This is a rush transcript. Copy may not be in its final form.

NERMEEN SHAIKH: A new exposé in Wired Magazine has revealed new details about how the National Security Agency is quietly building the largest spy center in the country in Bluffdale, Utah, as part of a secret NSA surveillance program codenamed "Stellar Wind." According to investigative reporter James Bamford, the NSA has established listening posts throughout the nation to collect and sift through billions of email messages and phone calls, whether they originate within the country or overseas. The Utah spy center will contain near-bottomless databases to store all forms of communication collected by the agency. This includes the complete contents of private emails, cell phone calls and Google searches, as well as all sorts of personal data trails—parking receipts, travel itineraries, bookstore purchases and other digital "pocket litter."

AMY GOODMAN: In addition, the NSA has also created a supercomputer of almost unimaginable speed to look for patterns and unscramble codes. James Bamford writes the secret surveillance program "is, in some measure, the realization of the 'total information awareness' program created during the first term of the Bush administration," but later killed by Congress in 2003 due to privacy concerns and public outcry.

James Bamford joins us now from London, England. His article in Wired is called "The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say)." Jim Bamford is an investigative journalist who’s been covering the National Security Agency for the last three decades. He came close to standing trial after revealing the NSA’s operations in an explosive 1982 book called The Puzzle Palace. His latest book is the last in his trilogy on the NSA; it’s called The Shadow Factory: The Ultra-Secret NSA from 9/11 to the Eavesdropping on America.

James Bamford, welcome to Democracy Now! Your piece is so dramatic. I was wondering if you might read the first few paragraphs as we begin.

JAMES BAMFORD: I’ll give it a try.

“The spring air in the small, sand-dusted town has a soft haze to it, and clumps of green-gray sagebrush rustle in the breeze. Bluffdale sits in a bowl-shaped valley in the shadow of Utah’s Wasatch Range to the east and the Oquirrh Mountains to the west. It’s the heart of Mormon country, where religious pioneers first arrived more than 160 years ago. They came to escape the rest of the world, to understand the mysterious words sent down from their god as revealed on buried golden plates, and to practice what has become known as 'the principle,' marriage to multiple wives.

“Today Bluffdale is home to one of the nation’s largest sects of polygamists, the Apostolic United Brethren, with upwards of 9,000 members. The brethren’s complex includes a chapel, a school, a sports field, and an archive. Membership has doubled since 1978—and the number of plural marriages has tripled—so the sect has recently been looking for ways to purchase more land and expand throughout the town.

“But new pioneers have quietly begun moving into the area, secretive outsiders who say little and keep to themselves. Like the pious polygamists, they are focused on deciphering cryptic messages that only they have the power to understand. Just off Beef Hollow Road, less than a mile from brethren headquarters, thousands of hard-hatted construction workers in sweat-soaked T-shirts are laying the groundwork for the newcomers’ own temple and archive, a massive complex so large that it necessitated expanding the town’s boundaries. Once built, it will be more than five times the size of the US Capitol.

"Rather than Bibles, prophets, and worshippers, this temple will be filled with servers, computer intelligence experts, and armed guards. And instead of listening for words flowing down from heaven, these newcomers will be secretly capturing, storing, and analyzing vast quantities of words and images hurtling through the world’s telecommunications networks. In the little town of Bluffdale, Big Love and Big Brother have become uneasy neighbors."

AMY GOODMAN: And those are the opening words of Jim Bamford’s piece, "The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say)." So, James Bamford, it’s good to have you on, albeit from Britain right now. But talk further about what you have found and what the capacity of this data center, as they call it, seemingly so innocuous, is.

JAMES BAMFORD: Well, it’s going to be a million square feet. That’s gigantic. There’s only one data center in the country that’s larger, and it’s only slightly larger than that. And it’s going to cost $2 billion. It’s being built in this area on a military base outside of Salt Lake City in Bluffdale. As I said, they had to actually extend the boundary of the town so it would fit into it.

And the whole purpose of this is the centerpiece of this massive eavesdropping complex, this network that was created after 9/11. During the '90s, the NSA had a disastrous decade, following the Cold War. They missed the first World Trade Center bombing. They missed the attack on the USS Cole. They missed the attack on the U.S. embassies in East Africa. And finally, they missed the 9/11 attacks. So NSA wanted to pretty much recreate itself as this massive eavesdropping organization that was, during the Cold War, focused on the Soviet Union, primarily, and to some degree, the Eastern Europe and China and Cuba, communist countries, and today it's focused on anybody that could use a piece of communication, because the terrorists that they’re eventually after use the same kind of communications that everybody else does. So it has to focus on the worldwide network of communications, the same network that all of us use.

So you have this massive agency that’s collecting a tremendous amount of information every day by satellites, by tapping into undersea cables, by picking up microwave links and tapping of cell phones and data links on your computer, email links, and so forth. And then it has to store it someplace, and that’s why they built Bluffdale. And then that acts as, in essence, like a cloud, a digital cloud, so that agency employees, analysts from around the country at NSA headquarters and their listening posts in different parts of the U.S.—in Georgia, Texas, Hawaii and Colorado—can all access that information held in Bluffdale in that data center. And that’s pretty much a summary of what that data center is all about.

NERMEEN SHAIKH: James Bamford, can you explain also for—you know, I think most people are more familiar with the work of the CIA or the FBI or other intelligence agencies. The National—the NSA is the most secretive. So can you say a little about what the work they do, how that’s different from what the other agencies do?

JAMES BAMFORD: Sure. The NSA is much different from the CIA. First of all, it’s about three times the size. It costs far more. It’s tremendously more secret than the CIA. And what it does is very different. It’s focused on eavesdropping, on tapping into major communications links, on listening to what people around the world and, to some degree, in the United States say on telephones, email, communications. That’s really the high point of intelligence these days. Human intelligence is what the CIA does. It goes out and recruits spies, or it blows people up with drones. So, the actual collection—and human intelligence hasn’t really been very good historically. Most the intelligence that the U.S. gathers comes from NSA, is from tapping into communications. So that’s a very big difference between the two. And NSA is really the most powerful intelligence agency, not only in the U.S., but in the world today.

NERMEEN SHAIKH: One of the things that you also mention, one of the key—key functions that this new facility will undertake is—has to do with the Advanced Encryption Standard. Can you say a little about that and why it’s important?

JAMES BAMFORD: Well, yeah, the other purpose, in addition to storing material, is it’s a—it plays a major role in the codebreaking aspects of NSA. NSA has several missions. One of them is intercepting communications. The other is breaking codes, because a lot of that information is encrypted. And the third function of NSA is making codes for the U.S., encrypting U.S. communications. So Bluffdale will play a major role in the breaking of codes because, for breaking codes, you really need two key ingredients. One is a very large—a place where you can store a very large amount of material, because the more material you have, when you’re going through it, using computers to go through it, what you’re looking for is patterns. And the more material that you have—the more data, the more telephone calls, the more email, the more encrypted data that you have—the more patterns that you’re likely to discover.

And the second thing you need is a very, very powerful computer, a very fast computer that can go through enormous amounts of information very fast looking for those patterns. And so, the NSA is now also building a very secret facility down in Tennessee at Oak Ridge, where during World War II the U.S., in great secrecy, developed the atomic bomb as part of the Manhattan Project. So now, instead of an atomic bomb, you have a massive computer that the NSA is working on to be the fastest computer in the world, with speeds that are just beyond most people’s comprehensions. And the reason for that is because they have to use these computers to do what they call "brute force" — in other words, take this data and just go through it as fast as possible just to look for these key patterns.

AMY GOODMAN: We’re talking to James Bamford, investigative reporter who’s covered the National Security Agency for more than three decades. His piece in Wired Magazine, that we’re going to continue with after break, is called "The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say)." He’s speaking to us from Britain. This is Democracy Now! We’ll be back with Jim Bamford in a minute, and we will also be joined later by Thomas Drake. If there was a trial, Jim Bamford might have testified at the trial of Thomas Drake, an NSA whistleblower. Stay with us.


NERMEEN SHAIKH: Yesterday, Democratic Congressman Hank Johnson of Georgia questioned NSA director and CYBERCOM commander, General Keith Alexander, about reports that the NSA is intercepting U.S. citizens’ phone calls and emails. Johnson specifically refers to your article, Jim Bamford. Let’s go to that clip.

REP. HANK JOHNSON: General, a article in Wired Magazine reported this month that a whistleblower, formerly employed by the NSA, has stated NSA signals intercepts include, quote, "eavesdropping on domestic phone calls" and "inspection of domestic emails," end-quote. Is that true?

GEN. KEITH ALEXANDER: No, not in that context. The question that—or, I think what he’s trying to raise is, are we gathering all the information on the United States? No, that is not correct.

REP. HANK JOHNSON: The author of the Wired Magazine article’s name is James Bashford [sic]. He writes that NSA has software that, quote, "searches US sources for target addresses, locations, countries, and phone numbers, as well as watch-listed names, keywords, and phrases in email. Any communication that arouses suspicion, especially those to or from the million or so people on agency watch lists, are automatically copied or recorded and then transmitted to the NSA." Is this true?


NERMEEN SHAIKH: That was NSA director, General Keith Alexander, being questioned by Georgia Congressman Hank Johnson. James Bamford, your response?

JAMES BAMFORD: Well, you know, the NSA has constantly denied that they’re doing things, and then it turns out they are doing these things. They denied they were doing domestic eavesdropping back in the '70s, and it turned out they had Operation SHAMROCK and Operation MINARET, and they've been reading every single telegram coming in or going out of the country for 30 years at that point, and also eavesdropping on antiwar veterans. That came out during the Church Committee report. More recently, a few years ago, President Bush said before camera that the United States is not eavesdropping on anybody without a warrant, and then it turns out that we had this exposure to all the warrantless eavesdropping in the New York Times article. And so, you have this constant denial and parsing of words in terms of what he’s saying.

So, what I would like to do—I quote from a number of people in the article that are whistleblowers. They worked at NSA. They worked there many years. One of my key whistleblowers was the senior technical person on the largest eavesdropping operation in NSA. He was a very senior NSA official. He was in charge of basically automating the entire world eavesdropping network for NSA. So—and one of the other people is a intercept operator that was actually listening to these calls, listening to journalists calling from overseas and talking to their wives and having intimate conversations. And she tells about how these people were having these conversations, and she felt very guilty listening to them. These people came forward and said, you know, this shouldn’t be happening. Bill Binney, the senior official I interviewed, had been with NSA for 40 years almost, and he left, saying that what they’re doing is unconstitutional.

What I’d like to see is, why don’t we have a panel, for the first time in history, of some of these people and have them before Congress, sitting there telling their story to Congress, instead of to me, and then have NSA respond to them? I mean, this is the American public who we’re talking about whose phone calls we’re talking about, so—and email and data searches and all that. So I think it’s about time that the Congress get involved, instead of asking questions from a newspaper or from a magazine article, and start actually questioning these people on the record in terms of what they’re doing and how they’re doing it and to whom they’re doing it—you know, to whom they’re doing it.

AMY GOODMAN: We’re talking to James Bamford, longtime reporter on intelligence activities in this country, has been doing it for more than 30 years, been covering the National Security Agency, a top-secret agency far bigger than the CIA. Jim Bamford, you referred to some of your whistleblowers. And in 2008, I spoke with retired Army Sergeant Adrienne Kinne here on Democracy Now!, who revealed she was personally ordered to eavesdrop on Americans working for news organizations and NGOs in Iraq. Take a listen.

ADRIENNE KINNE: After 9/11, when we were mobilized and given this new mission, it was very—starting something from the bottom up, and it was really striking that in intercepting all these satellite phone communications, the majority of the traffic was not Arabic. It was languages beyond our translation capabilities. We would get Chinese, Japanese, Tagalog, Tadzhik, a lot of Dari, Persian, Pashto, some minimal Arabic, but really not that much. And so, we would just go through this process of going through and identifying who belonged to what. And as we began to identify different phone numbers which belong to these humanitarian aid organizations and journalists, we actually had the capability to block those phone numbers from being intercepted, but due to guidance given to our officer in charge, we did not do that.

AMY GOODMAN: That was a retired Army Sergeant Adrienne Kinne, who was here in the United States eavesdropping on the Palestine Hotel, which was later bombed. She said she saw a piece of paper that showed that the Palestine Hotel was going to be bombed and went to her superiors and said, "You’re bombing the hotel where I am listening to the people inside, and I can tell you that they are journalists." Jim Bamford, you quote Adrienne in your piece, as well, in your piece in Wired Magazine called "The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say)." Jim?

JAMES BAMFORD: Yes, I first interviewed Adrienne for my book, The Shadow Factory, a number of years ago. And she’s extremely credible. And these are people, just like Bill Binney, that aren’t speaking to me confidentially; they’re speaking to me on the record, and they’re risking jail, basically, to tell the country what’s going on. So these people have a great deal of courage and a great deal of credibility, and that’s why I think that the NSA owes them and owes the country a duty to come out and say what they’re doing. I mean, this is a democracy, as your program often says, and I think the public should really have at least a fair insight into what the government is doing with their communications.

NERMEEN SHAIKH: One of the most extraordinary things about the eavesdropping program is the number of languages that people are—at the NSA are eavesdropping on. Can you say a little about what kind of linguistic ability the people who are listening in have?

JAMES BAMFORD: Well, the NSA was always very hurting for linguistic capabilities, especially in the lead-up to 9/11, so they had very few people that spoke [Pashto] or Dari, the languages in Afghanistan. They had very much an insufficient number of people who spoke Arabic. And Adrienne Kinne was telling me how they had an instructor down in Georgia, where she was working for NSA, trying to teach rudimentary [Pashto], I think it was, to some of the people, but they—it was very hard for them to pick it up. So, there’s 7,000 languages in the world. And NSA is—that’s one of the very difficult things NSA has. It’s trying to understand what people are saying. Picking up the information, intercepting it, is far less difficult than understanding what they’re saying.

AMY GOODMAN: In response to your article, Jim Bamford, Forbes Magazine published a piece yesterday by Loren Thompson of the Lexington Institute called "NSA’s Secret Data Center Is a Threat, But Only to America’s Enemies." The author writes, quote, "The real reason the intelligence community needs big cryptological and analytic complexes is that modern information technology has empowered hostile states and extremists of every stripe, giving them unprecedented access to the sources of American strength while enabling them to thoroughly obscure the authors and content of their communications." James Bamford, your comment?

JAMES BAMFORD: Well, listen, I mean, we’ve—I wrote another book called A Pretext for War about how we got into the Iraq War. And I’ve been hearing this fear mongering, fear mongering, fear mongering forever. We’re spending enormous amounts of money on NSA to pick up communications. And even though they lost all these—they had all these failures during the 1990s, you know, failure after failure—the World Trade Center One and World Trade Center Two, the attack on the Cole, the East African embassies bombings—and even after they started all this rebuilding and more and more money, they still missed the person flying over on the Christmas Day flight to Detroit with a bomb in his underwear. They missed the person in Times Square. So, you know, all this eavesdropping we’re doing and all this money we’re spending, I don’t see an awful lot of value coming out of that. But I do hear tremendous amounts of fear mongering, that sort of nonstop fear mongering from the people that are pushing this agenda.

NERMEEN SHAIKH: One of the things that you’ve raised in the past has to do with the way in which the NSA worked with the telecommunications industry here in the U.S. to eavesdrop on American citizens. But they apparently outsourced the eavesdropping—I mean, the relationship between the NSA and the telecommunications companies, to a third party. Can you say a little bit about who that third party was, who those companies were, and where they were based?

JAMES BAMFORD: Yeah, the—two of the companies that were heavily involved, one of them was Narus. It was a company that has been since bought by Boeing. It was a company formed in Israel by Israelis, and then it ran its company from California. But the NSA—or, I guess it was AT&T that basically hired them. And they—or NSA, maybe the two of them working together. But the bottom line was, Narus provided the equipment that NSA was using in the AT&T facilities. AT&T had this big switch in San Francisco. And it would be using this Narus equipment that would take the information from the wires coming in, the cables coming in, and then route it to NSA, the information that NSA wanted. So it used this company called Narus. And again, it’s a company that had been formed overseas, and you really have to start wondering when you have companies that were formed in foreign countries, and they’re giving such intimate access to U.S. telecommunications, especially very secret U.S. work.

The other company was Verint, and they do a lot of the monitoring for Verizon. And Verint also was formed in Israel by Israelis. And it turns out that the chairman and founder of the company ended up being a fugitive now from the United States, wanted on multiple counts of fraud and theft and so forth. He’s hiding out in Namibia in Africa now. And then two other members of the general counsel and another senior executive from the parent company, Comverse, was also arrested and charged in the theft and pleaded guilty. So you have the problem of—these companies that are actually doing the very sensitive work of monitoring everybody’s communications, you have real questions about them, let alone the people that the NSA is targeting.

AMY GOODMAN: Jim Bamford, you have been writing about the NSA for decades. It’s interesting speaking to you in London. We usually speak to you in the United States. You’re sitting right along the Thames, across the river from MI6, from British intelligence agencies, as we speak. But as you unveiled this story in Wired Magazine about Bluff, Utah, [Editor’s note: not to be confused with smaller place or obscure, until now, Bluff, Utah, right near the Four Corners where, you know, Colorado and New Mexico, Utah and Arizona hit on the map there in the Southwest of the United States], I can’t help but think about how you came close to standing trial in 1982 for your book on the NSA, The Puzzle Palace, revealing what was going on with the NSA. Are you at all concerned about what it means to reveal this information?

JAMES BAMFORD: Well, as you mentioned, I’ve been doing it for 30 years, so I’ve had concerns about that from time to time. In 1982, as you mentioned, I didn’t come close to trial, because they never—I was never arrested or prosecuted or anything, but I was threatened twice by the Justice Department to return documents that they said were classified. But these were documents that had been released to me by the attorney general under the Carter administration, Attorney General Civiletti. And so, I never returned the documents, because they were unclassified when they were given to me. And what the Reagan administration did was reclassify them as top secret and then order that I give them back. But we found a passage in the executive order on secrecy that said once a document has been declassified, it can’t be reclassified. So then Reagan changed the executive order to say that it could be reclassified, but that couldn’t apply to my case because of the principle of ex post facto. So that was fairly dramatic, where they were threatening me during the writing of The Puzzle Palace.

But, you know, ironically, the second book I had on NSA after that, Body of Secrets, they had a book signing for me at NSA. And I interviewed, you know, the director in his office and had tours of the agency and all that other—everything else. But then, when I discovered that NSA was doing all this illegal warrantless eavesdropping, I wrote the third book, which was The Shadow Factory, showing how NSA got involved in all this illegal activity after they had basically given it up for many years, ever since the Foreign Intelligence Surveillance Court was created in—around 1978. So, you know, I’ve had sort of a love-hate relationship with NSA over the years. But I—so, sometimes I’ll compliment them if they do something good, and other times I’ll criticize them, as I do in this article, for things that I don’t think they’re doing very good.

NERMEEN SHAIKH: James Bamford, can you say what your response is to the way in which the Obama administration has dealt with this issue, as against how the Bush administration did, what differences there are, if any?

JAMES BAMFORD: Well, I haven’t seen a lot of differences. President Obama, for example, when all the furor broke out over the warrantless eavesdropping during the Bush administration, came out and said that he was totally against that, he was going to vote against changing the law to allow that kind of thing and also to vote against giving immunity to the telecom companies. The telecom companies could have been charged with a crime for violating everybody’s privacy. But then, when he—when push came to shove and it came time to vote, he didn’t. He voted opposite to what he said, and he voted for the legislation, sort of creating this warrantless eavesdropping change to the law that he was—said he was previously against, which basically legalized what the Bush administration had been doing in their warrantless eavesdropping. And he also voted against—or he voted in favor of giving immunity to the telecom companies, which is again opposite of what he said previously.

And now he’s, you know, the president here last three years, while they’ve been building this enormous—or at least completing this enormous infrastructure, and they hadn’t even started this when he became president, the large data center in Bluffdale. So I don’t really see an awful lot of difference between the two in terms of what’s going on with NSA. If anything, it’s gotten much larger under Obama than it was under Bush.

AMY GOODMAN: James Bamford, we’re going to ask you to stay with us—he’s speaking to us from London, investigative reporter who wrote The Puzzle Palace, Shadow Factory, now a piece in Wired called "The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say)" — because we’re going to be joined by two whistleblowers. One of them, if he had stood trial, Thomas Drake, who worked at the NSA, possibly Jim Bamford would have testified at that trial. We’ll also be joined by Jesselyn Radack, who took on the Justice Department, particularly around the case of John Walker Lindh, who is still in prison.

This is Democracy Now!,, The War and Peace Report. We’ll be back in less than a minute.


The Ring of Steel 

By Paul Chandler

For me, the only thing worse than being beaten, robbed, stabbed, shot, or violated in any other way, would be for my assailant to escape not only the scene of the crime, but also prosecution in a court of law. If you live in the United Kingdom and this happens to you, the chances of your attacker escaping justice are pretty much slim to none if the assault is carried out in a public place.

For more than two decades now, the people of the U.K. have been living their lives under the microscope of a state controlled all-seeing eye. “Big Brother”, a name commonly used when referring to the CCTV cameras installed throughout the country, has been watching people go about their daily business twenty-four hours a day, seven days a week, 365 days a year during this time, and it’s not about to stop either.

Today there are more than 4.2 million CCTV cameras staring down from above onto the streets of Great Britain alone according to a 2006 report to the Information Commissioner by the Surveillance Studies Network. It’s estimated that just being out and about in London alone, that you are likely to come into contact with these cameras an average of 300 times a day.

You would think that this kind of coverage would easily persuade the criminal minded to behave themselves and become model citizens of their community, but the very real truth is, it doesn’t.

Starting in 1997, when the gun control laws were amended to virtually banish private ownership of all handguns, the number of crimes committed in the U.K. involving the possession of a firearm has actually increased, but even so, the number of gun-related deaths reported has dropped.

Statistics also show that the cameras do not deter violent crime as well as the Home office (U.K. version of Homeland Security) had hoped for, but they do effectively aid in the apprehension, prosecution, and sentencing of those involved in crimes with no witness or physical evidence.

Unsurprisingly, these very same cameras can also help in proving the innocence of the wrongly accused when a jury is presented with court evidence that strongly suggests otherwise.

So who or what brought about the transformation of an entire nation into a surveillance society? The answer to this question does not come easily and required many hours of research into the subject of CCTV and its history of use in the U.K.

After sorting through the vast amount of information that is freely available on the Internet and in print, I can tell you that there was no single person or thing that triggered this transformation, but rather a chain of violent historical events (watch video) that left both the citizens and the government of the U.K. desperately needing to feel safe once again.

Once you examine the history of violence in the U.K., it becomes very clear that attacks by the Provisional Irish Republican Army (IRA) are most responsible for the move towards the heavy use of CCTV systems in the U.K. by British law enforcement.

Since 1921, Irish Nationalist have been fighting the British over who should control Northern Ireland and its partition from the rest of Ireland by the British government. Ever since this separation, it has been the mission of the IRA to re-unite Northern Ireland with the rest of Ireland nationally, politically, financially, socially, and religiously by whatever means necessary, even if it means resorting to violent measures that more often than not, include civilian casualties.

They are especially fond of bombing crowded mass transit systems and areas where they can inflict damage not only physically, but also economically. The Underground (a.k.a. the tube because of its cylindrical design) and the Mainland Surface Transportation facilities of the U.K. have been a favorite target of the IRA for years simply because of the millions of people who use the system on a daily basis.
Between 1991 and 1998 there were 41 bombs and 6,762 telephoned bomb threats against the railways alone, most, if not all, by the IRA.

When you look at the data, it's no surprise that the rail systems of the U.K. are now littered with state of the art CCTV systems that rival those used in Las Vegas casinos to thwart card counting and other methods of cheating.

The bombing of Bishopsgate (London’s financial district) in 1993 resulted in a massive effort (nicknamed the "ring of steel") by the British police forces to increase the number of CCTV cameras present at entry points into the city and hundreds of other locations.

The expansion effort has continued unabated to this day with ANPR (Automatic Number Plate Recognition) technology being introduced in March of 2006 to the already existing CCTV camera systems present in the towns and cities of London. New technology that will allow cameras to detect anti-social behavior by reading body language is also being developed as well as facial recognition and voice recognition technologies.

Currently the U.K. is recognized around the globe as the world’s biggest user of CCTV cameras, and its long-time practice of conducting live monitoring of citizens has now spilled over into the U.S. (Washington, D.C., New York, Chicago, San Francisco, Baltimore, and Philadelphia as of this writing) and other countries. The question now is, will history repeat itself? It looks like it already has.

Edward Snowden Video-Link Testimony at Parliamentary Assembly of the Council of Europe (PACE) Hearing on Mass Surveillance


CHAIR: Good afternoon ladies and gentlemen, colleagues. I'd like to call this meeting to order so could everybody please take a seat? Okay, so the first item on our agenda is a hearing on mass surveillance and a report prepared by Mr Peter Omtzigt. We're joined here for this hearing by Mr Hansjörg Geiger, former head of the Bundesnachtrichtendienst and state secretary… actually we're not joined by Mr Geiger yet.

SCHIRMER: [unclear] He's just gone to look for something.

CHAIR: Okay, while we're waiting for him, I'd like to introduce Mr Douwe Korff, professor of international law at London Metropolitan University and we have

SCHIRMER: Mr Geiger [unclear] he was here before [unclear]

CHAIR: Mr Geiger, thank you. And we're joined on video link from Moscow by Mr Edward Snowden. Mr Snowden, can you hear us?

SNOWDEN: I can hear you. Can you hear me?

CHAIR: Yes. Thank you very much. Thank you.

Because we have a video link I would ask all participants to speak quite slowly, particularly when asking questions or expecting a response, because of a time – a possible time lapse in video link. Is that clear?

Okay, I'd like to call upon Mr Peter Omtzig, the rapporteur on mass surveillance to introduce his report on the topic of the hearing.

OMTZIGT: Thank you. Dear colleagues, and dear guests, I'm very pleased that we can have this hearing today. Its purpose is to provide some input for report on the Committee for Legal Affairs, which will be presented late this year to the assembly, on the topic of mass surveillance, and the second report on whistleblowing. For those interested in some details of the background of this hearing my introduction my introductory memorandum is available on the Committee's website. Our discussion was triggered by the courageous action of Mr Edward Snowden who blew the whistle on practices by the NSA that have been hidden from any public scrutiny for many years.

We now have the pleasure and the honor to have Mr Snowden among us, albeit only with the video link. Much to my regret he could not come to Strasbourg in person, because we were unable to arrange safe passage with the competant authorities. As you know, Edward Snowden faces serial criminal charges in the United States because of the revelations, and is therefore accompanied by his attorneys.

They will listen to the question the committee members will be invited to ask after the three expert statements have been made. In case questions will be asked that are not related to mass surveillance or that might increase the danger of criminal prosecution for Mr Snowden, his attorneys will have to advise him not to answer this type of questions.

Mr Snowden has also asked me to let you know from the outset, that the cannot reveal new information, but comment on that already published by the media from his perspective as an expert witness.

Our second speaker will be Hansjörg Geiger, former head of German BND, that's the German secret service. He will contribute to our debate from the perspective of intelligence professionals. He has a strong reputation of respect for fundamental rights and the rule of law and will argue that such principles need not prevent intelligence services from fulfilling their legitimate task.

Our third speaker, on the right, is my compatriot professor Mr Douwe Korff, he will look at the debate on surveillance from the legal respective. As it benefits our committee his main focus will be the European Convention on Human rights.

Regrettably the US authorities, who have also been invited to be represented at this podium have politely declined to attend. My thanks go in advance to the interpreters who are doing a challenging job in these circumstances. I'll give the floor to Mr Snowden.

SNOWDEN: I'd like to thank the committee for this invitation to testify. I also regret not being able to attend at Strassbourg directly I wasn't able to attend due to travel. Before I begin the prepared remarks I have to open with a short disclaimer. With the greatest respect I reserve the right to decline any question for which providing an answer would prove contrary to the public interest or to the national security of the state. I caution you that some of my comments appear more general than one might expect due to my technical experience and direct personal experience with many of these programs. I apologize in advance for the lack of precision, and ask that you bear in mind – and ask that you bear in mind that particular general answers may be the product of principle or circumstance rather than lack of specific knowledge.

I'm proud of the fact that despite the dramatic protestations of the Intelligence chiefs. No evidence has ever been shown by any government that the revelations of the last year caused any specific harm, and the guiding principle of my participation in today's testimony is to ensure this unbroken record of serving the public interest while minimizing any potential harms continues without interruption. I also note that any facts raised in today's testimony have been independently determined – by journalists to serve a vital public interest.

Beyond that, I remind the committee that even where there exists a compelling interest for making a particular disclosure, I may not be able to apply additional detail. Due to failures in whistleblowing legislation in the United States, there are no legal channels available for individuals such as myself who are employed as contractors, rather than direct federal employees, to safely testify in front of legislative committees. As such, I ask for your understanding that despite the executive policy changes, legal reforms, and court decisions to improve the rights of others that have occurred as a result of my disclosures, I remain in a position of significant legal jeopardy.

I believe last year showed that an expectation of persecution for political speech in the context of national security whistleblowing is not unreasonable. And although it goes without saying that at this point, I would like to clarify that I have no intention of harming the United States government or straining bilateral ties between any nations. My motivation is to improve government, not to bring it down.

I'd like to request that my previous testimony to the EU parliament be entered into the record, so that rather than exhaustively covering previous statements, we can use this time instead to discuss programs less well understood by the public, or perhaps that have been misinterpreted by journalists – as well as to address a few novel questions of particular significance that I've received from this committee, to briefly summarize my testimony to the EU parliament and establish the following points that we will likely touch on today.

Beginning and going forward from here, that the US government confirmed, in at least three independent determinations in the last six months, that the kind of dragnet mass surveillance we discussed today is ineffective in preventing terrorism. The government also asserted, at least twice that such programs appear to have no basis in law. That Western involvement in mass surveillance has set a dangerous precedent – encouraging and potentially legitimizing the activities of authoritarian governments that desire to construct similar systems.

CHAIR: Mr Snowden, could I just ask you to slow down? As the video link is a little difficult and our interpreters are having some difficulties. So if you could just speak more slowly, I would appreciate it.

SNOWDEN: Absolutely, [chuckle] I uh, I have too much in my statement. Shall I repeat that or continue from here?

CHAIR: If you could continue from here, but just more slowly. Thank you.

SNOWDEN: Thank you.

The US National Security Agency has a directorate that has worked to intentionally subvert the privacy laws and constitutional protections of EU member states against mass surveillance. That the body of public evidence indicates mass surveillance results in societies that are not only less liberal, but less safe. That the NSA shares mass surveillance technologies with some EU member states as well as access to its own mass surveillance systems. That reports of intelligence agencies using mass surveillance capabilities to monitor peaceful groups unrelated to any terrorist threat or national security purpose, such as the United Nations Children's Fund or spying on American lawyers negotiating trade deals, are in fact accurate.

That the secret court in the United States, that oversees mass surveillance programs, is best described as a rubber stamp court. This court has rejected only eleven of approximately 34,000 requests made by the government over a period of 33 years. It hears arguments only from the government, and its judges are appointed by a single individual, without the benefit of any outside confirmation or review. I add that this secret court was only intended to issue individual and routine warrants for surveillance, not to decide legal issues of global importance, or to authorize general untargeted warrants for, for instance, the clandestine wiretapping of anyone in Germany, as was recently revealed.

That the UK electronic surveillance service, GCHQ collected on a massive scale, images from webcameras, often within bedrooms in private homes, without any individualized suspicion of wrongdoing. This activity continued, even after the GCHQ became aware that the vast majority had no intelligence at all, and roughly 10% of all images, upon auditing, were discovered to be intensely private, depicting some form of nudity or other private intimacy. That the NSA had intentionally sought to collect similarly explicit sexual material regarding religious conservatives whose political views it disfavored and considered radical, for the purpose of exposing it to damage their reputations in order to discredit them within their communities. This is an unprecedented form of political interference that I don't believe has been seen elsewhere in western governments.
That no legal means currently exist to challenge such activities or to seek remedies for such abuses. That mass surveillance is used by the NSA, as well as partners and adversaries for the purposes of economic espionage. NSA had unlawfully compromised the world's major financial transaction facilitators to include SWIFT, and VISA, and in their reports they explicitly noted that such information provided, quote “rich personal information,” including data that “is not about our targets.”

That governments caught engaging in mass surveillance have in the last months attempted to …. have stopped attempting to justify the programs being related to national security and have instead shifted to a far looser restriction of “valid foreign intelligence purposes”. This is particularly problematic for human rights, because any government can justify almost any privacy violation on that basis and it reflects some governments are willing today to see a hard-won moral high ground, rather than implement surveillance reforms.

That I believe the international community should agree to new common standards of behavior, perhaps a convention on the prevention of mass surveillance, as well as the adoption of common technical [inaudible] mandating the use of secure-by-default protocols for the transmission of data, if they are to have any hope of protecting citizens' communications against unlawful surveillance.

That strong, pervasive encryption provides a robust defense against mass surveillance, but does not preclude governments from gaining access to the communications of specificity targeted individuals for the purposes of lawful and justified investigations.

Now I'd like to move on to the questions provided by the committee – my responses to them.

The question was: “to your knowledge does the NSA, or the NSA, or GCHQ or other signals intelligence services engage in sophisticated data-mining analyses of the data captured by the programs that I have exposed? Do they use sophisticated algorithms of the kind widely used in commercial data-mining, to seek out further people of interest?” To answer: yes algorithms are used to determine unknown persons of interests who are not actually suspected of any wrongdoing. This question is a good example of something that journalists and previous inquiries, working independently from public documents – nearly public documents – have had trouble properly interpreting. Some reporting on this issue has already occurred, but due to my inability to participate in the reporting at that time, these groups were unable to achieve complete understanding of the full meaning of these documents.

For example, [The following segment by Marcy Wheeler (@emptywheel): beginning time index 11:16 (NB: 14:34 in full video), some minor edits mine.] it has been reported that the NSA’s XKeyscore framework for interacting with the raw signals intercepted by mass surveillance programs allow for the creation of something that is called “fingerprints.”

I’d like to explain what that really means. The answer will be somewhat technical for a parliamentary setting, but these fingerprints can be used to construct a kind of unique signature for any individual or group’s communications which are often comprised of a collection of “selectors” such as email addresses, phone numbers, or user names.

This allows State Security Bureaus to instantly identify the movements and activities of you, your computers, or other devices, your personal Internet accounts, or even keywords or other uncommon strings that indicate an individual or group, out of all the communications they intercept in the world are associated with that particular communication. Much like a fingerprint that you would leave on, you know, a handle on your door or your steering wheel for your car and so on.
However, though that has been reported, that is the smallest part of the NSA’s fingerprinting capability. You must first understand that any kind of Internet traffic that passes before these mass surveillance sensors can be analyzed in a protocol-agnostic manner — metadata and content, both. And it can be today, right now, searched not only with very little effort, via a complex regular expression, which is a type of shorthand programming. But also via any algorithm an analyst can implement in popular high level programming languages. Now, this is very common for technicians. It not a significant work load, it’s quite easy.

This provides a capability for analysts to do things like associate unique identifiers assigned to untargeted individuals via unencrypted commercial advertising networks through cookies or other trackers — common tracking means used by businesses everyday on the Internet — with personal details, such as individuals’ precise identity, personal identity, their geographic location, their political affiliations, their place of work, their computer operating system and other technical details, their sexual orientation, their personal interests, and so on and so forth. There are very few practical limitations to the kind of analysis that can be technically performed in this manner, short of the actual imagination of the analysts themselves.

And this kind of complex analysis is in fact performed today using these systems. I can say, with authority, that the US government’s claim that “keyword filters,” searches, or “about” analysis, had not been performed by its intelligence agencies are, in fact, false. I know this because I have personally executed such searches with the explicit authorization of US government officials. And I can personally attest that these kind of searches may scrutinize the communications of both American and European Union citizens without the involvement of any judicial warrants or other prior legal review.

What this means in non-technical terms, more generally, is that I, an analyst working at NSA, or, more concerningly, an analyst working for a more authoritarian government elsewhere, can without the issue of any warrant, create an algorithm that for any given time period, with or without human involvement, sets aside the communications of not only targeted individuals, but even a class of individual, and that just indications of an activity — or even just indications of an activity that I as the analyst don’t approve of — something that I consider to be nefarious, or to indicate nefarious thoughts, or pre-criminal activity, even if there’s no evidence or indication that’s in fact what’s happening. that it’s not innocent behavior. The nature of the mass surveillance — of these mass surveillance technologies — create a de facto policy of assigning guilt by association rather than on the basis of specific investigations based on reasonable suspicion.

Specifically, mass surveillance systems like XKeyscore provide organizations such as the NSA with the technical ability to trivially track entire populations of individuals who share any trait that is discoverable from unencrypted communications. For example, these include religious beliefs, political affiliations, sexual orientations, contact with a disfavored individual or group, history of donating to specific or general causes, interactions of transactions with certain private businesses, or even private gun ownership. It is a trivial task, for example, to generate lists of home addresses for people matching the target criteria. Or to collect their phone numbers, to discover their friends, or even to analyze the nature and proximity and location of their social connections by automating the detection of factors such as who they share pictures of their children with, which is capable of machine analysis.

I would hope that this goes without saying, but let me be clear that the NSA is not engaged in any sort of nightmare scenarios, such as actively compiling lists of homosexual individuals to round them up and send them into camps, or anything of that sort. However, they still deeply implicate our human rights. We have to recognize that the infrastructure for such activities has been built, and is within reach of not just the United States and its allies, but any country today. And that includes even private organizations that are not associated with governments.

Accordingly, we have an obligation to develop international standards, to protect against the routine and substantial abuse of this technology, abuses that are ongoing today. I urge the committee in the strongest terms to bear in mind that this is not just a problem for the United States, or the European Union, but that this is in fact a global, “global problem”, not an isolated issue of Europe versus the Five Eyes or any other country. These technical capabilities don’t merely exist, they’re already in place and actively being used without the issue of any judicial warrant. I state that these capabilities are not yet being used to create lists of all the Christians in Egypt, but let’s talk about what they are used for, at least in a general sense, based on actual real world cases that I can assert are in fact true.

Fingerprints — for example, the kind used of XKeyscore — have been used — I have specific knowledge that they have been used — to track and intercept the co.., to track, intercept, and monitor the travels of innocent citizens, who are not suspected of anything worse than booking a flight. This was done, in Europe, against EU citizens but it is of course not limited to that geographic region, nor that population. Fingerprints have also been used to monitor untold masses of people whose communications transit the entire country of Switzerland over specific routes. They’re used to identify people — Fingerprints are used to identify people who have had the bad luck to follow the wrong link on an Internet site, on an Internet forum, or even to download the wrong file. They’ve been used to identify people who simply visit an Internet sex forum. They’ve also been used to monitor French citizens who have never done anything wrong other than logging into a network that’s suspected of activity that’s associated with a behavior that the National Security Agency does not approve of.

This mass surveillance network, constructed by the NSA, which, as I point out, is an agency of the US military Department of Defense, not a civilian agency, and is also enabled by agreements with countries such as the United Kingdom, Australia, and even Germany, is not restricted to being used strictly for national security purposes, for the prevention of terrorism, or even for foreign intelligence more broadly.

XKeyscore is today secretly being used for law enforcement purposes, for the detection of even non-violent offenses, and that this practice has never been declared to any defendant or to any open court.

We need to be clear with our language. These practices are abusive. This is clearly a disproportionate use of an extraordinarily invasive authority, an extraordinarily invasive means of investigation, taken against entire populations, rather than the traditional investigative standard of using the least intrusive means or investigating specifically named targets, individuals, or groups. The screening of trillions — and I mean that literally, trillions — of private communications for the vaguest indications of association or some other nebulous pre-criminal activity is a violation of the human right to be free from unwarranted interference, to be secure in our communications and our private affairs, and it must be addressed. These activities — routine, I point out, unexceptional activities that happen every day — are only a tiny portion of what the Five Eyes are secretly doing behind closed doors, without the review, consent, or approval of any public body. This technology represents the most significant — what I would consider the most significant new threat to civil rights in modern times.

[the following segment by Daily Kos contributor "bobswern" Starting 25:34]

The committee should consider what truly bad actors will use these same capabilities for if we allow them to go unchecked. And, how we will develop enduring norms and technical standards to safeguard against such abuses wherever they will occur.

[the following segment mine: time index 25:53]

The next question: to my knowledge, have the NSA or GCHQ used these surveillance powers, and similar capabilities to spy upon highly sensitive and confidential communications of major human rights organizations, such as, but not limited to Amnesty International and Human Rights watch and/or smaller well-known regional or national non-government organizations?

The answer is, without question, yes, absolutely literally. The NSA has in fact specifically targeted the communications of either leaders, or staff members in a number of purely civil or human rights organizations of the kind described in the question, including domestically, within the borders of the United States.

Another matter of similar concern is the practice of what the US Drug Enforcement Agency now calls “Parallel Construction” this is a technique whereby secret intelligence information in unlawfully used for law enforcement purposes. It is then concealed from courts, to include the courts of our European partners, depriving the accused of their right to challenge the legality of the initial surveillance. I will add that the initial intelligence information in such cases has often been gathered without the issue of any judicial warrant, as previously noted. This unlawful use of such secret evidence, whose existence or provenance has been concealed from both the defendant and the court itself represents a serious threat to both the right to a fair trial and the right to face one's accusers.

Given the growing global awareness of these intelligence practices, which we should recall, have been declared by the United States government itself to have no statutory basis in law. I would encourage the committee to take immediate steps to address those concerns. The failure of a state, to insure binding assurances, that intelligence information received from, of provided to, any foreign partner may not be used in such manners that could make them party to human rights violations carried out by trusted partners.

To continue, I'd like to point out what I consider to be the likely response to any political inaction by elected representatives on those issues and what I consider the future [transponding friction?] the likely response to inaction and the impact it will have on civil society. If a political solution to the problem of mass surveillance is not reached on an immediate basis, technical solutions are likely to be imposed by the international research and engineering communities. Should governments wish to retain the capability to easily monitor Internet communications, they must act with immediacy to address the problem of mass surveillance. It is critical that policy makers recognize that the laws of parliaments are necessarily subordinate to the physical laws of the universe itself, and if issues of liberty and human rights in the digital sphere are left to technologists to address, rather than elected bodies, governments are very likely to irrevocably lose some portion of their authority to interfere with the communications of legitimate targets.

To illustrate, I would want to state with respect, I'd like to correct the record on a point of the committee's introductory memorandum regarding the strength of encryption used today. Contrary to a point asserted in that memo, there are in fact today encryption schemes that not susceptible to any realistic brute-force attacks, on any time-scale, and I can confirm that this remains true even at the forefront of the classified state of the world. Properly implemented modern encryption algorithms backed by truly random keys, of significant length can require the application of more energy to cryptanalyze, or basically to derive the solution to and decrypt, than exists in the known universe. For example, if today we dedicated every supercomputer, every desktop computer, every smartphone on the planet to brute-forcing a single 256 bit keyspace of this type, our Sun, that's the Sun in our solar system, would literally stop burning, and we'll all be sitting around in the dark, before we actually solved the problem and had enumerated all the possibilities in that mathematical space. To quote Bruce Schneier, who I'll point out is one of the world's foremost cryptographers, who actually wrote the book on applied cryptography: “we cannot even imagine a world in where a 256 bit brute-force search is possible. It requires some fundamental breakthroughs in our physics and our understanding of the universe.”

The 256 bit keys that he discusses are incredibly common today, anyone in this room can learn how to encrypt everything on their computer, on their hard drive, with this sort of functionally unbreakable code (in the academic sense the word) within the space of a single weekend, not even an intel...– no intelligence agency anywhere in the world, working for ten years on this single program – single problem, can break such codes. However, law-enforcement agencies need not despair and be concerned that this will stop their work, as there are many other well-known ways around even such perfect (in the theoretical sense) encryption. Weaknesses in the specific implementation, of encryption's, in such encryption programs and libraries are common. In fact we just saw one today that could affect two-thirds of all traffic on the Internet.

Beyond that, there are also methods around even robust encryption programs that have no known direct vulnerabilities. These methods, called “side-channel attacks” can allow actors such as government agencies, police bodies, and so on to steal the keys necessary to decrypt certain communications, and complete their investigation without actually having to decrypt those communications by confronting the mathematical strength of the algorithms themselves.

These techniques can be analogized to investigators installing a hidden camera to record a suspect dialing the correct combination to his or her safe where they hide documents, or evidence, or what have you, without having the government actually crack the safe with drills and saws or the sheer guesswork of having to dial every punch combination. This distinction is of critical policy importance, because it is these kind of side-channel attacks that can only be applied successfully in a targeted, on a targeted individualized basis. But if the same techniques are used in the technical context of untargeted mass surveillance that's not premised on specific individuals, specific targets, and justified investigations, these attacks can be rapidly be detected, remediated and protected against by the community of security researchers in the academic community worldwide.

In the event that the political institutions of the international community fail to address today's surveillance abuses, this scenario, that of pervasive encryption that has to be countered by investigators in the case-to-case application of side-channel attacks, is, I believe, the most likely response of the technical, academic, and business communities to the intelligence operations of today. I do not believe that this is necessarily something that policy makers should be afraid, or reluctant to support. As even with real comprehensive surveillance reforms, we cannot trust legal protections enshrined in the laws of the developed world to be respected and enforced elsewhere. That can only be achieved by enforcing those laws through common interoperable technical standards, that are backed by our international institutions, the most cost-effective means to guard against this kind of systemic violation of community secure – of communications securities, the kind that we see in less liberal regions of the world today, seems to me to be pervasive encryption.

In summary, the issues that we are facing today are complex. There are a number of unanswered legal questions that have to be answered not just by intelligence agencies, who I do believe have necessary work, but by the public bodies and our elected representatives. It's very important to us, that we as a society determine the appropriate balance between the desire of intelligence agencies to perform the most efficient work possible, and to try new techniques that have never been proven and that now we see actually are. There's a growing body of evidence that they offer no real value, such as mass surveillance, and compare those against the traditional restrained means that we face.

Personally, I believe that human rights are best protected, and constitutional prohibited – prohibitions should be placed against the use of mass surveillance, and that favor the use of individual targeted surveillance. Individual targeted surveillance should be shown time after time, even in today's complex environment, even against specific hard targets, whether they're in North Korea, whether they're terrorists, whether they're sophisticated cyber-actors or anyone else to be effective.

[the following segment by Daily Kos contributor "bobswern" Starting 36:20]

Our human rights can only be protected if we insure that our laws have a clear meaning, and the meaning of the words within those laws cannot be secretly interpretated – interpreted – by any legal body or intelligence agency without the public’s knowledge and consent.

That’s the end of my comments.

[This section mine: time index 36:37]

CHAIR: thank you very much Mr Snowden, and today's meeting comes at a particularity topical time as this morning the European courts have just struck down the data protection directive. Finding that it entails a wide-ranging and particularly serious interference with the fundamental rights to respect for private life and to the protection of personal data. I suppose that as an Irish citizen, and that case arose out of an Irish reference, and the Irish application of the directive, I'd be particularly interested if either of the other two remaining experts who will speak will have any reflections, albeit preliminary reflections on the CJ judgment. I'd like to now call upon Mr Hansjörg Geiger to speak. Thank you.

GEIGER (voice of English translator): [Geiger's testimony has many missing small segments in the video, phrases or sentences may be missing] Members of the parliament, ladies and gentlemen, first of all, I'm very grateful indeed for this opportunity to take part in this hearing with you this afternoon. I firmly believe that it it is precisely here before the Parliamentary Assembly of the Council of Europe, that we must critically engage with the subject of mass surveillance by the intelligence services from the perspective of safeguarding human rights and basic freedoms. And I do beg your forgiveness, if I do not refer to the very important Article 8 of the European Convention on Human Rights, but rather to the German Constitutional Court, which in actual fact, has laid down the basis for the decision taken today by the ECJ in Luxembourg. Because the Constitutional Court has derived a right to freely determine one's personal information from articles in the German Basic Law, the right to human dignity, whereby all individuals should freely determine what data about their person shall be made public and who, and when, those data shall be accessed by others.

And this right to self-determination is one, which in the view of the German Constitutional Court is incompatible with mass surveillance. We're talking about the mass analysis of data which is assembled to form a personality profile of an individual. And we've just heard from Mr Snowden that, that is not one of the goals of the mass surveillance that is carried out, namely assembling a comprehensive personality profile of an individual citizen, because if that is the case than individuals can no longer determine what information is known about them by others at any given time.

So one of their basic rights is infringed, namely this right in German law to freely determine their personality profile. Now of course we have Article 8 of the European Convention on Human Rights and other articles, which mean that we can draw the same legal conclusions, I would refer you here to Article 1 of the United Nations charter as well as the Universal Declaration of Human Rights.

Because if we interpret them correctly, it is abundantly clear that safeguarding of human rights in an era of mass communication has just been described to us by Mr Snowden, one indeed we've learned about in documents made available to us, is not compatible with those provisions. So to put it bluntly, if we have unfettered massive data surveillance by intelligence services then this is simply incompatible with safeguarding human rights.

Now, I cannot go into all the different facets of this issue, but there are of course issues pertaining to international law here. For example, what about the surveillance of allies, because that, of course, is against the spirit of international law. Against this backdrop, what can be done? I take the view that we need to take rapid action in order to try and to remedy these breaches of law, put an end to these unfettered activities carried out by intelligence services, at the very least to reduce them, and that is why we need to look to international agreements at the level of the United Nations or at the very least at the level of the Council of Europe, but they are, of course, going to take many years to come into fruition, now they should not be ruled out, and it should of course you should continue work on such international conventions.

But ladies and gentlemen, we need a rapid solution, one that can enter into force rapidly, and in a globalized world, national [missing segment] and do and that is why, I would submit that we need a code for intelligence services, and that would be the first step. Now the objective of any such intelligence services code would be to put an end to unfettered mass surveillance by intelligence services, and limits on surveillance, such limits being for purposes [unclear] strictly needed by the state. Now this means that we would be put in cooperation between western intelligence, at the very least, on completely new footing, and we would put an end to the surveillance of such states by one another, or at the very least keep it within legally acceptable confines.

Because, ladies and gentlemen, you know yourselves that these days intelligence services are the last bastions of state interference, and that is why they act accordingly on occasion. Because they are off limits, as it were, but it is important that intelligence services not work against one another and certainly NATO allies should not be carrying out surveillance of one another. Because the watchword really should be that allies do not spy on one another. Because that is simply unseemly.

That is why, ladies and gentlemen that the state of the European Union as well as NATO partners come up to put together an intelligence code that can be agreed amongst all of them. And that code ought to regulate exactly what is allowed and what is prohibited between allies and partners. And such a code would also stand as a signal that there was transparency, there was a guarantee for the citizens of those countries. Now any such code needs to be straightforward but I believe at the very leas that it should comprise of four simple rules.

First of all any form of mutual political, economic espionage must be prohibited absolutely. Secondly any intelligence activity on the territory of a another member state may only be carried out with that state's approval, and only take place within a statutory framework. And I will move in due course on to points 3 and 4, but before I do so I just want to say that global data flows as well as the opportunities that exist these days to analyze and store that data show people just what dangers lie ahead. Because they jeopardize our basic rights, and citizens therefor are threatened and no longer able to commune as [video drop out] international data flows, now regardless of where data is accessed, may only be accessed for the purpose of clearly defined purposes, for example preventing the proliferation of terrorism or preventing very serious criminal acts. And in no event may data be tracked analyzed or stored if it is data from a friendly state. Only targeted information may on an exceptional basis be allowed for specific individual cases. As part of this surveillance, any data that is stored, either data about individual citizens or economic data that is not needed for this clearly defined purpose must be deleted or destroyed.

Fourth rule: telecommunications and internet companies cannot be required or forced by intelligence services to allow them unfettered access to their massive databanks of personal data, and that would only be possible if there were a court order to do so. Now there would be a decisive advantage for citizens for all contracting states if we had such a code. Because that way data would not only be protected in their own country according to domestic law, but also be protected against any unfettered access by the intelligence services in all contracting states, and such an intelligence code would not jeopardize the security of contracting states. Because if there were a specific and real threat then the required steps could be taken by the state concerned, and it would be possible, then to ensure that the courts could monitor the use of data which was made available by telecommunications companies. We could also use the kinds of good governance codes that we already have for industry as a model. The kind that are set out the way in which companies should be governed. Because these codes of good governance for example, are well-known in many western countries. And this would be at the very least the first step, namely having an agreement between the states that would be affected. So this would be a non-statutory measure, and the advantage of this, doing it at the level of NATO [unclear] European Union would be that member states would be strengthened in their dealings with intelligence services when it came to negotiations.

Now participation in any kind of intelligence code would be completely voluntary, but if a country did not wish to subscribe to such a code of conduct, they would have to realize that they would be possibly accused of wrongful actions by their allies and friends, as has happened in the case of the transmission of passenger traffic data. Now each individual state has to of course control its own intelligence services. But there are other areas in which intelligence services escape national controls.

Now in future, we are going to continue to be reliant on whistleblowers, because in actual fact whistleblowers are a very useful means seeing to it that intelligence services do sure that they abided by any such intelligence code. But to summarize, ladies and gentlemen, the boundless surveillance and storage of data is not compatible with human rights, and that is why we need to try and limit this amongst the community of western values and any such intelligence services code will be an important and necessary first step.

Thank you very much.

CHAIR: Thank you very much, and I'd like to ask professor Korff to speak and thank him in advance for agreeing to summarize his presentation, so that we have time for Questions and discussion at the end. So thank you, professor.

D. KORFF: I'll be very quick indeed, because I believe it's more important that people can ask perhaps some questions of Edward Snowden. I just want to say how grateful I am for his intervention here, and he has confirmed the issues that we put before him, about the spying on human rights organizations, and in particular about the analyses. You have my paper in printed-out form, so you can just read my slides rather than me going through them. I want to point out three issues, and I think they've been confirmed, that we haven't looked at the surveillance exposures in full at all yet. We have looked mostly at the capturing of data through cable-splitters and deep-packet inspections and all the tools placed on the Internet cables. But I'm very pleased that today that Edward Snowden has confirmed that what is really threatening is the mass analysis of this data.

That I will try, if you can find this, um sorry, um this slide. This is the total picture that we still have to look at, we've only looked at the top left, with the interception of data from the the cables. What you must look at is the green bit in the middle. All the data is there, and all the analysis that are there. And the second thing that we haven't looked sufficiently is governments keep on saying that they're doing this to stop us from being attacked by terrorists. As Edward Snowden has again confirmed today, these surveillance capabilities are being used against perfectly innocent political activists, human rights workers, gays, all kind of out-groups in society all over the world. This is serious threat to global society.

And the final thing, I would very happily agree with Professor Geiger, we need to completely reexamine the national and international frameworks for the operation of the intelligence services. I completely endorse his call for an international codex, perhaps an international convention. The only qualification I would add is I think the Council of Europe is the appropriate organization for dealing with this, because unlike the European Union, the council of Europe is not restricted in areas related to national security.

I have a paper, that again you found summarizing the cases of the European Court of Human Rights, just behind you, which I think gives some guidance on what national security agencies should and should not be able to do. So let me leave it at that and call on you, to anybody that has some questions to please email me and I'll try and derive further answers.

I how we got Edward Snowden back? Yes, thank you.

CHAIR: We ought to leave an opportunity for you to answer some questions here rather than by email. Mr Díaz Tejera. Sorry um, excuse me, Mr Omtzigt would like to add a couple of points first then introduce...

Pierre OMTZIGT: Thank you very much, and let me thank you very much, Mr Korff for the brief presentation, and for Mr Geiger for the very clear presentation and for Mr Snowden for the new, extensive points on data-mining and fingerprinting and the specific targeting of human rights organization – ooh, very difficult, we can see as a threat – be seen as a threat – to state security. We still have about 15 minutes to ask some questions. So we'll try to group the questions from here from the MPs that are present in about 2 or 3 questions at a time. Who would like to ask the first questions? Can you first, before you ask the question tell who you are and where you're from? Since it's live broadcast. – Slow.

Díaz TEJERA: I will try.

Thank you, Thank you Chairman. Only very simple question. I think that all member of all kind of intelligence service know very well the law. My question is – why some people that are working on this – feel – has this new idea that – is necessary another law – a more law? For me is not necessary. Only is necessary to submit with this law – is not necessary another – because that everybody that are working on this intelligence service know very well our criminal code – and the process of code – is not necessary. Why to you think it is? Please.

[Transcriber note: the gist of this is “Why do you need a new law instead of enforcing existing laws?”]

OMTZIGT: Ok. Someone else has a question Mr Gaudi.

GAUDI: Hello my Name is Gaudi Tomasz from Hungarian delegation. I have a short comment and two questions if it's possible.

I think it's fairly hypocritic that we have English initiative has been launched to apply sanctions against Russia, because of Crimea, but you have UK's liability is clearly proven in the mass surveillance scandal, including David Miranda's affair [unclear] by Mr Snowden for whom Russia has provided asylum from the US, where he would have faced serious criminal consequences, maybe life imprisonment or death penalty. It's again a typical application of double standards which can be frequently be experienced here, not only in the Council of Europe, but in international organizations like the European Union. Let's break down this illegal custom and let us apply legal proscriptions defending personal da...

OMTZIGT: Mr Gaudin

GAUDI (crosstalk): One, one, one short sentence. Defending personal data...

OMTZIGT (crosstalk): I would like to ask you to...

OMTZIGT: Mr. Gaudi, I'll cut you off if..... I'd like you to ask a question. You have been taken away [unclear] in the last parliament session, I do not want that to happen again.
GAUDI: Just one one last line..

OMTZIGT. We have a debate on the Crimea tomorrow and Thursday in the plenary.

GAUDI. … Line. Sorry. So insist on bring all perpetrators to justice...

OMTZIGT: Mr Gaudi. if you have a question, could you please ask it?

GAUDI: My questions: so first, how would you describe European countries' involvement in the so-called NSA scandal? Second one is, in one of your first interviews, you said that you main fear that the whole story, all your revelations, would have no consequences. What do you think about the consequences so far?

OMTZIGT: Last one in this round. Mr Wadephul from Germany.

WADEPHUL (voice of translator): Yes thank you very much, I'm Wadephul from the German delegation. Now, Mr Snowden, you said that there are various agreements with Germany, amongst other countries, and that the exchange of data took place on that basis. Could you tell us a little bit about the nature about that data that was transferred to Germany by the NSA? Was it the kind of data you were talking about earlier, data that came about as a result of mass surveillance of citizens. Citizens who were not suspected of any kind of criminal activity?

My second question is as follows: you hinted that the British intelligence services have acted in a similar fashion to the NSA. Do you have any knowledge of other European services. Or the intelligence services of Russia or China may be acting in a similar fashion?

OMTZIGT: … Questions of Mr Díaz Tejera and Mr Gaudi..

SNOWDEN: (pregnant pause) I'm sorry, were you prepared for my answers?

OMTZIGT: Yes, please.

SNOWDEN: OK, let me go down the list. The first was why should we have new laws as opposed to respecting old laws? The key there is from the perspective of senior intelligence officials, from the perspective of the intelligence community. When new technologies are created, and they want to take advantage of them, what they do is they go back to old laws, and they've got, at least in the United States, they have literally hundreds of lawyers. More [unclear] lawyers than [unclear], roughly 125 lawyers for the National Security Agency, and they task these lawyers with creating new definitions of the meanings of the words in the old laws, to provide new authorities without asking the legislatures for them. Now, I think it would be great if we could get them to stop that, but in order to do that, we would have to pass specific legal prohibitions to prevent that. Until we do, this practice is common, it will continue. And as I've previously stated, the NSA actually encourages foreign partners, particularly EU member states to follow that practice, and use that sort of backdoor ability to interpret themselves into gaining new authorities without requesting the passage of specific laws.

The next question was how is – how would you describe Europe's involvement in mass surveillance? I'll tie that in with the question about other agencies outside of the US and EU and maybe Russia and China. The key I would say is that, almost all nations that have well-funded intelligence services, that have an excess of resources, are using these sort of authorities, are using these sort of capabilities, or if they do not have them yet, they're actively perusing them. Because it's not a well-regulated environment, there are no real rules or restrictions, there are no well-established international standards, because this hasn't been debated yet. This all happened in secret, without the public awareness, and that made it sort of fertile ground for them to experiment with new capabilities, new technologies, new desires, that have led into the situation we are in today. So yes, they are involved, and there is a very tight partnership between between the US, and other countries. And again it's – we shouldn't beat up the United States government specifically on this, they are the most capable actor, simply because they are the most well-funded actor.

The next was how to I feel about the progress we've made since the revelations, since these disclosures began? This is a very complicated question, obviously there's a lot of ground to cover, it's very difficult to achieve revolutionary change overnight, particularly on the topic of human rights, which the average person doesn’t get excited about, they don't necessarily get passionate about. But the key is we've made incredible progress, the legislatures and newspapers of almost every country in the world, every citizen who had not even heard of these capabilities is now talking about them, how they impact them, and deciding how they feel about it and the kind of world they want to live in in the future. And that was the specific intent, purpose, the motivation behind all disclosures. The fact that people are now aware of the world they currently live in, and they have the ability to affect the world they would live in in the future, by voting, voting in a more informed manner. I think is worth everything that's happened and all of the costs that I've incurred.

And the final question was the nature of the data exchange between the United States and Germany. I have to be careful on that, I'm going to have to refer to my lawyer, and maybe submit a written response later. Because I am at risk of legal jeopardy for anything I say there. But what has been reported, and what I can sort of generally comment on is that the exchange is deep and it is common. I can say from my personal experience the NSA has within its databases, within XKEYSCORE on a daily basis the communications of innocent German citizens who are unsuspected of any crime. German citizens, German websites, German businesses, German services – it's all in there, just as it is with every other country.

And the NSA and Germany do exchange data back and forth, they have a close partnership. That partnership is beneficial, and it's not a problem in a lot of contexts, but it should be subject to public oversight, and the necessary accountability of the law. The fact that this data is being collected, it's being intercepted, it's being analyzed, it's being stored without the consent of the public or their representatives is a serious concern, and it should be addressed. I hope that the parliamentary inquiry in Germany will specifically ask tough questions about the nature of this relationship and how it can be improved upon and made more accountable.

Thank you.

OMTZIGT: Then Mr Korff, do you have anything to add on the first question of [unclear]

KORFF: Yes, I have a very short answer to that, and I hope that I can ask a very brief question to Edward Snowden himself. On the question of law, the basic parameters are there, if you look at the case law of the European Court of Human Rights, there are basic principles that effectively say surveillance has to be targeted and proportionate. And what we've heard from Edward Snowden is that the complete opposite has occurred, and I do think we need to reestablish that and spell out in much more detail what exactly this means for national security agencies and I totally agree with Professor Geiger, that we need an international convention to support that and to clarify what intelligence agencies can do, how they cooperate, and how they should not spy one each other, especially not between friends.

Mr Snowden, I know you're a technical expert, and not a legal expert, but on a number of occasions you have said that the NSA is helping friendly countries effectively subvert their own laws, putting loopholes in existing laws, reading loopholes into existing laws. Can you say anything more about that, and can we expect more detail about that, and can you please, if you know anything about that, also mention the international treaties between the friendly parties?

Thank you.

SNOWDEN: My comment on that would be similar to the last one. I have to be really careful, I don't want to supersede the work of journalists, I want to make sure they have the full boundaries to make to make their own independent, public interest determinations in cooperation with their governments. What I can say, is that it's at this point established, and I believe admitted, at least in the United States on a number of occasions, that this sort of legal exchange program, almost sort of a legal advocacy, legal advisement campaign is very well funded, and it's common. It's seen as serving the national interests of the United States, and because of that, I expect it to continue. And there are reasonable, reasonable justifications for why this should occur. Now the manner in which it's occurring, which is where there's sort of this subversion, peeling back of established protections, of prohibitions on surveillance. I would agree that is a serious problem that needs to be addressed.

I would say it is very likely you will see more and very specific reporting about this sort of operation, and I don't believe it's a mystery, or it's going to surprise anyone who follows any national security. I know that journalists have agreed that this is in the public interest to reveal. That some of these countries specifically include Germany, Sweden and the Netherlands have been a target, and the UK has also been a, not just a target of it, but a willing participant in that sort of [unclear].

And that's the end of my time, thank you.

OMTZIGT: I just spoke to Mr Geiger, and he unfortunately doesn't have anything to add on the... Last question?

GEIGER: Mr Snowden,

OMTZIGT (crosstalk): Ah, he wanted to ask you a question.

GEIGER (voice of translator): Mr Snowden, I would be interested whether you and your colleagues were regularly informed on the legal limits of the activities of the NSA.

OMTZIGT: Floor to add another question to Mr Snowden.

CHAIR: Yes, thank you, one of the basis upon which the ECJ struck down the data protection directive, was it did not require the retention of data with – was that it did not require the retention of data within the EU and of course the courts could not ensure compliance with EU law by authorities outside of the EU. Given that fairly restrictive interpretation by the court, do you think that it will be possible for the wide-scale data sharing which is going on between EU member states and the US in particular to continue? Thank you.

SNOWDEN: The first question was I aware and I believe were the journalists aware of the legal limits on NSA surveillance? And yes, we are. The key is, the legal limits are actually extremely weak. There are policy limitations, there are regulatory limits that don't have any penalty for transgressing, they don't have any sort of remedy assigned to them, whether it's criminal, whether it's procedural for when those rules are broken, other than a good [unclear].

Because of the structural weakness in the constraints on the intelligence collection, it creates a situation where bad behavior is incentivized. Senior officials such as former NSA and CIA director Michael Hayden who … in the United states have said regularly that they are happy, they want to interpret every authority that they get in the most abusive, the most open manner possible. They want to get, sort of, “chalk on the cleats of their sporting shoes” as they called it. they want to be right on the boundaries of what's allowable. Because there's no penalty, because they gain tremendously. I think that's, that any lawmaker, any policymaker should keep that mindset at the forefront of their mind in their determination process when they're designing national security regulations. Because these individuals are always going to press for new borders, and they're always going to press to readapt the authorities that they've already been granted as time and technologies change.

The other question was data retention in light of the court ruling, how that would change. I haven't had a chance to review the court ruling, so I can't say with specificity. What I would say, is again that the National Security Agency, at least for itself has a pack, a team, a hoard of lawyers, where their purpose in life is to interpret decisions, interpret rulings, interpret laws and regulations in the most permissive way. Even if it requires the intentional abuse of language, to redefine word in a manner that the lawmakers, judges, and the policymakers did not intend.

On that basis, I think it's unlikely that we will see sweeping change. I do believe, at least in European states that we will change the manner they share, they will reevaluate their policies, and there will be a significant benefit from this. But until it's established in law with specificity, with a detailing of the intent of the policymakers, and strong language that cannot be misinterpreted, that cannot intentionally be misinterpreted, this issue won't end.

Beyond that, I would caution one more time that even if we have good government, even if we have perfect governance, perfect policies, and perfect regulations in the western liberal sphere, within the US, within the European Union, that those rules will not necessarily be respected overseas, until bodies, until regulatory authorities take strong steps to ensure that are standards are protecting our communications by default, regardless of whether any particular bad actor respects our laws or doesn't. Technology is the fallback for policy in this specific case.

Thank you.

CHAIR: Thank you very much Mr Snowden. I'd like to, if that's it, I'd like to behalf of the committee I'd like to thank Mr Snowden, Mr Geiger, and Professor Korff for coming here today and for sharing their views with us, and I'd just like to call upon Mr Omtzigt to wrap up this particular aspect of today's meeting. Thank you.

OMTZIGT: Also from my heart, thank you Professor Geiger, Professor Korff, and a special thanks to Mr Snowden, for joining us from Moscow. You've given an extensive description of the data mining, of the specific targeting of human rights organization, of the lack of judicial and political oversight, and the lack of binding assurances from the US on the data abuses. You've given a clear answer on the deep cooperation between the Germans and the NSA but also of the Dutch and the UK and the NSA. UK wasn't surprising. Thanks Professor Geiger for suggesting a codex for intelligence services and specifically stating that whistleblowing is an effective means of enforcing such a codex, we shall continue preparation – preparing our reports both on mass surveillance and whistleblowing. We would have liked to have had a second hearing this week, but due to the fact that there is an extensive debate on the Russian annexation of the Crimea – Mr Gaudi already entered on that, that takes away some time in this organization, because this is the organization in which both Russia and Ukraine are members discussions, do there are large discussions, we have to postpone that to June. We'd like to invite Mr Snowden to the second hearing in June, on the 24th of June, and all of you as well. In the meantime we hope to get a written reply to the last question you have, and also a written reply from the US government, who may have a few things to explain.

Thank you very much for coming.