SE status in the intelligence community
An excerpt of a larger document showing Sweden’s status as a closely allied “Third-party partner”, along with several other countries. In addition, Sweden has bilateral agreements with the NSA and the British GCHQ dating back to 2004, establishing an even more in-depth collaboration – this is several years before the Swedish Riksdag passed the FRA Law, which expanded the FRA’s authorisation to conduct signals intelligence gathering.
NSA internal PM on FRA and Sweden relations
In an internal, top-secret document dated 18 April this year, the NSA summarises its relations with Sweden. The document states that since 1954 Sweden has been a part of an intelligence collaboration with what is often called “The Five Eyes”, UKUSA, which refers to the US, UK, Canada, Australia and New Zealand. This is despite the fact that Sweden was officially neutral, an image that has been maintained outwardly for decades by multiple governments of different political persuasions. The document also states that the UKUSA contract was discontinued in 2004 and replaced with bilateral agreements for signals intelligence and wiretapping. As of 2011, the Swedish FRA provides its American partner with extensive access to data from its cable collection.
Legal issues UK regarding Sweden and Quantum
An internal NSA document from April 2013 that describes the status of the relationship with a number of partners. It takes up a three-party agreement regarding the hacker programme Quantum, between the Swedish FRA, American NSA and British GCHQ, initiated by NSA chief Keith Alexander. The document shows that the project has so far resulted in a “proof of concept” – i.e., the system works, but it has not yet generated any substantial intelligence results. It also shows that the GCHQ are doubtful about continuing in the project because of restrictions in British legislation, but that the NSA’s intention all along has been to carry out the project with the Swedish FRA rather than GCHQ.
SE=XKeyscore Ingvar Åkesson/DIRNSA meeting 2013
This document is an internal NSA memo ahead of an annually recurring summit meeting between NSA chief Keith Alexander and the FRA chief. The meeting took place on 24–26 April 2013. Six people from Sweden were to participate in the meeting, including then FRA Director-General Ingvar Åkesson and Deputy Director-General Christina Malm.
Among other things, that document shows that:
* The FRA wants an update on the Quantum project Winterlight (see the article on Quantum), and wants to know when they will receive reports from hacking attempts and intelligence from them.
* The FRA has been given access to XKeyscore, which is one of the NSA’s most powerful search tools in its enormous databases of wiretapped material.
* The Swedes update the NSA that a change in Swedish legislation makes it legal for the FRA to share intelligence with the Swedish Security Service.
* Since January 2013, the NSA has a counterterrorism analyst placed in Stockholm.
* In the Quantum project, in which the FRA collaborates with the NSA and the British GCHQ, individual computer users are rerouted through specially tailored “links” to false attack servers, whose “shots” against the user’s computer allow spyware to be installed on the computer. In March 2013, the NSA received a report from the FRA that Quantum gave the British GCHQ 100 targets, which led to five of them being rerouted to the British Quantum servers. The goal is that the FRA will lead in the targets to the NSA’s Quantum servers instead of the GCHQ’s.
* The NSA wants to continue working with the FRA for access to fibre-optic cables. This collaboration has already resulted in unique access to high-priority targets (123 reports so far, under this “budget year” alone). The FRA continues to expand its access to new cables and telecom operators, resulting in greater access for the NSA to potentially valuable targets even beyond Russia.
* The NSA shared with the FRA information about a hacking attempt in November 2012 against/by the Israeli Embassy in Stockholm. They agreed that Israel could be informed about the discovery of the hacking attempt.
* The FRA provides the European Cryptologic Centre in Darmstadt, Germany with Swedish linguists to analyse terrorism-related material in Swedish.
* It is noted that the FRA, after four years’ temporary interruption, can now legally (sic) collaborate with the Swedish Security Service (the British GCHQ has previously congratulated the FRA on circumventing the previous ban on taking assignments from the Swedish Security Service).
* The FRA’s access to fibre-optic cables through Sweden has led to unique access to intelligence about the civilian energy sector, among other things.
“2004 – the SE NEUTRAL agreement”
A document dated 6 June 2006 states that Sweden has been a part of the intelligence collaboration under the UKUSA agreement between the US, UK, Canada, Australia and New Zealand, since 1954. That is to say, at the same time that Sweden’s official stance was neutrality in peace as well as in armed conflicts. According to the document, the UK was Sweden’s contact regarding wiretapping and Internet monitoring, while the US was the contact for the monitoring of technical signals such as radar.
In 2004 – several years before the Swedish Riksdag finally passed the so-called FRA Law by the smallest possible margin, giving the FRA authorisation to listen to fibre-optic cables – the American NSA, the British GCHQ and the Swedish FRA signed an agreement allowing the NSA to collaborate directly with the FRA regarding wiretapping without first needing to go through the GCHQ. As a result of this agreement, the signals intelligence collaboration between Sweden and the US has grown rapidly. The NSA classifies the information about this agreement as top-secret with reference to Sweden’s “political neutrality”.
X-Keyscore slide with Swedish example
This screenshot shows an image from the NSA’s extensive spy program X-Keyscore, demonstrating, as a teaching example, a search on “everyone in Sweden” who visits a web forum for “extremists”.
This screenshot shows a part of the document from the NSA discussed in file 5 above. The text is about the growing relationship with the Swedish FRA, as an “extremely competent” partner. In 2011, the FRA gave the NSA access to “unique” material from its cable collection regarding, among other things, Russia and the Baltic region.
Accomplishments – from NSA doc dated circa April 2013
Slides from a presentation in April 2013 that the NSA held for its closest partners in Canada, the UK, New Zealand and Australia. It discusses Sweden’s work with the Quantum hacker project.
Detailed list of points and participants in the summit meeting between the top brass of the FRA and the NSA in April 2013.
Quantum – from GCHQ documents dates October 2012
Portion of a document from the NSA’s British equivalent, the GCHQ, in which Sweden is not mentioned, but it describes an example of how Quantum has been used to attack computers in an African country where the users have visited extremist websites. See the separate article on Quantum here.
Images from the NSA’s training presentations for analysts who will be working with the NSA’s most powerful search tool, X-Keyscore. It indicates, among other things, that the NSA’s analysts have unique access to an extremely large amount of data. For example, the goal is to store all data traffic to which the NSA has access for up to five days, in order to “slow down the Internet” and give the analysts time to go back and find interesting information they might otherwise miss. Information that the NSA finds interesting can be redirected to permanent storage in the PINWALE database.
This document gives an overview of the sources that the NSA and its spyware program X-Keyscore utilise:
FORNSAT – data from satellites (Echeleon) Overhead (uplink) – probably refers to traffic between mobile phones and base stations.
Special Source – information collected through Special Source Operations, the special division of the NSA that works with American mobile phone operators.
Tailored Access – information retrieved through the NSA’s hacker division, Tailored Access Operations.
F6 – surveillance carried out by Special Collection Service, SCS, a joint NSA–CIA division. It often carries out operations including espionage on foreign diplomats and leaders.
FISA – surveillance carried out as a part of the Foreign Intelligence Surveillance Act, which can include monitoring of data and telephone traffic of US citizens. Corresponds to the decisions that the Swedish Defence Intelligence Court makes on what the FRA is allowed to monitor.
3rd party – information collected through a “third party” – that is to say, countries such as Sweden, France, Germany, Italy and Spain.