULLRUN. That’s not to say such TLA’s can’t get to people outside their country. It’s just that the hosting country’s lack of interest in such nonsense is a nice starting point for reducing subversion risk.

Wesley Parish June 22, 2014 5:03 AM

I think the general rule of illegality and law in the United State’s international relations is, it is illegal if it can be used against the US. See President Abraham Lincoln’s “death-bed” accession to the Declaration of Paris concerning Privateers after first decrying it as an imposition upon the US’s sovereignty, when it became obvious the Confederates were gearing up to use privateers to do commerce raiding and the Union was not in any condition to do so.

Wesley Parish June 22, 2014 5:52 AM

Having read the book I pointed to, Francis R Stark’s The abolition of privateering and the declaration of Paris, I now stand corrected. The matter which prevented the United States from acceding to the Declaration of Paris was the treatment of private property.

Now we come to the question of whether or not my communications are my private property, to be shared only with the recipient, unless the intercepting authority can give a good strong reason why they should be intercepted. I think that is a no-brainer: to quote an Irishman of quite some antiquity, King Diarmait mac Cerbhiall, the High King of Ireland at the time of St Columba, “To every cow belongs its calf; to every book its copy“.

To me belong my thoughts and the expression thereof.

Now we have an interesting detail in the Privateering issue, quoting from Stark, pg 43:

Finally, in our treaty with Italy of 1871, we
find the following provision (Art. 12) :

” The high contracting parties agree that, in the unfortu-
nate event of a war between them, the private property of
their respective citizens and subjects, with the exception of
contraband of war, shall be exempt from capture or seizure,
on the high seas or elsewhere.”^

I would like to see the United States Congress attempt to argue that the interception of my private communications without warrant specifying place, time, cause, and such matters, and without declaration of war with its well-reasoned arguments setting out the whys and wherefores, is not the illegal seizure of my private property, besides being on the highly criminal side of DCMA legislation. If there’s any one congresscritter who can understand what I am talking about, that is.

Skeptical June 22, 2014 1:53 PM

@Nick P: You haven’t substantiated that statement. The U.S. government has all kinds of secret orders, interpretations of law, etc. What they can actually do isn’t public knowledge.

No. There is certainly a gray area in which we can be uncertain about how a court might interpret a given statute or answer a certain legal question. And to some extent legal questions in that gray area overlap legal questions that would be answered by a court confidentially.

But I must stress: that overlap is a very small, bounded domain. We can say with very high confidence that nothing in FISA would enable the government to, for example, force Intel to subvert hardware.

That transparency is why the Tor Project’s legal advisers can say with high confidence that they can’t be forced, and likely won’t even be asked, to install a back door.

And this is of course why the NSA has to go through the time-consuming, labor-intensive process of interdicting shipments and installing devices.

Unlike U.S. government, there are countries that don’t do a lot of that stuff and still have laws protecting businesses and I.P. Countries with freedoms, laws protecting business, courts with low corruption, and few secret laws/organizations. Shocking, ain’t it?

There are lots of countries with low corruption, good court systems, and good protection of civil liberties and IP. Will you be more secure from surveillance in any of them from a legal vantage? No.

I’d put my money on those countries being safer than one with powerful TLA’s and programs like BULLRUN. That’s not to say such TLA’s can’t get to people outside their country. It’s just that the hosting country’s lack of interest in such nonsense is a nice starting point for reducing subversion risk.

All of those nations have very powerful TLAs when it comes to national security. From a legal vantage, I’d even say that most countries have more extensive domestic surveillance powers than does the United States, at least on national security matters.

But let’s say that there is a nation that matches your description. If the US Government has an interest in conducting surveillance in that nation, then they can use every lever in existence to obtain it, and probably with fewer layers of bureaucratic approval mechanisms; inside the US, the levers are much more restricted in range and use.

@Wesley: Not sure the Confederate Navy was at top of Lincoln’s concerns, in any case. 🙂

Kin June 22, 2014 3:07 PM

Benni: Thank you for your efforts. However, you need to learn to reduce the total content you post at once. Simply put, Too Long; Didn’t Read.

Most of the people here are able to think critically and to process information. Your posts were far too long and dry, summarizing what we ourselves could read at the original sources. Whatever points you were trying to make were completely lost after about the first 20 paragraphs.

We appreciate what you are trying to achieve, but please consider that brevity is definitely the advantage. You can go into such depth on your own blog, but I found your posts to be too much for a comment discussion.

Czerno June 23, 2014 8:48 AM

Fill in the blank: the name of this blog is Schneier on (required): Steroids_ ???

moo June 23, 2014 10:00 AM

“It’s a measure of the popular interest in this issue…”

I think its more likely a measure of how deep in the government’s pocket all the major U.S. media outlets are.

Benni June 23, 2014 7:49 PM

Here are articles on the hard and software that BND uses or has used for its communications analysis

Apparently, BND has been sold hardware from Narus company by the NSA.

Then, there is a speech analyser from Siemens. And this is funally used together with a database that BND has stolen from a german company that successfully sued the agency because of this.

Benni June 23, 2014 9:20 PM

the developer of this small german database company which the BND stole has a funny security blog. Sad however, that this is only in german

Apparently, the BND not only tried to simply stole her software, but they also tried to deliberately ruin her company. And then BND tried to sell this stolen software to europol, an european version of interpol.

And not only that. BND even was involved on one of the larger economic crime cases in history. The same agent that betrayed this little german database company also wanted to steal the language technology of learnout and hauspy

The blogpostings from her on her case are fascinating, and in view of the NSA affair probably deserve more attention.

She says that the BND intervention almost had destroyed her company, and that BND made it impossible for her to sell her software to europol.

However, she seems well ddoing now. She had her software patents, and now she was able to sell her software to the police departments of some german regions.

She says that if the BND is still using her software, then it does that illegaly, since BND never was given the rights to use it.

Benni June 23, 2014 10:43 PM

No, not only could she not sell her software to europol.

Europol did not get a good software because of the german secret service BND….

Having read the material now, I can summarize that the BMD did the following:

He sent an agent to spy on a successfull database company which had contracts with governments and some police departments.

The agent first came into contact with the victim under the legend that BND wanted to hire the victim company for contracting work.

But then, the agent started to create an own firm, hiring the employees of the victim’s company. And BND did not pay the money for the contracting work.

Thereby, BND wanted to ruin the victims company, in order to get the necessary software patents. At the same time, the agent influenced europol to sign contracts with his company, that were originaly prepared for the company of the victim.

But then it came, that the victim sued the BND agent.
She had some evidence that the BND began to sell her intellectual property to europol. Furthermore, the agent presented fake contracts about the responsibilities with the company of the victim.

The agent finally got his sentence as a fraudster. After the german police even searched through his office at the BND headquater in Pullach. (This was the only time in the history of germany where the police searched through the german secret service)

But there was the project of selling an integrated software database system to europol…

Well, europol had signed its contracts with the BND agent’s company, who now was convicted as a fraudster.

And therefore, the europol software project simply died.

That is why europol has no good database software. Because of the german secret service BND……

If someone wants a proof that secret services weaken the security all of us, then this is it.

pfsm June 23, 2014 11:07 PM

It is not so much that people in the US don’t care about this issue, it is that the lefty press doesn’t print stories about news that doesn’t fit its narrative.

Nick P June 24, 2014 12:05 AM

@ Benni

So, I read what you posted. Then, I remember a debate here years ago with Frank Rieger of Cryptophone where I laughed at his claim that their internal tests would ensure supply chain integrity. I told him it meant nothing as we still had to trust his company not to subvert the design on behalf of intelligence services. Seeing how BND does things, I’m more confident than ever in my previous belief that Cryptophone was compromised at least to them. It’s certainly a base assumption of mine that a hosting country is a threat and might compromise a company via LEO’s/TLA’s. Yet, it seems that BND can be about as aggressive as NSA against a particular company if they see an opportunity. So, that makes them even more a threat than an arbitrary country and intelligence service.

And so, like Five Eyes, Germany is quite a worry to me for privacy technology if BND is potentially in the threat model. There are quite a few German people I might trust, but I can’t trust Germany the country for non-subverted tech thanks to BND. What do you think of this?

Benni June 24, 2014 2:37 AM

One may ask as why BND tried to ruin this database company.

But well, this company was almost there to get a contract in supplying the systems for europol.

By what the BND did here, he succeded in stealing their sourcecode, and then BND almost succeded in replacing this company as a supplier of europol.

I guess that since europol is a police organization, it does not immediately share its data with all secret services out there. So if the BND would have turned out to become the software supplier of europol, by backdooring the software, BND would have a very easy way to spy on terrorism suspects. Or they would have been able to insert some fake data, in order to create travel complications for someone…. and so on. I guess they figured that they could not get their spying agreement with the developer of the polygon database. So they tried to replace them….

But the actions of this very same agent Stephan Bodenkamp, not only had some consequences for a small german database company.

No, Bodenkamp was involved in international affairs.

But I think I should give more specifications on the technological that are in this german article:

Long ago, Siemens created a technology called metal, (Machine evaluation and translation of natural language). It was an early sort of a sophisticated language software that could understand entire sentences and translate texts.

After Siemens sold the metal language technology, someone bought the rights for the technology and then the a company was founded whose head was a friend of Bodenkamp. Bodenkamp himself acted as a director for machine translation and artificial intelligence at the “authority for foreign questions” a BND institute.

and here comes this database polygon into play. Metal can do language analysis. It can recognize person names, car numbers, or locations and dates, or phone numbers.

And the database polygon is able to save these things together with its meaning. polygon gets after an analysis by metal the subjects and the objects of a sentence, and polygon can relate these with each other. Finally, metal delivers the attribute, and you have the meaning of the sentence.

Furthermore, Polygon is able to deliver describing attributes to objects and relations. With that, the information of a sentence can be put in a database, which can be searched.

This solution is not only interesting for police officers, but for anyone who has to do with large amounts of text.

For europol, the database company that invented polygon should work together with the company responsible for metal in order to create a software for police work.

I have described above what Bodenkamp did with polygon. He created his own company, bought the polygon workers, stole the sourcecode and he influenced europol to sign the final contract with his company alone.

His error was that he also tried to fake the contract that polygon had for the work that they had already done together with the metal company. Bodenkamp showed them a faked contract that would have forbidden polygon to further develop their code and sell it to others. And that was his final mistake. Also that the Bodenkamp company was listed as a contractor of the european union helped polygon to go to court, but the developers were quick enough to delete the stolen code.

But as I said above, Bodenkamp was not only involved in almost ruining some small german company.

The company that developed the metal technology was soon swallowed by the belgish company learnout and hauspie which also invested in language software.

Bodenkamp, his real name is Christoph Klonowski, then created several dozens companies, which he called “language developent company” for separate languages like Farsi Development Company, Slavic Development Company and similar ones for Urdu, Bahassa etc..

These ccompanies then all signed contracts from learnout and hauspie and their translation ans speech software. Their task was to create dictionaries, that the language software could implement a “speech to text”, “text to speech” and a translator function for many arabian, african and asian languages.

Soon learnout and hauspie was valuable enough to swallow the american language companys Dictaphone and Dragon….

And that was not of the NSA’s liking….

Soon journalists noted that the shareholdervalue of learnout and hauspie was an invention, or made up.

Learnout and houspie booked the license income from eleven startups in belgia, 19 startups in singapore as 3-8 billion dollar income.

Four of the startups noted that they had in july 2000 an income from just 1,5 million dollar. the farsi and turkish startups from bodenkamp just note an income of three million dollar.

In the summer 2000, the managers of learnout and hauspie had a crysis meeting. They met at Capri, since Jo Learnout spent his holiday there. Participants were four topmanagers: the two founders, Jo Lernout and Paul Hauspie, the chairman Nico Willaert, and the BND agent “Stephan Bodenkamp” who at the same time was busy to ruin the german database company “polygon”.

During the meeting, Stephan Bodenkamp told is conversation partners that they have not done sufficient lobby work, and that they did not devote sufficient energy to nurture their contacts in america….

The question is why in the world a BND agent runs to a crysis meeting of learnout
and hauspie in order to advise the management?…..

At the end learnout and hauspie went bancrupt.

With that 6.000 employees had to be fired….

And the BND has lost its attempt to take control over the american market of language software…..

Interesting is the answer of the BND boss to polygon at the time where his agent was convicted by a court for faking contracts.

“BND does not see that any one of its agents has done anything wrong”.

This story may be old. the german press reported it in the year 2001.

But it gives some hint on how the BND bulk surveillance software works.

BND managed to get his hands on the language software metal originally developed by siemens. Together with learnout and hauspie, BND developed extensions for arabic and asian languages.
Then BND stole the sourcecode of the intelligent database system polygon that can, in connection with metal, find the meaning of a sentence. And that is put into a database.

And finally, we have the hardware of the american company narus, that does the surveillance….

And all that is then used for automated bulk surveillance of the world’s largest internet node de-cix.

But of course, BND works failure tolerant. That means german agents can not rely only on some imprecise automata.

Which means that they still have to use agents to read and hear many calls.

recently, the BND issued press releases, saying that it finds out if some communication is not of interest to it by “manually adjusting its automated programs” which means they find out whether something is NOT of interest by agents who actually read the communication.

One could think that this is just a lie in order to cover that they use the technology which they stole from polygon.

But fortunately we now have the snowden files, showing the NSA to be worried about privacy since so many BND agents are there listening and reading the communication.

But perhaps all these BND agents are not actually reading the raw form of the communications after all.

It can be the BND agents are just reading the german translations of the communications that come from metal and polygon, which are then stored in BND’s database….

Benni June 24, 2014 4:47 AM

Some people bring money to switzerland in order to hide it from the government and not to pay taxes….

And well, if you work in some bank in switzerland, and if you are pedophile, that not good. But perhaps you do not even need to be paedophile for BND to catch you.

the german secret service will likely have notified your surfing behavior anyway. And if you want to meet woman, than the agents are perhaps similarly thankfull.

BND agents start their usual blackmail operation as follows (I’m just translating the article):

“with help of professionals from the red light district, BND had set up a trap. A hotel suite was rigged full of cameras. After showing the photos to the banker, he soon was cooperative and agreed to give more data on german tax evaders”

The article

also describes funny things about BND agents helping Gaddafis police, getting jailed in Kosovo, monitoring all emails of an international health care provider in afthanistan, sexual abuse by BND agents,

and another small german company that was ruined by the german secret service:

A company that sells gps devices for divers, ships and mines was asked by BND whether it would not want to work for the service. It refused.

Soon officers from the border guards visited the company. They issued a search warrant just at the day where the company had guests from Pakistan. the border guards took all the files of the company, and interrogated the business partners from pakistan. They cancelled the deal later, the company got no money and went bancrupt.

This here is the famous plutonium affair, where BND staged a smuggel of weapons grade plutonium from russia to munich with a regular flight

this here is the famous BND agent curveball, who invented a story about weapons of mass destruction in iraq, which then was sold to the NSA:

Of course BND supported the US invasion in iraq by own agents on the ground who sent the coordinates for bombing and droning first to pullach and then to langley via an encrypted satellite phone:

In the war against serbia, it was similar. Spiegel revealed a so called Hufeisen plan. This was a story made up by the BND about fictious planed attrocities and war crimes by the milosevic regime:

First the german government denied the existence of the hufeisen plan. Then they admitted the spiegel report was true:

and now we had these guys in eastern ukraine,

who told the separatists that “they are just tourists who just want to see some sights” and had ammunition and explosives in their bus:

government admitted they were “advised” by BND. They actually gave the ukrainian military the final reason for their weaponized attack…..

name,withheld.for.obvious.reasons June 25, 2014 8:59 AM

Why has no one built a robo-calling app (one that doesn’t serialze the caller, connects to to a hot-list database to insure a selector gets triggered) that builds a huge many-to-many mapping that renders the data useless?

The database could have known crime boss numbers (and the pizza parlors to insure a two hop continuum), drug dealers, cigarette street sellers, arms dealers, nuclear power plants and storage facilities, and the real curmudgeons; the executive, congress, IC committee members, bankers, government military contractors, and the associated press–well, maybe fox noise instead. The app would stale out numbers overtime and have a pseudo random “selector feature” with a voice or text messaging system that says something to the effect “Mohammad, did you receive to the instructions forto make encrypted the weapons purchase agreement payments from military contractor belonging to San Diego…we must ensure Alla gives not our WMD plans becoming discovered!”

Don’t want it to be too polished–that way it seems more legit.

Benni June 25, 2014 4:20 PM

@Nick P:
“Yet, it seems that BND can be about as aggressive as NSA against a particular company if they see an opportunity. There are quite a few German people I might trust, but I can’t trust Germany the country for non-subverted tech thanks to BND. What do you think of this?”

Well, seriously, I do not know. BND has started three wars by coming up with some agents who told fictious, made up stories that gave the final reason to start the attack. I do not know of any authority in germany that is as aggressive as is the german secret service BND. The source “curveball” was paid by BND for his lies. When american agents wanted to interrogate him before the Iraq war, BND refused to let the americans talk to the source. The german agents said they did this because of “protection” of their source, but since it is now clear that they gave him the money for his lies, it is probably because they felt that his lies would be exposed.

And by the way:

It now comes out that the german parliament gets its internet from verizon, the first company that was revealed to hand over its communication data to NSA: .

Furthermore there is the news that for some years, BND gave “massive amounts of data” from phone communications of a large german telephone network node in Frankfurt to the NSA

It was previously known that BND gives its data from internet communications to the NSA, where they monitor the largest internet node in the world, de-cix .

Therefore, it is no surprise that they are sharing german phone data too. Also, it is not quite surprising is that originally, NSA wanted raw access to the german phone data.

The interesting thing is that BND apparently did not mention its sharing of phone data to the parlamentarian control comission that should control the german agency.

Benni June 26, 2014 9:42 AM

de-cix is behaving strange.

Now it has issued a press release:

“WE exclude that some foreign or domestic secret service had an access to the internet node operated by us and to the associated fibers during the years 2004-2007”

The thing is that de-cix has answered questions from spiegel before, which were much more cautious:

“the ones that have access at de-cix is the german secret service BND and other german authorities. According to g10 law, every telecommunication provider is forced to give acess to the secret service. They also have to grant access to surveillance measures of the police after court orders”

On, de-cix gets more precise:

Klaus Landefeld from the De-Cix-operating company Eco told “How should de-cix and eco react if such numbers get published. There is no official version for this. We are forced to do an egg dance” Officially, the network operators are not allowed to talk about the surveillance measures.

Nick P June 26, 2014 10:40 AM

@ Benni

I see. The only critique I have is your claim that BND started the wars with their misinformation. I’m almost certain it didn’t play out that way. The U.S. government and military thrive on wars. They made up excuses to hit a ridiculous number of countries, including Iraq twice before 9/11. The later wars are easily explained by similar imperialist policy.

This rather enlightening document comes from a think tank that had members like Zakheim and Wolfowitz. It was written in mid to late 1990’s. Their plan was to massively increase military spending, dominate space/cyberspace, and leverage our military as an international police force of sorts. They specifically mention countries like Iraq as problem areas. They also say their plans won’t happen quickly unless a catalyzing event like “a new Pearl Harbor” happens. During 9/11, these people were in power and they leveraged the disaster to get rapid adoption of their plans/policies. Predictably, they hit Afghanistan and Iraq very fast.

Side note: Interestingly enough, the 9/11 Commission determined it was a powerful group in Saudia Arabia that funded the attacks. The attackers and leader were Saudi, too. So, our President declared a “war” on these terrorists, smashed Iraq/Afghanistan, and continued walking hand-in-hand with Saudi royalty. Makes sense. Moving on.

So, given the regime’s plans, war in the Middle East was inevitable. They’d do it just for their policy of policing the world. My theory on the BND angle is (a) they just used it as an excuse for their own plans or (b) BND had similar plans and was just doing their part in a partnership. With option B, I’m not saying Germany is imperialistic. I am saying things like a huge export market make them capitalistic enough to support military actions ensuring safety of the cash flow and markets. That’s the main reason for most American military actions. So, I consider joint schemes between US and European governments a definite possibility. The Five Eyes agreements show how easily that might happen.

Benni June 27, 2014 10:04 AM

“(b) BND had similar plans and was just doing their part in a partnership. With option B, I’m not saying Germany is imperialistic. I am saying things like a huge export market make them capitalistic enough to support military actions ensuring safety of the cash flow and markets. That’s the main reason for most American military actions.”

Yeah, perhaps in Iraq, its massive debts to germany were the reason for BND involvement:

Iraq had depts of 4.4 billion dollar to the german government and 1,4 billion dollar to the german construction industry. And well, a government that was sanctioned and therefore forbidden to export oil could not repay these debts. So BND hat to help by creating some made up reason to start the iraq war.

At the end this did not pay off, since the US put pressure on berlin to release Iraq out of much of its debts. But well, that is typical for BND operations. They either fail and end up in the press, or they do not fail and somehow end up in the press nevertheless.

Nick P June 27, 2014 11:58 AM

@ Benni

Far as I’m concerned, your recent post explains the whole thing. That their espionage is economic and unconcerned with “blowback” is believable. It’s also been a problem with covert agencies in U.S. going a long way back. I’d like to see some semi-insiders do a study sometime estimating how much U.S. covert operations failures have cost us overtime. They don’t have to give the specifics: just a number. I also wonder if the number puts us in the black or the red. It really could go either way.

Benni June 27, 2014 6:22 PM

BND certainly has economic interests.

For example, Spiegel notes here how Bodenkamp tried to get money from europol:

Only for “testing sessions” with the stolen software at europol, Bodenkamp wanted a payment of 746 000 euros.

And learnout and hauspie, this wasnt just 6000 employees.

At its peak, Lernout & Hauspie had a market capitalization of almost US$ 10 billion

With its numerous “language development companies”, BND was largely responsible for the real income of learnout and hauspie.

From the viewpoint of BND, overhyping learnout and hauspie at the stock exchange was necessary in order to swallow dictaphone and dragon for getting their sourcecode and technologies. But then there is also the question whether BND profited somehow from the massive shareholder money that learnout and hauspie acquired at the stock exchange.

It can well be BND does have an unknown and secret “black budget” from illegal participations in the economy….

Andrew_K January 16, 2015 2:08 AM

@ Benni

There may be more than one reason for scientists to cooperate with black hats.

One of the most convincing reasons to me is the massive competition among scientists in terms of funding. I recently had an interesting discussion with someone working in German science. The inside scoop: Universities have more interest in funding than in science. Yes there are scientists refusing military or intelligence cooperation for moral reasons — but moral won’t pay new equipment. Cooperation however does.
Long story short — many scientists nowerdays have becme whores for those who can afford them.

And then there is of couse coercion. How many scientists will have both the guts and the life experience necessary to handle two BND agents visiting their office and wanting to talk about their research? Keep calm when they start asking questions about conference journeys and whom they met? Finally there is a point where it comes to whether cooperation isn’t easier than having to deal with a police search caused by the suspicon of collaboration with a foreign intelligence? Or being part of a child porn network? Consider such a situation, consider it carefully.

Regarding the earlier discussed topic regarding Der Spiegel’s policy on publication, I can see Jordan’s point and I think you should at least consider his (or her) arguments to be valid, regardless of his (or her) occupation.
Is showing involved person’s pictures (or personal details at all) essential for the story or is it just razzle-dazzle? Did the image really contribute to the story? Or is it just journalists comparing their testicle size like clichee male teenagers?

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.