The Cable

NSA Bombshell Shocks Former Spooks: "Why in The World Would We Burn Google?"

Former intelligence officials and technology industry executives reacted with anger and anxiety over the latest revelations that the National Security Agency is reportedly infiltrating some of the world's biggest technology companies and making off with the private communications of millions of their customers. And if the reports are accurate, it could be very bad news for U.S. technology companies, who have been complaining for months that their government's secretive intelligence operations are threatening their business and driving customers towards their foreign competitors.

"I think they're in an almost impossible situation," Rep. Adam Schiff, a senior member of the Intelligence Committee, told The Cable. Speaking of Silicon Valley firms who are obligated to cooperate with the NSA, Schiff said recent leak revelations threatened to negatively impact their bottom lines. "It's definitely going to hurt their business and I think we ought to do everything we can to mitigate that damage. I'm very sympathetic to what they have to confront."

The Washington Post reported today that the agency "has secretly broken into the main communications links that connect Yahoo and Google data centers around the world." According to documents provided by former NSA contractor Edward Snowden, the agency is intercepting emails, documents, and other electronic communications as they move between the companies' privately controlled facilities and the public Internet, giving the NSA access to data in nearly real-time.

The latest revelations are likely to inflame an already tense relationship between the Obama administration and American technology companies, many of whose customers live outside the United States and are not protected by laws that prohibit the NSA from spying on Americans en masse.

"Why in the world would we burn a relationship with Google by breaking into a data center?" one former intelligence officer asked.

According to an August report by the Information Technology and Innovation Foundation, the NSA scandal could cost cloud companies with U.S.-based servers between $21.5 billion and $35 billion over the next three years as customers flock to European firms that may have more legal protection from U.S. spies. 

"The most enduring setback on national security from all of this could well be the impact on U.S. companies," observed a former U.S. official intimately involved with intelligence matters.

"We've created a Huawei problem for these companies," this official said, referring to the Chinese telecommunications firm that many U.S. lawmakers and intelligence officials believe is a proxy spy for the Chinese government.

The NSA has also reportedly worked to undermine encryption standards that are used around the world to protect private information and secure commercial transactions. Technology experts were outraged to learn that a government agency they thought they could trust was secretly working to make it easier to spy on people.

The former intelligence officer wondered aloud why the agency would engage in intelligence gathering that, if exposed, would make companies seem unable to protect their customers' data from prying government eyes. "My personal concern is that an American company like Cisco that's doing business with governments overseas could face real problems in that line of business."

Schiff, a California Democrat, stressed that he could not confirm or deny the substance of the Post allegations, but he did say the claims raise valid concerns if proven to be true . "If there are allegations that either because of the way these technologies now operate and get routed through the United States that there were court requirements that were circumvented that's something that the committee absolutely ought to investigate," he said.

Representatives for Google and Yahoo told the Post that the surveillance was conducted without their knowledge. But communications experts with years of experience implementing government surveillance orders found that hard to believe. They described to The Cable a number of ways the NSA could have intercepted the company's data, all of which seemed likely to alert Google and Yahoo that their information was being collected, or at least to raise suspicions.

The NSA document published by the Post appears to show the agency focusing on a kind of junction where a Google data center connects to the public Internet. Labeled "GFE," which the diagram says stands for Google front end server, this is the point where encryption is removed from data before it travels to Google's cloud. If the NSA could intercept communications at that vulnerable point, then the agency could read them in their unencrypted form.

To capture or siphon off data at the point labeled GFE, the NSA could implant surveillance equipment, said two of the experts. This could be a fairly small piece of hardware, but it might be difficult to install without the consent of the people running the data center. One of the experts likened it to the secret room that the NSA is believed to have installed at an AT&T facility in San Francisco, where data was split from the company's network and given to the NSA. That GFE point would be the likely place to install such a facility.

Curiously, both experts noted, in the world of official surveillance, GFE stands for something else: "government furnished equipment."

One of the experts said that if NSA wanted to avoid installing devices at the companies' data centers, it would have to intercept the information on a fiber optic line as it moved from the data center to the public Internet. To do that and still capture the data while it was unencrypted, the interception point would have to be physically located no more than a few hundred yards from the data center, the expert said. In that case people working in the data center itself would likely see some physical structure nearby.

There are still other options for the NSA to capture the data from a distance, experts said, such as tunneling into the GFE from another computer. But whatever the method, the agency would have to have some way to directly tap into that GFE, whether by hacking it, installing equipment with the companies consent, or using a previously installed back door or hole in the system that was unknown to its manufacturer.

The NSA has reportedly struck deals with technology companies to install hidden access points in their equipment that can be used for surveillance. And the agency is believed to be the biggest purchaser of so-called "zero day" vulnerabilities, which are flaws in a piece of hardware or software discovered by a hacker but never revealed publicly. One of the communications experts said it was possible NSA had bought such zero days and used them to get exclusive access to the GFEs without any companies every knowing it.

Experts had already predicted that the agency's global eavesdropping would give foreign customers a reason to stop using popular services like Google and Yahoo in favor of companies that don't store their data in the United States or aren't subject to U.S. laws. The government of Brazil is considering whether to force U.S. companies to locate any data on its citizens within the countries borders.

An NSA spokesman rejected the Post's report and said the agency is following laws that protect Americans' privacy. "NSA has multiple authorities that it uses to accomplish its mission, which is centered on defending the nation," NSA spokesperson Vanee Vines in a statement. She called reports in the Post that the agency uses an executive order, instead of surveillance law, to get around limitations imposed on it in the United States "not true."

"NSA is a foreign intelligence agency. And we're focused on discovering and developing intelligence about valid foreign intelligence targets only," Vines said.

In a statement to The Cable, Dutch Ruppersberger (D-MD), the ranking member of the House Intelligence Committee, defended the NSA's practices. "NSA is a foreign intelligence agency," he said. "It does not have the resources, capacity, or interest in collecting data on Americans. The claim that NSA collects large volumes of data on US persons is incorrect. NSA respects the privacy of US persons by using Attorney-General approved processes to minimize the likelihood of their information in NSA's collection."

Technology company executives have criticized the Obama administration for trying to assuage public anxiety about surveillance by emphasizing that the NSA only spies on foreigners. Many of those companies' customers live outside the United States, and some of them have been outraged by reports of the NSA hoovering up personal data on the Internet. Mark Zuckerberg, the CEO of Facebook, said the administration "blew it" in its attempts to counter the narrative that the NSA isn't engaged in unbridled spying. The vast majority of Facebook's users reside outside the United States.

Technology company representatives in Washington have quietly lobbied administration officials to change their talking points, and to stop emphasizing what the companies see as a double standard in how the United States spies on people's communications, according to sources familiar with those discussions.

"Whatever reports may be out there, we continue to call on Congress and the administration to take action to increase transparency in surveillance and restore the public trust," Yael Weinman, the vice president for global privacy policy and the general counsel for the Information Industry Technology Council, a lobbying and trade group, told The Cable. "Continued inaction on constructive measures and reforms threatens innovation and global commerce."

The Cable

Meet The Weird, Super-Connected Group That's Mucking Up U.S. Talks With Iraq

When Iraqi Prime Minister Nouri al-Maliki begins a three day official visit to Washington today, he'll face predictable questions about Iran, Syria, and Iraq's own political instability and soaring violence. Top lawmakers, however, will press him on a very different issue: the recent killings of dozens of members of a former terrorist group that the Iraqi government had promised -- and failed -- to protect.

The Mujahedeen-e Khalq, or MEK, is the most powerful lobby you've never heard of, and probably the most unusual. It has used a combination of political savvy and seemingly bottomless pools of money to persuade many prominent lawmakers and former officials from the Bush and Obama administrations that it has broad support within Iran and could help turn the country into a democracy. Along the way, it's gone from being as seen as a group responsible for the deaths of at least six Americans to one that is a vital partner in the effort to overthrow Iran's theocratic regime.

MEK supporters like New Jersey Democrat Bob Menendez, the powerful chairman of the Senate Foreign Relations Committee, say they want to punish the Maliki government for an attack on an MEK compound called Camp Ashraf last month that left that killed at least 50 of its members. During an October 3rd hearing, Menendez told Wendy Sherman, the number three official at the State Department, that he would suspend U.S. weapons sales to Iraq until more was done to protect the MEK members at the base.

Vice President Biden discussed the MEK issue when he spoke with Maliki Wednesday morning, according to a senior administration official.  The official said Baghdad wanted the MEK to leave Iraq, but said the U.S. government had no credible information that the Iraqi government was involved in the September attack on Camp Ashraf.  Still, the official said that Washington worried that the group’s roughly 2,900 members would be in danger until they could be moved to new homes in other countries.  The problem, he said, was that Albania and Germany were the only nations that have so far been willing to take in even small numbers of MEK followers. 

 

Menendez aides say the senator, for his part, plans to specifically raise the Iraqi government’s treatment of the MEK members, along with his concern that Baghdad is allowing Iran to use its airspace to fly weapons and fighters to Syria, when he sits down with Maliki later Wednesday.

"It is unacceptable to lose one more life when American commanders gave these individuals a written guarantee toward their safety and it sends a message to others in the world that when we say that we are going to do that and we do not, that they should not trust us," he said at the time. "I doubt very much that we are going to see any approval of any weapons sales to Iraq until we get this situation in a place in which people's lives are saved."

The MEK has also enlisted prominent retired officials to tout its cause in public speeches and private meetings at the State Department and on Capitol Hill. Its long list of supporters includes former New York Mayor Rudy Giuliani, former Attorney General Mike Mukasey, former Pennsylvania Governor Ed Rendell, retired Marine General Jim Jones, Obama's first national security advisor, and retired Army General Hugh Shelton, a former chairman of the Joint Chiefs of Staff.

MEK advocates like Rendell receive up to $30,000 per speech, which means many have been paid hundreds of thousands of dollars by the group. Rendell, in an interview, said he genuinely believed in the group's cause and wasn't in it for the money. He said that he and MEK advocates like Jones and former FBI Director Louis Freeh have spent hundreds of hours personally lobbying the State Department and members of Congress on behalf of the group and had done so pro bono. Rendell said he bills $1,000 per hour as a lawyer, which meant that had foregone significant amounts of money to aid the group.

"The U.S. had promised to guarantee their safety and then just stood aside when they were massacred, gangster style," he said in the interview. "It's disgusting."

Rendell helped draft a letter to Obama last week that demanded U.S. assistance for the MEK members still stuck at Camp Ashraf. In the letter, obtained by FP, MEK's advocates said the killings at Camp Ashraf was a "premeditated mass murder planned at the highest level and executed by Iraqi forces and agents, using equipment and training provided by U.S. forces."

"We urge you to allow all of the Camp Liberty residents to be evacuated immediately from Iraq, using United States forces, and brought to safety in a United States Government supported facility," the letter read. Until that happened, the group argued, the Obama administration should "suspend any aid or sale of arms to Iraq."

For the moment, that's not a step the White House is prepared to take. Bernadette Meehan, a spokesperson for the National Security Council, said the administration was "deeply concerned" about the safety of the MEK members at Camp Ashraf and consistently pressed the the Iraqi government to do as much as possible to protect them. Still, she said that delaying weapons sales to Iraq could do more harm than good.

"U.S. security assistance, and foreign military sales in particular, are tools that we use for building and shaping Iraq's defense capabilities and integrating Iraqi security forces with our security forces and regional partners," Meehan said. "Withholding security assistance may well serve to decrease our influence in Baghdad, our ability to seed relationships, and provide leverage for strategic competitors who will fill the vacuum and could conceivably damage our long-term interests."

Administration officials said the president would discuss a range of regional and security issues with Maliki when the Iraqi leader visits the White House Friday but declined to say whether the president planned to specifically raise the MEK issue.

Either way, the MEK's prominent role in the U.S.-Iraqi relationship represents a remarkable turnaround for a group that was once held responsible for a string of bombings and assassinations inside Iran that killed at least six Americans, including the deputy chief of the U.S. military mission to Iran and a senior Texaco executive. It was also linked to the takeover of the U.S. embassy in Tehran. In 1997, the State Department designated the group a "foreign terrorist organization," a move that imposed strict financial sanctions against the MEK. The MEK's current leadership has long denied any involvement in the killings or the seizure of the embassy.

The group's relationship with Washington improved dramatically after the U.S. invasion of Iraq. The MEK group gave up its weapons and formed a warm relationship with senior American commanders, who gave the group formal promises of protection. Last month, however, masked gunmen with military-quality weapons swept into an MEK compound outside Baghdad, killed roughly 50 of its members and abducted seven others. Grisly videos released by the MEK showed the corpses of men who were shot in the head with their hands tied behind their backs. The group's supporters here at home immediately accused Maliki's government of orchestrating the attack, something Baghdad denies, and called for it to be sanctioned in response.

The MEK's power in Washington surprises many experts on the group, who describe it as a cult that exerts tremendous power over the daily lives of its followers.

Jeremiah Goulka, a former RAND researcher who has made repeated visits to Camp Ashraf, said MEK leaders physical cut their members off from the outside world, limit their access to outside newspapers or TV stations, and enforce gender segregation and celibacy. He said the MEK required its followers to attend regular sessions where they were forced to admit whether they had sexual thoughts. Those that admitted to them were publicly humiliated, while those that denied having them were derided as liars and criticized anyway.

"That's the definition of how a cult works," he said.

Karim Sadjadpour, an Iran expert at the Carnegie Endowment for International Peace, said the group had little support back home because ordinary Iranians were nationalists troubled by both the MEK's vaguely socialist ideology and its past relationship with Saddam Hussein, which funded the group's operations for decades. Many outside experts believe the MEK is still drawing from the pools of money it received from the former Iraqi leader.

"What keeps them in the news are their deep pockets," Sadjadpour said. "Once those deep pockets run out they're basically going to be rendered irrelevant."

Andrew Burton/Getty Images