NSA Helps Saudi Arabia Regime, Ignores Brutal Human Rights Abuses & SIGINT Executive Order 12333
The National Security Agency last year significantly expanded its cooperative relationship with the Saudi Ministry of Interior, one of the world’s most repressive and abusive government agencies. An April 2013 top secret memo provided by NSA whistleblower Edward Snowden details the agency’s plans “to provide direct analytic and technical support” to the Saudis on “internal security” matters.
The Saudi Ministry of Interior—referred to in the document as MOI— has been condemned for years as one of the most brutal human rights violators in the world. In 2013, the U.S. State Department reported that “Ministry of Interior officials sometimes subjected prisoners and detainees to torture and other physical abuse,” specifically mentioning a 2011 episode in which MOI agents allegedly “poured an antiseptic cleaning liquid down [the] throat” of one human rights activist. The report also notes the MOI’s use of invasive surveillance targeted at political and religious dissidents.
But as the State Department publicly catalogued those very abuses, the NSA worked to provide increased surveillance assistance to the ministry that perpetrated them. The move is part of the Obama Administration’s increasingly close ties with the Saudi regime; beyond the new cooperation with the MOI, the memo describes “a period of rejuvenation” for the NSA’s relationship with the Saudi Ministry of Defense.
In general, U.S. support for the Saudi regime is long-standing. One secret 2007 NSA memo lists Saudi Arabia as one of four countries where the U.S. “has [an] interest in regime continuity.”
But from the end of the 1991 Gulf War until recently, the memo says, the NSA had a “very limited” relationship with the Saudi kingdom. In December 2012, the U.S. director of national intelligence, James Clapper, authorized the agency to expand its “third party” relationship with Saudi Arabia to include the sharing of signals intelligence, or “SIGINT,” capability with the MOD’s Technical Affairs Directorate (TAD).
“With the approval of the Third Party SIGINT relationship,” the memo reports, the NSA “intends to provide direct analytic and technical support to TAD.” The goal is “to facilitate the Saudi government’s ability to utilize SIGINT to locate and track individuals of mutual interest within Saudi Arabia.”
Even before this new initiative in 2012, the CIA and other American intelligence agencies had been working with the Saudi regime to bolster “internal security” and track alleged terrorists. According to the memo, the NSA began collaborating with the MOD in 2011 on a “sensitive access initiative… focused on internal security and terrorist activity on the Arabian Peninsula”; that partnership was conducted “under the auspices of CIA’s relationship with the MOI’s Mabahith (General Directorate for Investigations, equivalent to FBI).”
The NSA’s formal “Third Party” relationship with the Saudis involves arming the MOI with highly advanced surveillance technology. The NSA “provides technical advice on SIGINT topics such as data exploitation and target development to TAD,” the memo says, “as well as a sensitive source collection capability.”
The Saudi Ministry of Defense also relies on the NSA for help with “signals analysis equipment upgrades, decryption capabilities and advanced training on a wide range of topics.” The document states that while the NSA “is able to respond to many of those requests, some must be denied due to the fact that they place sensitive SIGINT equities at risk.”
Over the past year, the Saudi government has escalated its crackdown on activists, dissidents, and critics of the government. Earlier this month, Saudi human rights lawyer and activist Waleed Abu al-Khair was sentenced to 15 years in prison by a so-called “terrorist court” on charges of undermining the state and insulting the judiciary. In May, a liberal blogger, Raif Badawi, was sentenced to 10 years in prison and 1,000 lashes; in June, human rights activist Mukhlif Shammari was sentenced to five years in prison for writing about the mistreatment of Saudi women.
At the time of the al-Khair sentencing, State Department spokesperson Jen Psaki issued a statement saying, “We urge the Saudi government to respect international human rights norms, a point we make to them regularly.”
Asked if the U.S. takes human rights records into account before collaborating with foreign security agencies, a spokesman for the office of the director of national intelligence told The Intercept: “Yes. We cannot comment on specific intelligence matters but, as a general principle, human rights considerations inform our decisions on intelligence sharing with foreign governments.”
SIGINT Executive Order 12333
An independent privacy watchdog agency announced Wednesday that it will turn its focus to the largest and most complex of U.S. electronic surveillance regimes: signals intelligence collection under Executive Order 12333.
That highly technical name masks a constellation of complex surveillance activities carried out for foreign intelligence purposes by the National Security Agency under executive authority. But unlike two other major NSA collection programs that have been in the news lately, EO 12333 surveillance is conducted without court oversight and with comparatively little Congressional review.
The Privacy and Civil Liberties Oversight Board, an independent executive branch agency, over the last year has taken in-depth looks at the other two NSA programs. It concluded the bulk collection of Americans’ phone call metadata under Section 215 of the Patriot Act was illegal and raised constitutional concerns. By contrast, it found the gathering of call and email content under Section 702 of the Foreign Intelligence Surveillance Act to be lawful, though certain elements pushed “close to the line” of being unconstitutional.
Now the board is planning to delve into EO 12333 collection, among other topics. It is not clear, however, how deep or broad its examination will be.
“It’s obviously a complex thing to look at 12333,” but “it’s something we’ll likely be delving into,” said a member of the Privacy and Civil Liberties Oversight Board who requested anonymity in order to speak freely. The board has highlighted 12333 issues in the past. For example, each agency is supposed to have guidelines to carry out the executive order, but some guidelines are three decades old. The board has encouraged the guidelines be updated, the source said.
Collection outside the United States has attained new relevance given media reports in the last year about broad NSA surveillance based on documents leaked to journalists by former agency contractor Edward Snowden.
“Americans should be even more concerned about the collection and storage of their communications under Executive Order 12333 than under Section 215,” said a former State Department official, John Napier Tye, in an op-ed published Sunday in The Washington Post.
Issued in 1981 by President Ronald Reagan, EO 12333 laid out the roles and powers of the various intelligence agencies. It specified that the NSA had control of signals intelligence collection for foreign intelligence and counterintelligence purposes. But the nature and scope of the collection activities have not been clarified for the public.
Unlike surveillance inside the United States or which targets U.S. citizens and legal residents, collection under 12333 does not require a warrant.
Once upon a time, you could be fairly certain that overseas collection would pick up only foreigners’ phone calls, and that Americans’ communications would stay inside the United States. But today, emails, calls and other communications cross U.S. borders and are often stored beyond them. Companies like Google and Yahoo have “mirror” servers around the world that hold customers’ data.
That means Americans’ data are often stored both in the United States and abroad simultaneously, subject to two different legal and oversight regimes. Surveillance on U.S. soil requires court permission and an individual warrant for each target. Surveillance abroad requires a warrant for U.S. persons, but if collection is coming from a data center overseas, large volumes of Americans’ communications may be picked up as “incidental” to collection on a foreign target.
“So a lot of ordinary data crosses borders, including domestic communications between Americans,” said Edward W. Felten, a computer science professor at Princeton University.
Or as former NSA Deputy Director John C. Inglis has said of the falling away of borders in cyberspace: “There is not an away game. There is not a home game. There is only one game.”
With the merging of the home and away games, the question arises as to whether a legal regime that bases privacy protections and oversight largely on geography is sufficient, analysts say.
The Post reported last fall, for example, that NSA was collecting 500,000 e-mail account “address books” a day outside the United States from companies such as Yahoo and Google. According to documents obtained from Snowden, the agency was collecting the data through secret arrangements with foreign telecommunications companies or allied intelligence services in control of facilities that direct traffic along the Internet’s main data routes.
Although the collection takes place overseas, two senior U.S. intelligence officials acknowledged that it “incidentally” sweeps in the contacts of many Americans, the article said. The Post also reported that the agency in conjunction with Britain’s GCHQ, was collecting data traveling between Google and Yahoo data centers overseas. In Google’s case, that was up to 6 million records a day, according to a slide obtained from Snowden. The firms have since said they are encrypting the data moving between their data centers.
EO 12333 collection is not available everywhere in the world, former U.S. officials said. It is not as precise as collection from a U.S. carrier in the United States, which can filter out unwanted communications. Under 12333, the agency is “collector and processor,” said one former U.S. official, who spoke on condition of anonymity to discuss a sensitive topic. “Things go by and you now have to figure out which things are of interest to you.” And those things are “incredibly fractured and packetized.”
Tye said before he left the State Department, he filed a complaint with its inspector general, as well as the NSA inspector general, alleging that 12333 collection through its “incidental collection” of Americans’ data, violated the Fourth Amendment’s bar on unreasonable searches and seizures.
“Basically 12333 is a legal loophole,” said Tye, who is now legal director at Avaaz, a civil society group working on regional and national issues ranging from corruption and poverty to conflict and climate change. “It allows the NSA to collect all kinds of communications by Americans that the NSA would not be able to collect inside the borders” without a warrant.
Inglis said Tye’s description of 12333 as a loophole is “simply wrong, in both fact and spirit.” Said Inglis: “There are no ‘rules free’ zones at NSA and the responsibility to ensure the privacy rights of U.S. persons conveys across all facets of the signals intelligence cycle, from collection to dissemination.”
Jennifer Granick, Director of Civil Liberties at the Stanford Center for Internet and Society, said 12333 allows “bulk collection” of data or the ingestion of massive amounts of data without a filter for a target’s e-mail address or phone number, for instance.
“Both collection and use are far less regulated” than collection inside the United States, she said. “We don’t know how or how much information is collected, used, analyzed or shared.”
At the same time, she said, “while 12333 greatly affects Americans and regular people from all over the world, the public and Congress are basically in the dark about what the NSA is doing.”
NSA Spokeswoman Vanee Vines said that “whether NSA’s activities are conducted under EO 12333 or the Foreign Intelligence Surveillance Act [which governs domestic surveillance], NSA applies attorney general-approved processes to protect the privacy of U.S. persons in the collection, retention and use of foreign intelligence.”
She added that President Obama issued additional guidance in January under Presidential Policy Directive 28, which provides that such activities “shall be as tailored as feasible.”
The directive specified that “appropriate safeguards be applied to protect the personal information of all individuals, regardless of nationality.”
A fundamental unresolved question is this: At what point should these privacy safeguards kick in? At the point the data are swept in by the intelligence agency or when they are plucked out for analysis and sharing with other agencies?
Currently, they apply once the data are processed, former officials said.
The privacy protections governing 12333 collection are in US Signals Intelligence Directive 18. That NSA policy document, for instance, states that communications to, from or about U.S. persons collected under the authority may be retained for five years, unless the NSA director determines a longer period is required.
It also states that they may be kept for a “period sufficient” if they are reasonably believed to become relevant to a current or future foreign intelligence requirement. Or if the information provides evidence of a crime, in which case it may be shared with the relevasnt agency.
Such qualifications, privacy advocates have said, amount to “loopholes” that enable the retention of large amounts of U.S. persons’ data.
One thing is clear: examining overseas collection under 12333 “is a massive undertaking,” the board source said. But “it is something we have to look at.”
Sources: https://firstlook.org/theintercept/2014/07/25/nsas-new-partner-spying-saudi-arabias-brutal-state-police/ , http://www.washingtonpost.com/blogs/the-switch/wp/2014/07/23/privacy-watchdogs-next-target-the-least-known-but-biggest-aspect-of-nsa-surveillance/