UK drone net got torture-grade CIA comms

Punishment_of_the_Paddle_1912.jpgA computer network that the US Central Intelligence Agency began using a decade ago to conduct the kidnap and torture of terrorist suspects has become an integral part of the system now operating drone strikes in the Middle East and Africa.

The means to send ‘above top secret’ intelligence communications around the globe without exposure empowered the CIA’s Rendition and Detention Program to snatch and interrogate suspects in the US ‘war on terror’. The same network system became the principal mechanism behind the intelligence-led “targeted killing” of suspected enemies using drone strikes today.

The technological link between the two sinister programmes, signposted in passing detail by the US Senate Select Committee on Intelligence Study of the Central Intelligence Agency’s Detention and Interrogation Program last week, further confirms that a US military network routed via the UK carried intelligence vital to the US targeted killing programme, and presents evidence that may sway officials deciding whether contractor British Telecommunications Plc should be held to account for building a part of the network used to transmit drone targeting intelligence since 2012.

In both programmes, secure global comms gave the CIA unprecedented, computer-driven power to collate, combine and analyse information about individual suspected people, and to pursue their subjection or assassination in other countries rapidly, with dreadfully focused vigilance.

Now having been pulled up for torturing the ‘wrong’ people, for assassinating the ‘wrong’ people, and for straying beyond the scope of international law, its newfound intelligence powers have been exposed as a grotesque.

CIA_illegal_flights.pngInformation dominance

The Senate Committee Study and other investigations of the US’ misuse of power have focused on its effect. Its mechanism and its means, however – its source – remain unquestioned. That is the information dominance the US has striven for since embarking at the turn of the millennium on its ambitious strategy to create an intelligence-led, computer-driven, globally-networked war machine focused on pin-point actions against individual people.

The Committee report nevertheless gave a peek at the source of this terrible power – a thread to be unravelled.

Describing how contractors who had masterminded the CIA’s deranged interrogation programme set up a private company to do it once the operation had become well established in 2005, the report noted that the CIA had given the company (called “Company Y” in the heavily redacted, previously classified report – later identified as Mitchell, Jessen & Associates) access to its ‘above top secret’ computer network, so they could use its intelligence sources in their work tracking and snatching terrorism suspects, ‘rendering’ them to one of a network of secret prison bases in countries desperate or weak enough to permit them, and ‘interrogating’ them.

SCIF - Sensitive Compartmented Information Facility.jpg“The CIA also certified Company Y’s office in [REDACTED] as a Secure (sic) Compartmented Information Facility (SCIF),” said the Senate report, “and provided Company Y access to CIA internal computer networks at its facility.”

It was really only a passing reference. But getting access to Sensitive Compartmented Information (SCI) was tough enough that government agency’s still paid pay for it out of their capital budgets.

They had to build specially secured buildings and rooms called Sensitive Compartmented Information Facilities (SCIF), just so CIA-grade intelligence could be handled, and even discussed.

This had been the case since 1999 when a formal order from the office of the CIA director ordered SCI as the designation for data relating to CIA intelligence sources, and the precautions that would secure its transmission over US military and intelligence networks.

It effectively extended the CIA’s hush-hush, clean room secrecy over the network and to wherever its intelligence went, so the information could move freely among those permitted to know: software, network pipes, computer facilities, people, would all be locked down.

Intelligence network

Inevitably, such CIA-grade intelligence found its way onto the Global Information Grid (GIG), a US military and intelligence network that has over the course of the ‘war on terror’ become the data-fuelled engine of US operations, especially drone strikes. Likewise the Defense Information Systems Network (DISN) – the global network of high-capacity comms cables that formed the backbone of the GIG.

This was not a simple undertaking. The National Security Agency, the US’ network intelligence centre, extended the CIA’s secure, compartmented realm over the DISN/GIG by starting a programme to build architecture good enough to carry CIA-grade intelligence.

KG-340 - NSA Certified.pngThe NSA’s crypto-modernization programme guided US military contractors in their production of devices such as the KG-340, a high-capacity encryption device that has become one of the principal building blocks of the GIG.

Thumbnail image for Thumbnail image for KG-340.pngAs a ‘Type 1’ encryption device, the KG-340 was certified by the NSA to carry any data up to the level of Top Secret / Sensitive Compartmented Information (TS/SCI).

That meant it would securely transmit government and military information classified by the usual trio of designations – Confidential, Secret and Top Secret – using encryption algorithms developed under the NSA’s Commercial COMSEC Evaluation Program. But it would also encrypt data to the level required to transmit data within the CIA’s compartmented realm.

The result was that the DISN and the GIG would incorporate CIA-grade intelligence into their operations, allowing it to be combined with data from other sources in systems such as those the US used to pick, track and attack targets like people on its terrorism suspect list.

Off-the-shelf spying

This was not done lightly. None less than the Director of National Intelligence, an office created in 2005 as over-arching head of intelligence agencies including the CIA and NSA, dictated how SCI would be handled by the DISN/GIG.

As it was put in a definition of SCI agreed in 2010 by a committee of military and intelligence agencies: “Classified information concerning or derived from intelligence sources, methods or analytical processes, which is required to be handled within formal access control systems established by the Director of National Intelligence”.

On being established, the DNI established an agreement between the CIA, its sister agencies and the Department of Defence to collaborate on network security. Their subsequent work established means for assuring the transmission of SCI across the GIG.

The NSA ensured the devices that would do this did so in conjunction with established network technology: devices such as the KG-340, which would turn a standard, high-capacity network into one capable of sending sensitive compartmented, CIA-grade intelligence. Supplied by industry, they would rely on proven technology. The KG-340 was designed by SafeNet, a long-standing military networking pioneer. It was recently bought by Raytheon, one of the larger US weapons manufacturers. It was designed to be a standard “off-the-shelf” network components that would work with other standard, off-the-shelf network components.

That was where BT came in. The US Defense Information Systems Agency (DISA) contracted the telco to build a high-capacity DISN trunk line between the UK and a US military base in Djibouti, North Africa. As part of the DISN/GIG, DISA set out in its contract specification to BT that it would cap the line either end with KG-340 encryptors. The BT line would thus carry CIA-grade intelligence as well as other Top Secret information for military operations such as drone strikes.

As DISA itself said of the DISN in its 2015 budget statement to Congress: “The DISN provides secure voice, video, and data services over a global fibre-optic network that is supplemented by circuitry obtained from the commercial sector.

“DISN subscription services are described as follows: compartmented information communications services for the DoD Intelligence Community and other federal agencies.”

BT has tried to portray this network as an infrastructure comprised of unexceptional features and built for banal purposes, in an effort to discourage UK officials looking into the question of whether the British telco ought to be called to account under international rules for corporate social responsibility for its part in the DISN, after US intelligence-led drone strikes became an international human rights scandal.

Officials have spent 18 months deciding what to do because, they have said, has been a lack of evidence that the BT network was anything more than BT said it was: a trivial network connection of no significance and of no interest even to its own corporate ethics board. The DISN, however, was built to be the foundation of all US military operations.

Thumbnail image for Thumbnail image for Restraint_chair_used_for_enteral_feeding_at_Guantanamo.jpg