Glenn Greenwald and Ryan Gallagher published a triple-shot of revelations from Edward Snowden’s stolen National Security Agency files yesterday, titled “Snowden Documents Reveal Covert Surveillance and Pressure Tactics Aimed at WikiLeaks and Its Supporters,” and as we’ve come to expect, the claims in the article are scattered and utterly misleading, while contravening details are predictably buried.
The first of the three revelations packed into this article details how NSA’s British counterpart, the Government Communications Headquarters (GCHQ), possibly uses (or tested or proposed) an operation codenamed ANTICRISIS GIRL. (Incidentally, “Anti-Crisis Girl” is also the name of a compilation album by a Ukrainian pop singer named Svetlana Loboda. Someone at GCHQ is familiar with Ukrainian pop music, evidently.)
Anyway, ANTICRISIS GIRL is only vaguely explained in two PowerPoint slides obtained by Snowden which suggest (we don’t know for certain, though Greenwald and Gallagher report it as a certainty) that the GCHQ’s Global Telecoms Exploitation (GTE) unit used intelligence gathered from underwater fiber optic cables to analyze Wikileaks’ web traffic using a free open-source analytics app called Piwik.
There are major problems with this one.
–In several places throughout the article, including the headline, Greenwald and Gallagher explicitly state that GCHQ spied on Wikileaks “supporters” and the like.
Snowden Documents Reveal Covert Surveillance and Pressure Tactics Aimed at WikiLeaks and Its Supporters
One classified document from Government Communications Headquarters, Britain’s top spy agency, shows that GCHQ used its surveillance system to secretly monitor visitors to a WikiLeaks site.
But they don’t know this for sure regarding this specific operation, since it’s unclear whether ANTICRISIS GIRL was an actual operation, a pilot program or whether the slides were mock-ups. If we scroll all the way down to paragraph 20, we find this:
It is unclear from the PowerPoint presentation whether GCHQ monitored the WikiLeaks site as part of a pilot program designed to demonstrate its capability, using only a small set of covertly collected data, or whether the agency continues to actively deploy its surveillance system to monitor visitors to WikiLeaks.
And The Intercept‘s technical editor, Micah Lee, seemed to confirm this on Twitter.
— Micah Lee (@micahflee) February 18, 2014
What exactly is an “example use-case?”
— Micah Lee (@micahflee) February 18, 2014
Don’t know for sure? Then why was it published?
Lee also told Charles Johnson from Little Green Footballs that an IP address is just as identifiable as a “photo” or a “DL [driver’s license] number.” I’m not an IT expert, but even I know that’s untrue. This is The Intercept‘s technical editor.
–Even if ANTICRISIS GIRL was actually deployed, the way it’s described in the article is simply incorrect. For example, Greenwald and Gallagher write that GCHQ used the IP addresses gathered by the Piwik app to specifically identify users who visited Wikileaks.
The IP addresses collected by GCHQ are used to identify individual computers that connect to the Internet, and can be traced back to specific people if the IP address has not been masked using an anonymity service.
IP addresses can’t identify “individual computers.” IP addresses identify computer networks. MAC addresses, on the other hand, identify computers. Furthermore, there’s no reliable way to trace an IP address to a “specific” person or to learn the name of that person without a court order demanding that an internet service provider hand over the name of the targeted internet subscriber. And what if the user was logged onto Wifi at a Starbucks or any number of other places with similar access? When I asked Ryan Gallagher via Twitter how obtaining an identity via the IP address is even possible, he appeared to clarify that ANTICRISIS GIRL isn’t necessarily gathering identities, but that the agency merely has the capability to do it.
— Ryan Gallagher (@rj_gallagher) February 18, 2014
Again, if you don’t know whether something’s happened, then don’t publish it at all, much less publish it using language to describe the thing as if it’s actually happened. Obviously, one of the journalism rules that Greenwald has decided to ignore is: “When in doubt, leave it out.” A responsible journalist with an even more responsible editor never would’ve published this information. But this is The Intercept, after all, where Greenwald, free of constraints, can ignore any rules that prevent him from pursuing his agenda.
–The article claimed that ANTICRISIS GIRL gathered IP addresses and other data from “hundreds of users from around the world.”
The agency logged data showing hundreds of users from around the world, including the United States, as they were visiting a WikiLeaks site – contradicting claims by American officials that a deal between the U.K. and the U.S. prevents each country from spying on the other’s citizens.
In fact, the slide only shows 73 visitors to the Wikileaks site over the span of 24 hours, which, by the way, seems awfully low considering the notoriety of the “official wikileaks.org domain.” So it’s not even a hundred visitors, much less hundreds — and from just three nations, by the way: the U.S., Ivory Coast and the United Arab Emirates. Again, it could be that the Piwik slide was a mock-up or possibly a sample test using bogus data, but there’s no way of knowing for sure. And The Intercept clearly doesn’t know exactly what it published. It’s also worth mentioning that these slides ostensibly had accompanying narration that’s obviously not included, so we’re only seeing half of the information. Who knows what the presenter said? [UPDATE: A reader noted that a graph on the upper left corner of slide 34 appears to show additional views over the span of a several weeks, but the date range of this slide is still just one day and 73 visits. Accordingly, we’ll revise this to “half true” instead of outright false. It remains quite suspicious that the official Wikileaks domain received so few hits, from so few nations. Indeed, according to SEMrush, Wikileaks actually received more than 700,000 views in February, 2012 alone or around 25,000 views per day.]
–This was a peculiar couple of sentences:
If WikiLeaks or other news organizations were receiving submissions from sources through a public dropbox on their website, a system like ANTICRISIS GIRL could potentially be used to help track them down. (WikiLeaks has not operated a public dropbox since 2010, when it shut down its system in part due to security concerns over surveillance.)
This is basically saying, GCHQ can spy on Wikileaks’ dropbox (but they don’t have one any more).
The Obama Administration Targeted Julian Assange for Arrest
This revelation is hardly a “revelation.” We’ll cover exactly why presently, but this news comes from a U.S. intelligence community file titled “Manhunting Timeline” and includes an entry describing how the U.S. called for ally nations to “file criminal charges against Assange.”
Here’s the thing: we already knew this from all the way back in August of 2010. Yet in the Greenwald/Gallagher article, they buried this important detail about The Daily Beast article in the 26th paragraph, well beyond the point where most people actually read. Furthermore, NSA verified to The Intercept that the entry on the “Manhunting Timeline” was merely a summary of The Daily Beast scoop.
Funny how this keeps happening with these articles.
NSA Wanted to Target Assange as a “Malicious Foreign Actor”
This revelation is merely excerpts of a chat between NSA’s Office of the General Counsel and the Oversight and Compliance Office of NSA’s Threat Operations Center. Before I continue, note the words “oversight” and “compliance” in that second job title. These files are merely one official asking another official about how NSA is permitted to handle Wikileaks and PirateBay, and there’s no evidence that the questions were acted upon.
However, one official asked the other about targeting the hacker group “Anonymous,” and the answering official authorized “heightened surveillance” (Greenwald’s and Gallagher’s words; the document only asks if targeting is permitted). The greenlight was given in this instance with a telling caveat: “As long as they are foreign individuals outside of the US and do not hold dual citizenship … then you are okay.” In other words, don’t mess with American citizens. Just foreign hackers because they’re, you know, hackers. Oh, and by the way, Greenwald and Gallagher describe the hackers as “activists.”
So here we are again with yet another article that totally fails to live up to its misleading, hyperbolic claims. Meanwhile, thousands of readers have come away with a false impression of what’s going on. If there is indeed any actual wrongdoing here, it’s not only unproven by the Snowden documents but the deceptive way in which those documents have been described totally undermines the ability to have a rational, fact-driven discussion about the information itself. Just like always.