[CTRL] [3] STOA Report: Interception Capabilities 2000

[Kris Millegan]

 -Caveat Lector-

from:
http://www.aci.net/kalliste/echelon/ic2000.htm
<A HREF="http://www.aci.net/kalliste/echelon/ic2000.htm">STOA Report:
Interception Capabilities 2000
</A>
-----
Awesome report. Site has oodles pix and drawings.
Om
K
--[3]--
�Technical annexe
Broadband (high capacity multi-channel) communications



1. From 1950 until the early 1980s, high capacity multi-channel analogue
communications systems were usually engineered using separate
communications channels carried at different frequencies The combined
signal, which could include 2,000 or more speech channels, was a
"multiplex". The resulting "frequency division multiplex" (FDM) signal
was then carried on a much higher frequency, such as by a microwave
radio signal.

2. Digital communications have almost universally taken over from
analogue methods. The basic system of digital multi-channel
communications is time division multiplexing (TDM). In a TDM telephony
system, the individual conversational channels are first digitised.
Information concerning each channel is then transmitted sequentially
rather than simultaneously, with each link occupying successive time
"slots".

3. Standards for digital communications evolved separately within Europe
and North America. In the United States, the then dominant public
network carrier (the Bell system, run by AT&T) established digital data
standards. The basic building block, a T-1 link, carries the equivalent
of 24 telephone channels at a rate of 1.544 Mbps. Higher capacity
systems operate at greater data transmission rates Thus, the highest
transmission rate, T-5, carries the equivalent of 8,000 speech channels
at a data rate of 560 Mbps.

4. Europe adopted a different framework for digital communications,
based on standards originally agreed by the CEPT. The basic European
standard digital link, E-1, carries 30 telephone channels at a data rate
of 2 Mbps. Most European telecommunications systems are based on E-1
links or (as in North America), multiples thereof. The distinction is
significant because most Comint processing equipment manufactured in the
United States is designed to handle intercepted communications working
to the European forms of digital communications.

5. Recent digital systems utilise synchronised signals carried by very
high capacity optical fibres. Synchronising signals enables single
channels to be easily extracted from high capacity links. The new system
is known in the US as the synchronous optical network (SONET), although
three equivalent definitions and labels are in use.(75)
��Communications intelligence equipment


6. Dozens of US defence contractors, many located in Silicon Valley
(California) or in the Maryland "Beltway" area near Washington,
manufacture sophisticated Sigint equipment for NSA. Major US
corporations, such as Lockheed Martin, Space Systems/Loral, TRW,
 Raytheon and Bendix are also contracted by NSA to operate major Sigint
collection sites. A full report on their products and services is beyond
the scope of this study. The state of the art in contemporary
communications intelligence may usefully be demonstrated, however, by
examining some of the Comint processing products of two specialist NSA
niche suppliers: Applied Signal Technology Inc (AST), of Sunnyvale,
California, and The IDEAS Operation of Columbia, Maryland (part of
Science Applications International Corporation (SAIC)).(76)

7. Both companies include senior ex-NSA staff as directors. When not
explicitly stated, their products can be identified as intended for
Sigint by virtue of being "TEMPEST screened". AST states generally that
its "equipment is used for signal reconnaissance of foreign
telecommunications by the United States government". One leading
cryptographer has aptly and and engagingly described AST as a "one-stop
ECHELON shop".
�Wideband extraction and signal analysis


8. Wideband (or broadband) signals are normally intercepted from
satellites or tapped cables in the form of multiplex microwave or high
frequency signals. The first step in processing such signals for Comint
purposes is "wideband extraction". An extensive range of Sigint
equipment is manufactured for this purpose, enabling newly intercepted
systems to be surveyed and analysed. These include transponder survey
equipment which identify and classify satellite downlinks, demodulators,
decoders, demultiplexers, microwave radio link analysers, link survey
units, carrier analysis systems, and many other forms of hardware and
software.

9. A newly intercepted communications satellite or data link can be
analysed using the AST Model 196 "Transponder characterisation system".
Once its basic communications structure has been analysed, the Model 195
"Wideband snapshot analyser", also known as SNAPPER, can record sample
data from even the highest capacity systems, sufficient to analyse
communications in minute detail. By the start of 1999, operating in
conjunction with the Model 990 "Flexible Data Acquisition Unit", this
systems was able to record, playback and analyse at data rates up to
2.488 Gbps (SONET OC-48). This is 16 times faster than the largest
backbone links in general use on the Internet; larger than the telephony
capacity of any current communications satellite; and equivalent to
40,000 simultaneous telephone calls. It can be fitted with 48 Gbyte of
memory (500-1000 times larger than found in an average personal
computer), enabling relatively lengthy recordings of high-speed data
links. The 2.5 Gbps capacity of a single SNAPPER unit exceeds the
current daily maximum data rate found on a typical large Internet
exchange.(77)

10. Both AST and IDEAS offer a wide range of recorders, demultiplexers,
scanners and processors, mostly designed to process European type (CEPT)
E-1, E-3 (etc) signals at data rates of up to 160 Mbps. Signals may be
recorded to banks of high-speed tape recorders, or into high capacity
"RAID"(78) hard disk networks. Intercepted optical signals can be
examined with the AST Model 257E "SONET analyser".

11. Once communications links have been analysed and broken down to
their constituent parts, the next stage of Comint collection involves
multi-channel processors which extract and filter messages and signals
from the desired channels. There are three broad categories of interest:
"voice grade channels", normally carrying telephony; fax communications;
and analogue data modems. A wide selection of multi-channel Comint
processors are available. Almost all of them separate voice, fax and
data messages into distinct "streams" for downstream processing and
analysis.

12. The AST Model 120 multi-channel processor - used by NSA in different
configurations known as STARQUAKE, COBRA and COPPERHEAD - can handle
1,000 simultaneous voice channels and automatically extract fax, data
and voice traffic. Model 128, larger still, can process 16 European E-3
channels (a data rate of 500 Mbps) and extract 480 channels of interest.
The 1999 giant of AST's range, the Model 132 "Voice Channel
Demultiplexer", can scan up to 56,700 communications channels,
extracting more than 3,000 voice channels of interest. AST also provides
Sigint equipment to intercept low capacity VSAT(79) satellite services
used by smaller businesses and domestic users. These systems can be
intercepted by the AST Model 285 SCPS processor, which identifies and
extracts up to 48 channels of interest, distinguished between voice, fax
and data.

13. According to US government publications, an early Wideband
Extraction system was installed at NSA's Vint Hill Farms field station
in 1970, about the time that systematic COMSAT interception collection
began. That station is now closed. US publications identify the NSA/CSS
Regional Sigint Operations Centre at San Antonio, Texas, as a site
currently providing a multi-channel Wideband Extraction service.
�Filtering, data processing, and facsimile analysis


14. Once communications channels have been identified and signals of
interest extracted, they are analysed further by sophisticated
workstations using special purpose software. AST's ELVIRA Signals
Analysis Workstation is typical of this type of Sigint equipment. This
system, which can be used on a laptop computer in covert locations,
surveys incoming channels and extracts standard Comint data, including
technical specifications (STRUM) and information about call destinations
(SRI, or signal related information). Selected communications are
relayed to distant locations using NSA standard "Collected Signals Data
Format" (CSDF).(80)

15. High-speed data systems can also be passed to AST's TRAILMAPPER
software system, which works at a data rate of up to 2.5 Gbps. It can
interpret and analyse every type of telecommunications system, including
European, American and optical standards. TRAILMAPPER appears to have
been designed with a view to analysing ATM (asynchronous transfer mode)
communications. ATM is a modern, high-capacity digital communications
system. It is better suited than standard Internet connections to
carrying multimedia traffic and to providing business with private
networks (VPN, LAN or WAN). TRAILMAPPER will identify and characterise
such business networks.

16. In the next stage downstream, intercepted signals are processed
according to whether they are voice, fax or data. AST's "Data
Workstation" is designed to categorise all aspects of data
communications, including systems for handling e-mail or sending files
on the Internet.(81) Although the very latest modem systems (other than
ISDN) are not included in its advertised specification, it is clear from
published research that AST has developed the technology to intercept
and process the latest data communications systems used by individuals
and business to access the Internet.(82) The Data Workstation can stored
and automatically process 10,000 different recorded signals.

17. Fax messages are processed by AST's Fax Image Workstation. This is
described as a "user friendly, interactive analysis tool for rapid
examination images stored on disk. Although not mentioned in AST's
literature, standard fax pre-processing for Dictionary computers
involves automatic "optical character recognition" (OCR) software. This
turns the typescript into computer readable (and processable) text. The
effectiveness of these systems makes fax-derived Comint an important
collection subsystem. It has one drawback. OCR computer systems that can
reliably recognise handwriting do not exist. No one knows how to design
such a system. It follows that, perversely, hand-written fax messages
may be a secure form of communication that can evade Dictionary
surveillance criteria, provided always that the associated "signal
related information" (calling and receiving fax numbers) have not been
recognised as being of interest and directed to a Fax Image Workstation.


18. AST also make a "Pager Identification and Message Extraction" system
which automatically collects and processes data from commercial paging
systems. IDEAS offer a Video Teleconferencing Processor that can
simultaneously view or record two simultaneous teleconferencing
sessions. Sigint systems to intercept cellular mobile phone networks
such as GSM are not advertised by AST or IDEAS, but are available from
other US contractors. The specifications and ready availability of such
systems indicate how industrialised and pervasive Comint has became. It
has moved far from the era when (albeit erroneously), it was publicly
associated only with monitoring diplomatic or military messages.

 NSA "Trailmapper software showing atomatic detection of private
networks inside
intercepted high capacity STM-1 digital communications system
�
Traffic analysis, keyword recognition, text retrieval, and topic
analysis



19. Traffic analysis is a method of obtaining intelligence from signal
related information, such as the number dialled on a telephone call, or
the Calling Line Identification Data (CLID) which identifies the person
making the call. Traffic analysis can be used where message content is
not available, for example when encryption is used. By analysing calling
patterns, networks of personal associations may be analysed and studied.
This is a principal method of examining voice communications.

20. Whenever machine readable communications are available, keyword
recognition is fundamental to Dictionary computers, and to the ECHELON
system. The Dictionary function is straightforward. Its basic mode of
operation is akin to web search engines. The differences are of
substance and of scale. Dictionaries implement the tasking of their host
station against the entire mass of collected communications, and
automate the distribution of selected raw product.

21. Advanced systems have been developed to perform very high speed
sorting of large volumes of intercepted information. In the late 1980s,
the manufacturers of the RHYOLITE Sigint satellites, TRW, designed and
manufactured a Fast Data Finder (FDF) microchip for NSA. The FDF chip
was declassified in 1972 and made available for commercial use by a
spin-off company, Paracel. Since then Paracel has sold over 150
information filtering systems, many of them to the US government.
Paracel describes its current FDF technology as the "fastest, most
accurate adaptive filtering system in the world":
����A single TextFinder application may involve trillions of bytes of
textual archive and thousands of online users, or gigabytes of live data
stream per day that are filtered against tens of thousands of complex
interest profiles ... the TextFinder chip implements the most
comprehensive character-string comparison functions of any text
retrieval system in the world.


Devices like this are ideal for use in ECHELON and the Dictionary
system.

22. A lower capacity system, the PRP-9800 Pattern Recognition Processor,
is manufactured by IDEAS. This is a computer card which can be fitted to
a standard PC. It can analyse data streams at up to 34 Mbps (the
European E-3 standard), matching every single bit to more than 1000
pre-selected patterns.

23. Powerful though Dictionary methods and keyword search engines may
be, however, they and their giant associated intelligence databases may
soon seem archaic. Topic analysis is a more powerful and intuitive
technique, and one that NSA is developing and promoting with confidence.
Topic analysis enables Comint customers to ask their computers to "find
me documents about subject X". X might be "Shakespeare in love" or "Arms
to Iran".

24. In a standard US test used to evaluate topic analysis systems,(83)
 one task the analysis program is given is to find information about
"Airbus subsidies". The traditional approach involves supplying the
computer with the key terms, other relevant data, and synonyms. In this
example, the designations A-300 or A-320 might be synonymous with
"Airbus". The disadvantage of this approach is that it may find
irrelevant intelligence (for example, reports about export subsidies to
goods flown on an Airbus) and miss relevant material (for example a
financial analysis of a company in the consortium which does not mention
the Airbus product by name). Topic analysis overcomes this and is better
matched to human intelligence.

25. The main detectable thrust of NSA research on topic analysis centres
on a method called N-gram analysis. Developed inside NSA's Research
group - responsible for Sigint automation - N-gram analysis is a fast,
general method of sorting and retrieving machine-readable text according
to language and/or topic. The N-gram system is claimed to work
independently of the language used or the topic studied. NSA patented
the method in 1995.(84)

26. To use N-gram analysis, the operator ignores keywords and defines
the enquiry by providing the system with selected written documents
concerning the topic of interest. The system determines what the topic
is from the seed group of documents, and then calculates the probability
that other documents cover the same topic. In 1994, NSA made its N-gram
system available for commercial exploitation. NSA's research group
claimed that it could be used on "very large data sets (millions of
documents)", could be quickly implemented on any computer system and
that it could operate effectively "in text containing a great many
errors (typically 10-15% of all characters)".

27. According to former NSA Director William Studeman, "information
management will be the single most important problem for the (US)
Intelligence Community" in the future.(85) Explaining this point in
1992, he described the type of filtering involved in systems like
ECHELON:
����One [unidentified] intelligence collection system alone can generate
a million inputs per half hour; filters throw away all but 6500 inputs;
only 1,000 inputs meet forwarding criteria; 10 inputs are normally
selected by analysts and only one report Is produced. These are routine
statistics for a number of intelligence collection and analysis systems
which collect technical intelligence.

The "Data Workstation" Comint software system analyses up to 10,000
recorded messages,
identifying Internet traffic, e-mail messages and attachments
� �Speech recognition systems



28. For more than 40 years, NSA, ARPA, GCHQ and the British government
Joint Speech Research Unit have conducted and sponsored research into
speech recognition. Many press reports (and the previous STOA report)
have suggested that such research has provided systems which can
automatically select telephone communications of intelligence interest
based on the use of particular "key words" by a speaker. If available,
such systems would enable vastly more extensive Comint information to be
gathered from telephone conversations than is available from other
methods of analysis. The contention that telephone word-spotting systems
are readily available appears to by supported by the recent availability
of a string of low-cost software products resulting from this research.
These products permit PC users to dictate to their computers instead of
entering data through the keyboard. (86)

29. The problem is that for Comint applications, unlike personal
computer dictation products, speech recognition systems have to operate
in a multi-speaker, multi-language environment where numerous previously
never heard speakers may each feature physiological differences, dialect
variations, and speech traits. Commercial PC systems usually require one
or more hours of training in order reliably to recognise a single
speaker. Even then, such systems may mistranscribe 10% or more of the
words spoken.

30. In PC dictation applications, the speaker can correct
mistranscriptions and continually retrain the recognition system, making
a moderate error rate acceptable. For use in Comint, where the
interception system has no prior knowledge of what has been said (or
even the language in use), and has to operate in the poorer signal
environment of a telephone speech channel, such error rates are
unachievable. Worse still, even moderate error rates can make a keyword
recognition system worthless by generating both false positive outputs
(words wrongly identified as keywords) and false negative outputs
(missing genuine keywords).

31. This study has found no evidence that voice keyword recognition
systems are currently operationally deployed, nor that they are yet
sufficiently accurate to be worth using for intelligence purposes.
��Continuous speech recognition


32. The fundamental technique in many speech recognition applications is
a statistical method called Hidden Markov Modelling (HMM). HMM systems
have been developed at many centres and are claimed academically to
offer "good word spotting performance ... using very little or no
acoustic speech training".(87) The team which reported this result
tested its system using data from the US Department of Defense
"Switchboard Data", containing recordings of thousand of different US
telephone conversations. On a limited test the probabilities of
correctly detecting the occurrences of 22 keywords ranged from 45-68% on
settings which allowed for 10 false positive results per keyword per
hour. Thus if 1000 genuine keywords appeared during an hour's
conversation, there would be at least 300 missed key words, plus 220
false alarms.

33. At about the same time, (February 1990), the Canadian Sigint
organisation CSE awarded a Montreal-based computer research consultancy
the first of a series of contracts to develop a Comint wordspotting
system.(88) The goal of the project was to build a word-spotter that
worked well even for noisy calls. Three years later, CRIM reported that
"our experience has taught us that, regardless of the environmental
conditions, wordspotting remains a difficult problem". The key problem,
which is familiar to human listeners, is that a single word heard on its
own can easily be misinterpreted, whereas in continuous speech the
meaning may be deduced from surrounding words. CRIM concluded in 1993
that "it is probable that the most effective way of building a reliable
wordspotter is to build a large vocabulary continuous speech recognition
(CSR) system".

34. Continuous speech recognition software working in real time needs a
powerful fast, processor. Because of the lack of training and the
complex signal environment found in intercepted telephone calls, it is
likely that even faster processors and better software than used in
modern PCs would yield poorer results than are now provided by
well-trained commercial systems. Significantly, an underlying problem is
that voice keyword recognition is, as with machine-readable messages, an
imperfect means to the more useful intelligence goal - topic spotting.

35. In 1993, having failed to build a workable wordspotter, CRIM
suggesting "bypassing" the problem and attempting instead to develop a
voice topic spotter. CRIM reported that "preliminary experiments
reported at a recent meeting of American defense contractors ...
indicate that this may in fact be an excellent approach to the problem".
They offered to produce an "operational topic spotting" system by 1995.
They did not succeed. Four years later, they were still experimenting on
how to built a voice topic spotter.(89) They received a further research
contract. One method CRIM proposed was NSA's N-gram technique.
��Speaker identification and other voice message selection techniques


36. In 1993, CRIM also undertook to supply CSE with an operational
speaker identification module by March 1995. Nothing more was said about
this project, suggesting that the target may have been met. In the same
year, according to NSA documents, the IDEAS company supplied a "Voice
Activity Detector and Analyser", Model TE464375-1, to NSA's offices
inside GCHQ Cheltenham. The unit formed the centre of a 14-position
computer driven voice monitoring system. This too may have been an early
speaker identification system.

37. In 1995, widely quoted reports suggested that NSA speaker
identification had been used to help capture the drug cartel leader
Pablo Escobar. The reports bore strong resemblance to a novel by Tom
Clancy, suggesting that the story may have owed more to Hollywood than
high tech. In 1997, the Canadian CRE awarded a contract to another
researcher to develop "new retrieval algorithms for speech
characteristics used for speaker identification", suggesting this method
was not by then a fully mature technology. According to Sigint staff
familiar with the current use of Dictionary, it can be programmed to
search to identify particular speakers on telephone channels. But
speaker identification is still not a particularly reliablr or effective
Comint technique.(90)

38. In the absence of effective wordspotting or speaker identification
techniques, NSA has sought alternative means of automatically analysing
telephone communications. According NSA's classification guide, other
techniques examined include Speech detection - detecting the presence or
absence of speech activity; Speaker discrimination - techniques to
distinguish between the speech of two or more speakers; and Readability
estimation - techniques to determine the quality of speech signals.
System descriptions must be classified "secret" if NSA "determines that
they represent major advances over techniques known in the research
community".(91)
�
"Workfactor reduction"; the subversion of cryptographic systems


39. From the 1940s to date, NSA has undermined the effectiveness of
cryptographic systems made or used in Europe. The most important target
of NSA activity was a prominent Swiss manufacturing company, Crypto AG.
Crypto AG established a strong position as a supplier of code and cypher
systems after the second world war. Many governments would not trust
products offered for sale by major powers. In contrast, Swiss companies
in this sector benefited from Switzerland's neutrality and image of
integrity.

40. NSA arranged to rig encryption systems sold by Crypto AG, enabling
UKUSA agencies to read the coded diplomatic and military traffic of more
than 130 countries. NSA's covert intervention was arranged through the
company's owner and founder Boris Hagelin, and involved periodic visits
to Switzerland by US "consultants" working for NSA. One was Nora L
MacKabee, a career NSA employee. A US newspaper obtained copies of
confidential Crypto AG documents recording Ms Mackebee's attendance at
discussion meetings in 1975 to design a new Crypto AG machine".(92)

41. The purpose of NSA's interventions were to ensure that while its
coding systems should appear secure to other cryptologists, it was not
secure. Each time a machine was used, its users would select a long
numerical key, changed periodically. Naturally users wished to selected
their own keys, unknown to NSA. If Crypto AG's machines were to appear
strong to outside testers, then its coding system should work, and
actually be strong. NSA's solution to this apparent condundrum was to
design the machine so that it broadcast the key it was using to
listeners. To prevent other listeners recognising what was happening,
the key too had also to be sent in code - a different code, known only
to NSA. Thus, every time NSA or GCHQ intercepted a message sent using
these machines, they would first read their own coded part of the
message, called the "hilfsinformationen" (help information field) and
extract the key the target was using. They could then read the message
itself as fast or even faster than the intended recipient(93)

42. The same technique was re-used in 1995, when NSA became concerned
about cryptographic security systems being built into Internet and
E-mail software by Microsoft, Netscape and Lotus. The companies agreed
to adapt their software to reduce the level of security provided to
users outside the United States. In the case of Lotus Notes, which
includes a secure e-mail system, the built-in cryptographic system uses
a 64 bit encryption key. This provides a medium level of security, which
might at present only be broken by NSA in months or years.

43. Lotus built in an NSA "help information" trapdoor to its Notes
system, as the Swedish government discovered to its embarrassment in
1997. By then, the system was in daily use for confidential mail by
Swedish MPs, 15,000 tax agency staff and 400,000 to 500,000 citizens.
Lotus Notes incorporates a "workfactor reduction field" (WRF) into all
e-mails sent by non US users of the system. Like its predecessor the
Crypto AG "help information field" this device reduces NSA's difficulty
in reading European and other e-mail from an almost intractable problem
to a few seconds work. The WRF broadcasts 24 of the 64 bits of the key
used for each communication. The WRF is encoded, using a "public key"
system which can only be read by NSA. Lotus, a subsidiary of IBM, admits
 this. The company told Svenska Dagbladet:
����"The difference between the American Notes version and the export
version lies in degrees of encryption. We deliver 64 bit keys to all
customers, but 24 bits of those in the version that we deliver outside
of the United States are deposited with the American government".(94)


44. Similar arrangements are built into all export versions of the web
"browsers" manufactured by Microsoft and Netscape. Each uses a standard
128 bit key. In the export version, this key is not reduced in length.
Instead, 88 bits of the key are broadcast with each message; 40 bits
remain secret. It follows that almost every computer in Europe has, as a
built-in standard feature, an NSA workfactor reduction system to enable
NSA (alone) to break the user's code and read secure messages.

45. The use of powerful and effective encryption systems will
increasingly restrict the ability of Comint agencies to process
collected intelligence. "Moore's law" asserts that the cost of
computational power halves every 18 months. This affects both the ag
encies and their targets. Cheap PCs can now efficiently perform complex
mathematical calculations need for effective cryptography. In the
absence of new discoveries in physics or mathematics Moore's law favours
codemakers, not codebreakers.


���Illustrations : D Campbell; US Air Force; IPTV Ltd; Stephen King;
Charles V Pick; IPTV Ltd;
Jim Bamford, GCHQ; US Navy; KGB/Russian Security Service; D Campbell.

��Glossary and definitions

ATMAsynchronous Transfer Mode; a high speed form of digital
communications increasingly used for on the InternetBND
Bundesachrichtendienst; the foreign intelligence agency of the Federal
Republic of Germany. Its functions include SigintCCITTConsultative
Committee for International Telephony and Telegraphy; United Nations
agency developing standards and protocols for telecommunications; part
of the ITU; also known as ITU-TCEPTConference Europeene des Postes et
des TelecommunicationsCLIDCalling Line Identification DataComintComint
Communications IntelligenceCOMSAT(Civil or commercial) communications
satellite; for military communications usage, the phraseology is
commonly reversed, i.e., SATCOM.CRIMCRIM Centre de Recherche
Informatique de MontrealCSDFCSDF Collected Signals Data Format; a term
used only in SigintCSECSE Communications Security Establishment, the
Sigint agency of CanadaCSSCSS Central Security Service; the military
component of NSADARPADARPA Defense Advanced Research Projects Agency
(United States Department of Defense)DGSEDirectorate General de Securite
Exteriere, the foreign intelligence agency of France. Its functions
include SigintDSDDSD Defence Signals Directorate, the Sigint agency of
the Commonwealth of AustraliaDODJOCCDODJOCC Department of Defense Joint
Operations Centre ChicksandsE1, E3 (etc)Standard for digital or TDM
communications systems defined by the CEPT, and primarily used within
Europe and outside North AmericaENFOPOLEU designation for documents
concerned with law enforcement matters/policeFAPSIFederalnoe Agenstvo
Pravitelstvennoi Svyazi i Informatsii, the Federal Agency for Government
Communications and Information of Russia. Its functions include Sigint
FBIFBI Federal Bureau of Investigation; the national law enforcement and
counter-intelligence agency of the United StatesFDFFDF Fast Data Finder
FDMFDM Frequency Division Multiplex; a form of multi-channel
communications based on analogue signalsFISAFISA Foreign Intelligence
Surveillance Act (United States)FISINTFISINT Foreign Instrumentation
Signals Intelligence, the third branch of SigintGbpsGigabits per second
GCHQGCHQ Government Communications Headquarters; the Sigint agency of
the United KingdomGHzGigaHertzGistingWithin Sigint, the analytical task
of replacing a verbatim text with the sense or main points of a
communicationHDLCHDLC High-level Data Link ControlHFHF High Frequency;
frequencies from 3MHz to 30MHzHMMHMM Hidden Markov Modelling, a
technique widely used in speech recognition systems.ILETSILETS
International Law Enforcement Telecommunications SeminarIntelsat
International Telecommunications SatelliteIOSAIOSA Interim Overhead
Sigint ArchitectureIridiumSatellite Personal Communications System
involving 66 satellites in low earth orbit, providing global
communications from mobile telephonesISDNISDN Integrated Services Data
NetworkISPISP Internet Service ProviderITUITU International
Telecommunications UnionIURIUR International User Requirements (for
communications interception); IUR 1.0 was prepared by ILETS (qv) in 1994
IXPIXP Internet Exchange PointLANLAN Local Area NetworkLESLEA Law
Enforcement Agency (American usage)MbpsMegabits per secondMHzMegaHertz
MicrowaveRadio signals with wavelengths of 10cm or shorter; frequencies
above 1GHzModemModem Device for sending data to and from (e.g.) a
computer; a "modulator-demodulator)MIMEMIME Multipurpose Internet
Message Extension; a systems used for sending computer files, images,
documents and programs as "attachments" to an e-mail message N-gram
analysisA system for analysing textual documents; in this context, a
system for matching a large group of documents to a smaller group
embodying a topic of interest. The method depends on counting the
frequency with which character groups of length N appear in each
 document; hence N-gramNSANSA National Security Agency, the Sigint
agency of the United StatesOCROptical Character RecognitionPCPersonal
ComputerPCSPersonal Communications Systems; the term includes mobile
telephone systems, paging systems and future wide area radio data links
for personal computers, etcPOP/ POP3Post Office Program; a system used
for receiving and holding e-mailPTTPosts Telegraph and Telephone
(Administration or Authority)RAIDRedundant Array of Inexpensive DisksSCI
Sensitive Compartmented Intelligence; used to limit access to Comint
information according to "compartments"SCPCSingle Channel Per Carrier;
low capacity satellite communications systemSMTPStandard Mail Transport
ProtocolSigintSignals IntelligenceSONETSynchronous Optical NetworkSMDS
Switched Multi-Megabit Data ServiceSMOSupport for Military Operations
SPCSSatellite Personal Communications SystemsSRISignal Related
Information; a term used only in SigintSTOAScience and Technology
Assessments Office of the European Parliament; the body commissioning
this reportT1,T3 (etc)Digital or TDM communications systems originally
defined by the Bell telephone system in North America, and primarily
used thereTCP/IPTerminal Control Protocol/Internet ProtocolTDMTime
Division Muliplex; a form of multi-channel communications normally based
on digital signalsTraffic analysisWithin Sigint, a method of analysing
and obtaining intelligence from messages without reference to their
content; for example by studying the origin and destination of messages
with a view to eliciting the relationship between sender and recipient,
or groups thereofUKUSAUK-USA agreementVPNVirtual Private NetworkVSATVery
Small Aperture Terminal; low capacity satellite communications system
serving home and business usersWANWide Area NetworkWRFWorkfactor
Reduction FieldWWWWorld Wide Web X.25, V.21, V.34, V.90, V.100 (etc) are
CCITT telecommunications standards
���
Notes





1.UKUSA refers to the 1947 United Kingdom - United States agreement on
Signals intelligence. The nations of the UKUSA alliance are the United
States (the "First Party"), United Kingdom, Canada, Australia and New
Zealand (the "Second Parties").

2."An appraisal of the Technologies of Political Control", Steve Wright,
Omega Foundation, European Parliament (STOA), 6 January 1998.

3."They've got it taped", Duncan Campbell, New Statesman, 12 August
1988. "Secret Power : New Zealand's Role in the International Spy
Network", Nicky Hager, Craig Potton Publishing, PO Box 555, Nelson, New
Zealand, 1996.

4.National Security Council Intelligence Directive No 6, National
Security Council of the United States, 17 February 1972 (first issued in
1952).

5.SIGINT is currently defined as consisting of COMINT, ELINT (electronic
or non-communications intelligence and FISINT (Foreign Instrumentation
Signals Intelligence).

6.Statement by Martin Brady, Director of DSD, 16 March 1999. To be
broadcast on the Sunday Programme, Channel 9 TV (Australia), May 1999.

7."Farewell", despatch to all NSA staff, William Studeman, 8 April 1992.
The two business areas to which Studeman referred were "increased global
access" and "SMO" (support to military operations).

8.Federalnoe Agenstvo Pravitelstvennoi Svyazi i Informatsii, the
(Russian) Federal Agency for Government Communications and Information.
FAPSI's functions extend beyond Comint and include providing government
and commercial communications systems.

9.Private communications from former NSA and GCHQ employees.

10.Sensitive Compartmented Intelligence.

11.See note 1.

12. Private communications from former GCHQ employees; the US Act is the
Foreign Intelligence Surveillance Act (FISA).

13. See note 6.

14. In 1919, US commercial cable companies attempted to resist British
government demands for access to all cables sent overseas. Three cable
companies testified to the US Senate about these practices in December
1920. In the same year, the British Government introduced legislation
(the Official Secrets Act, 1920, section 4) providing access to all or
any specified class of communications. The same power was recodified in
1985, providing lawful access for Comint purposes to all "external
communications", defines as any communications which are sent from or
received outside the UK (Interception of Communication Act 1984, Section
3(2)). Similar requirements on telecommunications operators are made in
the laws of the other UKUSA countries. See also "Operation SHAMROCK",
(section 3).

15."The Puzzle Palace", James Bamford, Houghton Mifflin, Boston, 1982,
p331.

16.Personal communications from former NSA and GCHQ employees.

17."Dispatches : The Hill", transmitted by Channel 4 Television (UK), 6
October 1993. DODJOCC stood for Department of Defense Joint Operations
Centre Chicksands.

18."The Justice Game", Geoffrey Robertson, Chapter 5, Chatto and Windus,
London, 1998

19.Fink report to the House Committee on Government Operations, 1975,
quoted in "NSA spies on the British government", New Statesman, 25 July
1980

20."Amerikanskiye sputniki radioelektronnoy razvedki na Geosynchronnykh
orbitakh" ("American Geosynchronous SIGINT Satellites"), Major A
Andronov, Zarubezhnoye Voyennoye Obozreniye, No.12, 1993, pps 37-43.

21."Space collection", in The US Intelligence Community (fourth
edition), Jeffrey Richelson, Westview, Boulder, Colorado, 1999, pages
185-191.

22.See note 18.

23.Richelson, op cit.

24."UK Eyes Alpha", Mark Urban, Faber and Faber, London, 1996, pps
56-65.

25.Besides the stations mentioned, a major ground station whose targets
formerly included Soviet COMSATs is at Misawa, Japan. Smaller ground
stations are located at Cheltenham, England; Shoal Bay, Australia.

26."Sword and Shield : The Soviet Intelligence and Security Apparatus",
Jeffrey Richelson, Ballinger, Cambridge, Massachusetts, 1986.

27."Les Francais aussi ecountent leurs allies", Jean Guisnel, Le Point,
6 June 1998.

28.Intelligence (Paris), 93, 15 February 1999, p3.

29."Blind mans Bluff : the untold story of American submarine
espionage", Sherry Sontag and Christopher Drew, Public Affairs, New
York, 1998.

30.Ibid.

31.Ibid

32.A specimen of the IVY BELLS tapping equipment is held in the former
KGB museum in Moscow. It was used on a cable running from Moscow to a
nearby scientific and technical institution.

33.TCP/IP. TCP/IP stands for Terminal Control Protocol/Internet
Protocol. IP is the basic network layer of the Internet.

34.GCHQ website at http://www.gchq.gov.uk/technol.html

35.Personal communication from DERA. A Terabyte is one thousand
Gigabytes, i.e., 1012 bytes.

36.Personal communication from John Young.

37."Puzzle palace conducting internet surveillance", Wayne Madsen,
Computer Fraud and Security Bulletin, June 1995.

38.Ibid.

39."More Naked Gun than Top Gun", Duncan Campbell, Guardian, 26 November
1997.

40."Spyworld", Mike Frost and Michel Gratton, Doubleday Canada, Toronto,
1994.

41.The National Security Agency and Fourth Amendment Rights, Hearings
before the Select Committee to Study Government Operations with Respect
to Intelligence Activitities, US Senate, Washington, 1976.

42.Letter from, Lt Gen Lew Allen, Director of NSA to US Attorney General
Elliot Richardson, 4 October 1973; contained in the previous document.

43.Private communication.

44.World in Action, Granada TV.

45.This arrangements appears to be an attempt to comply with legal
restrictions in the Interception of Communications Act 1985, which
prohibit GCHQ from handling messages except those identified in
government "certificates" which "describe the intercepted material which
should be examined". The Act specifies that "so much of the intercepted
material as is not certified by the certificate is not [to be] read,
looked at or listened to by any person". It appears from this that,
although all messages passing through the United Kingdom are intercepted
and sent to GCHQ's London office, the organisation considers that by
having British Telecom staff operate the Dictionary computer, it is
still under the control of the telecommunications network operator
unless and until it is selected by the Dictionary and passes from BT to
GCHQ.

46.Private communications.

47."Naval Security Group Detachment, Sugar Grove History for 1990", US
Navy, 1 April 1991.

48.Missions, functions and tasks of Naval Security Group Activity
(NAVSECGRUACT) Sugar Grove, West Virginia", NAVSECGRU INSTRUCTION
C5450.48A, 3 September 1991.

49.Report on tasks of Detachment 3 , 544 Air Intelligence Group, Air
Intelligence Agency Almanac, US Air Force, 1998-99.

50.Ibid, Detachment 2, 544 Air Intelligence Group.

51.Information obtained by Bill Robinson, Conrad Grebel College,
Waterloo, Ontario. CDF and CFS documents were obtained under the Freedom
of Information Act, or published on the World Wide Web.

52.Career resume of Patrick D Duguay, published at:
http://home.istar.ca/~pdduguay/resume.htm

53.CSE Financial Status Report, 1 March 1996, released under the Freedom
of Information Act. Further details about "ECHELON" were not provided.
It is therefore ambiguous as to whether the expenditure was intended for
the ECHELON computer system, or for different functions (for example
telecommunications or power services).

54."Secret Power", op cit.

55.Twenty/Twenty, TV3 (New Zealand), October 1999.

56.Interview with David Herson, Head of Senior Officers' Group on
Information Security, EU, by staff of Engineering Weekly (Denmark), 25
September 1996. Published at http://www.ing.dk/arkiv/herson.htm

57.Council Resolution on the Lawful Interception of Telecommunications,
17 January 1995, (96C_329/01)

58."International Harmonisation of Technical Requirements for Legal
Interception of Telecommunications", Resolution 1115, Tenth Plenary
meeting of the ITU Council, Geneva, 27 June 1997.

59.ENFOPOL 98, Draft Resolution of the Council on Telecommunications
Interception in respect of New Technology. Submitted by the Austrian
Presidency. Brussels, 3 September 1998.

60.ENFOPOL 19, 13 March 1999.

61.European Parliament, 14 September 1998.

62."Uncle Sam's Eavesdroppers", Close Up North, BBC North, 3 December
1998; reported in "Star Wars strikes back", Guardian, 3 December 1998

63."Dispatches : The Hill", Channel 4 Television (UK), 6 October 1993

64.Ibid.

65."Mixing business with spying; secret information is passed routinely
to U.S.", Scott Shane, Baltimore Sun, 1 November 1996.

66."UK Eyes Alpha", op cit, p235.

67.Private communication.

68.See note 62.

69.Raytheon Corp press release: published at:
http://www.raytheon.com/sivam/contract.html

70."America's Fortress of Spies", Scott Shane and Tom Bowman, Baltimore
Sun 3 December 1995.

71."Company Spies", Robert Dreyfuss, Mother Jones, May/June 1994.

72.Financial Post, Canada, 28 February 1998.

73.European Parliament, 16 September 1998.

74.See note 56.

75.Equivalent communications may be known as Synchronous Transport
Module (STM) signals within the Synchronous Digital Hierarchy (ITU
standard); Synchronous Transport Signals (STS) within the US SONET
system; or as Optical Carrier signals (OC).

76.The information about these Sigint systems has been drawn from open
sources (only).

77.In April 199, the peak data rate at MAE West was less than 1.9 Gbps.

78.Redundant Arrays of Inexpensive Disks.

79.Very Small Aperture Terminal; SCPC is Single Channel Per Carrier.

80."Collected Signals Data Format"; defined in US Signals Intelligence
Directive 126 and in NSA's CSDF manual. Two associated NSA publications
providing further guidance are the Voice Processing Systems Data Element
Dictionary and the Facsimile Data Element Dictionary, both issued in
March 1997.

81.The Data Workstation processes TCP/IP, PP, SMTP, POP3, MIME, HDLC,
X.25, V.100, and modem protocols up to and including V.42 (see
glossary).

82."Practical Blind Demodulators for high-order QAM signals", J R
Treichler, M G Larimore and J C Harp, Proc IEEE, 86, 10, 1998, p1907. Mr
Treichler is technical director of AST. The paper describes a system
used to intercept multiple V.34 signals, extendable to the more recent
protocols.

83.The tasks were set in the second Text Retrieval conference(TREC)
organised by the ARPA and the US National Institute of Science and
Technology (NIST), Gaithersburg, Maryland. The 7th annual TREC
conference took place in Maryland in 1999.

84."Method of retrieving documents that concern the same topic"; US
Patent number 5418951, issued 23 May 1995; inventor, Marc Damashek;
rights assigned to NSA.

85.Address to the Symposium on "National Security and National
Competitiveness : Open Source Solutions" by Vice Admiral William
Studeman, Deputy Director of Central Intelligence and former director of
NSA, 1 December 1992, McLean, Virginia.

86.For example, IBM Via Voice, Dragon Naturally Speaking, Lemout and
Hauspe Voice Xpress.

87."A Hidden Markov Model based keyword recognition system", R.C.Rose
and D.B.Paul, Proceedings of the International Conference on Accoustics,
Speech and Signal processing, April 1990.

88.Centre de Recherche Informatique de Montreal.

89."Projet detection des Themes", CRIM, 1997; published at
http://www.crim.ca/adi/projet2.html.

90.Private communication.

91.NSA/CSS Classification Guide, NSA, revised 1 April 1983.

92."Rigging the game: Spy Sting", Tom Bowman, Scott Shane, Baltimore
Sun, 10 December 1995.

93."Wer ist der Befugte Vierte?", Der Spiegel, 36, 1996, pp. 206-7.

94."Secret Swedish E-Mail Can Be Read by the U.S.A", Fredrik Laurin,
Calle Froste, Svenska Dagbladet, 18 November 1997
-----
Aloha, He'Ping,
Om, Shalom, Salaam.
Em Hotep, Peace Be,
Omnia Bona Bonis,
All My Relations.
Adieu, Adios, Aloha.
Amen.
Roads End
Kris

DECLARATION & DISCLAIMER
==========
CTRL is a discussion and informational exchange list. Proselyzting propagandic
screeds are not allowed. Substance�not soapboxing!  These are sordid matters
and 'conspiracy theory', with its many half-truths, misdirections and outright
frauds is used politically  by different groups with major and minor effects
spread throughout the spectrum of time and thought. That being said, CTRL
gives no endorsement to the validity of posts, and always suggests to readers;
be wary of what you read. CTRL gives no credeence to Holocaust denial and
nazi's need not apply.

Let us please be civil and as always, Caveat Lector.
========================================================================
Archives Available at:
http://home.ease.lsoft.com/archives/CTRL.html

http:[EMAIL PROTECTED]/
========================================================================
To subscribe to Conspiracy Theory Research List[CTRL] send email:
SUBSCRIBE CTRL [to:] [EMAIL PROTECTED]

To UNsubscribe to Conspiracy Theory Research List[CTRL] send email:
SIGNOFF CTRL [to:] [EMAIL PROTECTED]

Om