by Henrik Moltke, The Intercept:

IN NOVEMBER 2005, two terminals for a new secure communications platform arrived at the U.S. military base at Bagram Airfield, outside Afghanistan’s capital, Kabul. The first of its kind, the system would enable the U.S.’s electronic eavesdropping organization, the National Security Agency, to instantaneously share select classified information with America’s closest allies in the fight against the Taliban, speeding the delivery of critical information to soldiers. Previously, the only way to pass intelligence at Bagram between the U.S. and partner nations was to hand it over as hard copy. These two first nodes in what would eventually become a larger network, known as CENTER ICE, would end the paper shuffling, ultimately saving the lives of troops in combat.

The NSA was to set up one of the two initial systems at Bagram for its own use, and the other for its counterpart from Norway, the Norwegian Intelligence Service, or NIS. The Norwegians were perfect guinea pigs. A “gregarious, friendly bunch” who threw good barbecue parties, they had “almost no collection capability” to eavesdrop independently and were thus “heavily dependent on the U.S.,” an NSA staffer at Bagram later wrote on an internal agency news site, SIDtoday. (The article and the other intelligence documents in this story were provided by NSA whistleblower Edward Snowden.) One of the new terminals failed when the NSA attempted to turn it on, but after the provision of some “necessary spares,” both were operational.

Spies from the two nations were about to get a dramatic example of how powerful the digitization of intelligence-sharing could be. One morning a few weeks after CENTER ICE went live, the Norwegians sent an urgent email using the new system: “Our guys think they are being shadowed… Are you seeing anything?”

Norwegian marines were indeed being followed and “were ambushed later in the day,” the NSA staffer wrote. But thanks to CENTER ICE, the “ambush ended with bombs dropped on some ACMs [anti-coalition militants] and all Norwegian personnel unharmed.” In another incident, Norwegian forces suddenly found themselves surrounded and under heavy gunfire in Helmand Province, an insurgent hotbed in Afghanistan’s south. More enemies were approaching. NIS staff “weren’t hearing anything,” so they messaged the Americans on CENTER ICE and once again were able to “extricate themselves with no injuries” thanks to the NSA’s ability to track the militants.

“This initial success was exactly what we hoped would happen as a CENTER ICE proof of concept,” wrote the NSA staffer.

CENTER ICE was just the beginning, a step toward a much more aggressive experiment in the same vein. Norway would soon be among the first coalition partners to share, in real time, a wide range of data on Afghanistan, including essentially raw information scooped up from cellphones and fed into a revolutionary new local processing system called the Real Time Regional Gateway, or RT-RG. In 2011, according to documents published with this story, intelligence drawn from RT-RG was involved in more than 70 percent of all combat operations in Afghanistan, including 6,534 “enemies killed in action.”

There has been some public scrutiny of how the United States relied heavily on signals intelligence for those killings, which often resulted in civilian casualties.

But the fact that Norway and some of the U.S.’s closest allies helped feed this system with their own spy work has not been reported before. This is partly because documents linked to Norway’s participation in RT-RG, when examined in 2013, were misunderstood by various journalists, including two co-founders of The Intercept, as indicating that the NSA was engaged in mass spying on the citizens of allied countries, including Germany, France, Spain, Norway, and Italy.

A set of documents from the Snowden archive about RT-RG, reviewed by The Intercept in partnership with the Norwegian Broadcasting Corporation, or NRK, sheds new light on how Norway came to depend on real-time intelligence-sharing to save Norwegian lives, while at the same time contributing to targeted killings and captures with no oversight or control over how data it had collected was used.

The revelations raise questions about the complicity of the U.S.’s other European partners in such controversial targeting practices and underline how RT-RG blurred the lines between sources of intelligence, corroding the ability of partners to impose special rules on how their data was handled — a particularly salient issue now that the system is in use by U.S. law enforcement entities.

Norwegian Defense Minister Frank Bakke-Jensen told NRK that Norway is not responsible if intelligence it shared was used by other nations — such as the U.S. — to kill innocent civilians. “We have no control over how another nation uses this information, but we require that they operate within International Law,” the defense minister said. He added that Norway does not review how data shared by the Norwegian intelligence service is used.

“There is no doubt that Norway was a full-fledged participant in this cooperation,” Kristian Berg Harpviken, a leading Afghanistan expert from the Peace Research Institute Oslo, told NRK. “We bought the whole package, so we must take responsibility for the totality of the war.”

“We bought the whole package, so we must take responsibility for the totality of the war.”

The documents also show how RT-RG, within less than five years, migrated from the battlefields of Iraq and Afghanistan to the U.S.-Mexico border, where it was used to combat drug trafficking and people smuggling — a vastly different type of mission.

“The news that the NSA transported a mass spying program designed for war zones in Iraq and Afghanistan to the U.S.-Mexico border is both alarming and totally unsurprising,” said Elizabeth Goitein, co-director of the Liberty and National Security Program at the Brennan Center for Justice. “Mass surveillance is always initially justified as a necessary defense against foreign enemies. Then comes the inevitable mission creep, as surveillance methods originally conceived as tools of war or foreign espionage are brought home and turned inward.”

The Whole Haystack

The first Real Time Regional Gateway was deployed to Baghdad in early 2007. The timing was no coincidence. Four years in, Operation Iraqi Freedom, the U.S.-led military invasion of Iraq, had descended into sectarian violence and anti-coalition attacks, resulting in an all-time high number of casualties.

In spite of a massive surge of U.S. troops, the security situation was deteriorating, with roadside bombs and other improvised explosive devices increasingly common. In the Green Zone, Baghdad’s fortress-like international area, mortars and rockets rained down, requiring U.S. Embassy staffers to wear flak jackets and bulletproof helmets when walking between buildings, “worn out and tired of sitting in hallways,” as one SIDToday update put it.

This dire situation provided an opportunity for then-NSA Director Keith Alexander, who firmly believed that his agency could make the difference needed to win the war. His opening gambit was a system called RT10 — a “very high-priority initiative at NSA” at the time, according to Alexander’s science adviser, engineer James E. Heath. “The goal of RT10 is to get essential NSA cryptologic capabilities to the military front lines in a matter of seconds and minutes (‘real time’), not hours and days,” Heath wrote in SIDtoday.

The new system, Heath explained, would do away with the “latencies associated with transmitting and ingesting collection,” i.e. sending data acquired in Iraq back to NSA facilities in the U.S. By storing and processing the data locally, there would be less need to filter it, allowing for a wider net to be cast so that the NSA would have much more data available for retrospective analysis.

“Collection that would otherwise have been discarded because it could not be directly linked to a known target is now subjected to analytic algorithms that can reveal new targets of interest,” Heath wrote. In order to cover Baghdad, the RT10 system would need to be able to ingest 100 million “call events” or metadata records, 1 million “voice cuts” or recordings of phone calls, and another 100 million internet metadata records — per day.

At these volumes, RT10, the first iteration of what would become Real Time Regional Gateway, signaled a radical shift from traditional signals intelligence doctrine: from collecting and storing only what’s needed to find the “needle in the haystack” to Alexander’s “collect-it-all” philosophy, first described in a Washington Post article by a former intelligence official as “Let’s collect the whole haystack.”

According to a PowerPoint presentation authored by Heath, RT10 would result in “better decisions in less time.” Not only would it be able to geolocate targets almost immediately based on their cellphones, if offered “pattern-of-life” analysis, detecting when targets used multiple phones or otherwise “deviate in behavior.”

In one instance, RT-RG was put to task against a “particularly elusive” Iraqi target who was ”known to take his cell phone completely apart when he went home to prevent our tracking,” according to SIDtoday.

Unable to properly distill the target’s pattern of life, NSA analysts instead turned the powerful surveillance tool against his wife. She would travel to south Baghdad on weekends to be with her husband, thus revealing a likely future location at which he would be vulnerable. So the combat team “locked onto the wife’s cell phone selector for confirmation” and “raided the location identified by the RT-RG tools.”

The Rockets Stopped Falling

RT-RG soon attracted interest from outside the military and for military operations well outside Iraq. An NSA employee deployed to Baghdad in 2009 described, in SIDtoday, how he was asked to demonstrate the system to enthusiastic representatives from the FBI and other government agencies. The employee showed off a screen mapping live insurgent movements, with “Arabic text messages scrolling across the bottom as the insurgents sent messages” to one another.

I could see it was starting to sink in with many of the ops guys… An analyst from the FBI raised his hand and, pointing at the screen, asked, “Is this why the rockets stopped falling on the Green Zone?” — shaking his head in awe, he watched [as] one of his own targets moved across the screen, tracked in near real-time — to which I nodded and smiled.

By the time the Real Time Regional Gateway was churning away at the haystacks of data emerging from the Baghdad area, plans for a new RT-RG installation in Afghanistan were already in full swing.

Read More @ TheIntercept.com