Year in Review

Monday 5 January 2015

Well, 2014 turned out to be quite a year. For me, it was a really productive one, and I was lucky enough to get the opportunity to work on some great projects. Below are a few personal highlights that I've put together as a sort of 'year in review', along with a list of notable stories and developments in the realm of surveillance and national security, some 'ones to watch' for 2015, and a few awards that I've decided to hand out for dishonourable government conduct, just because there was so much of it over the last twelve months, and the worst offenders deserve some recognition...

(I meant to post this last week, but I've been on a remote Spanish island on holiday with no internet connection... so here it is, better late than never...)
January to March

In January I worked with Canadian broadcaster CBC to reveal details about domestic surveillance in the Canada. In February, The Intercept launched, and I contributed to a story that revealed some new details about US and UK government efforts to target WikiLeaks. In March, I had a report out shining a light on how the US National Security Agency has worked alongside its UK partner Government Communication Headquarters to infect large numbers of computers across the world with malware. I also worked on a story exposing the NSA's targeting of innocent system administrators as part of its covert attempts to hack into communication networks.

April to June

In March, I worked with German news magazine Der Spiegel on a story revealing new details about the NSA's surveillance of world leaders. In April, I reported on British spies' attempts to get broad unsupervised access into NSA troves of surveillance data. And in June, I worked with some great reporters at Danish newspaper Dagbladet Information to reveal new information showing how the NSA forms secret partnerships with countries across the world in order to help significantly expand its surveillance reach.

July to September

In August, the US military banned its personnel from reading The Intercept, and a few days later we published one of the most important stories I've worked on to date, exposing a vast US surveillance search system used to share huge troves of private data among dozens of US government agencies, including domestic law enforcement. The story revealed the decades-long history of US agencies' use of masses of metadata to monitor people's behaviour, and exposed how the CIA was using metadata to aid its efforts to secretly kidnap terror suspects (a practice that often resulted in the suspects — some of whom were totally innocent — being brutally tortured).

In September, we began reporting details at The Intercept about the scope of surveillance in New Zealand, and shined a light on deceptive statements made by the government there about its spying efforts; meanwhile, police raided and ransacked the home of the excellent investigative reporter that we were (and are) working with on Snowden revelations related to New Zealand.

October to December

In November, I worked on a story revealing how one of the most sophisticated pieces of malware ever discovered — dubbed "Regin" by security experts — was linked to cyberattacks perpetrated by British spies against Belgian telecommunications company Belgacom and European Union offices. This piece was an interesting one to work on in that it combined both news reportage with malware analysis — something that's never been done before in journalism, I think — and was published alongside downloadable samples of the Regin malware.

In December, I had a new report out revealing a secret NSA program that involves spying on emails sent among hundreds of mobile phone companies around the world, a practice that helps the agency hack into phone networks. The story exposed how the NSA targeted a London-headquartered trade group that represents tech giants like Microsoft and Facebook, and provided evidence that NSA had been working to insert security vulnerabilities into global telecommunications infrastructure so that they can be exploited for surveillance.

Also in December, I reported new details about the GCHQ hack of Belgian telecommunications company Belgacom as part of a reporting collaboration with newspapers in Belgium and the Netherlands. This particular story is one that I am especially proud of; it was the culmination of about six months of work, and took a huge amount of cooperation with different teams operating out of four separate countries simultaneously. We were able to tell the full story of the British hack on Belgacom, a hugely significant incident representing an unprecedented cyberattack by one EU member state on another. The story included new 'smoking gun' evidence showing that the Regin malware samples contained code-names that also appeared in secret GCHQ documents obtained from whistleblower Edward Snowden.

Vital stories

Here a list of some reports and developments that stood out to me in 2014:

NSA collects millions of text messages daily in 'untargeted' global sweep, The Guardian, 16 January.

Snowden docs show UK spies attacked Anonymous, hackers, NBC News, 4 February.

The NSA’s secret role in the US assassination program, The Intercept, 10 February.

Optic Nerve: millions of Yahoo webcam images intercepted by GCHQ, The Guardian, 27 February.

NSA surveillance program reaches ‘into the past’ to retrieve, replay phone calls, Washington Post, 18 March.

Top EU court rejects EU-wide data retention law, BBC News, 8 April.

Death from above: how American drone strikes are devastating Yemen, Rolling Stone, 14 April.

Turkish president approves law widening secret service's powers, Reuters, 24 April.

The NSA is recording every cell phone call in the Bahamas, The Intercept, 19 May.

Germany arrests man suspected of spying for US, BBC News, 4 June.

NSA: Inside the five-eyed vampire squid of the Internet, The Register, 5 June.

Vodafone reveals existence of secret wires that allow state surveillance, The Guardian, 6 June.

US officials scrambled to nab Snowden, hoping he would take a wrong step. He didn’t, Washington Post, 14 June.

GCHQ sanctions spying on every Facebook, Google and Twitter user, The Telegraph, 17 June.

In NSA-intercepted data, those not targeted far outnumber the foreigners who are, Washington Post, 5 July.

Germany to spy on US for first time since 1945 after ‘double agent’ scandal, The Independent, 7 July.

Meet the Muslim-American leaders the FBI and NSA have been spying on, The Intercept, 9 July.

Hacking online polls and other ways British spies seek to control the Internet, The Intercept, 14 July.

The secret government rulebook for labeling you a terrorist, The Intercept, 23 July.

CIA Admits improperly hacked into Senate computers, Washington Times, 31 July.

Barack Obama’s secret terrorist-tracking system, by the numbers, The Intercept, 5 August.

The Islamic State (documentary), Vice, 7 August.

German spy company helped Bahrain hack Arab Spring protesters, The Intercept, 8 August.

Photos of alleged 9/11 '20th hijacker' can stay classified: court, Reuters, 2 September.

MRAPs and bayonets: what we know about the Pentagon's 1033 program, NPR, 2 September.

The NSA and GCHQ campaign against German satellite companies, The Intercept, 14 September.

Israel's NSA scandal, New York Times, 16 September.

Wikileaks releases FinFisher files to highlight government malware abuse, The Guardian, 16 September.

The NSA and me, The Intercept, 2 October.

Citizen Four (documentary), 10 October.

Why was the NSA chief playing the market? Foreign Policy, 22 October.

MI5 spied on leading British historians for decades, secret files reveal, The Guardian, 24 October.

In Cold War, US spy agencies used 1,000 Nazis, New York Times, 26 October.

Secret manuals show the spyware sold to despots and cops worldwide, The Intercept, 30 October.

Brazil is keeping its promise to avoid the US Internet, Gizmodo, 30 October.

Disguised as climate negotiators, Dagbladet Information, 1 November.

UK intelligence agencies spying on lawyers in sensitive security cases, The Guardian, 7 November.

FBI says it impersonated AP reporter in 2007 case, AP, 7 November.

Americans’ cellphones targeted in secret US spy program, Wall Street Journal, 14 November.

WhatsApp now provides end-to-end encryption for your messages, Gizmodo, 18 November.

Before Snowden, a debate inside NSA, AP, 19 November.

US firms accused of enabling surveillance in despotic Central Asian regimes, The Intercept, 20 November.

How Vodafone-subsidiary Cable & Wireless aided GCHQ’s spying efforts, Süddeutsche Zeitung, 25 November.

CIA torture report, 9 December.

WikiLeaks CIA leaks, 18 & 21 December.

Inside the NSA's war on internet security, Der Spiegel, 27 December.

The Sabu Files, Vice/Daily Dot.

Save our sources campaign, The Press Gazette.

Ones to watch in 2015

Some things worth keeping an eye on...

A new US cybersecurity unit that will advise agencies on surveillance operations.

Details about a secret database being used by federal agents in the US, the existence of which has become the subject of dispute in an ongoing court case.

Information about documents being shredded en masse in a UK police anti-corruption investigation.

Developments in the US government's ongoing criminal investigation into WikiLeaks, which may have involved the use of a prominent informant.

The long-overdue publication of a government-commissioned post-Snowden review of UK surveillance operations.

The US government using state secrecy powers to block the release of files from anti-Iran group.

Renewed 'crypto wars' as law enforcement agencies in the US push for more powers to combat privacy-protecting encryption technologies.

More details about the CIA's hacking of Senate computers.

A continuing government effort to introduce new laws bolstering surveillance powers in the US, UK, Australia, Canada, and New Zealand.

Many more stories from the Snowden documents related to secret spying conducted by the US, UK, Australia, Canada, New Zealand, and other countries.

Now for a few awards...

Because I feel like handing out some dubious accolades:

Bullshit statement of the year

Winner: Recently retired GCHQ spy chief Sir Iain Lobban for his claim in October that the agency doesn't engage in "anything remotely resembling mass surveillance." A completely false statement that could not be further from the truth.

Runner-up: UK home secretary Theresa May for "collection of bulk data is not mass surveillance."

3rd prize: former US vice-president Dick Cheney for "we were very careful to stop short of torture."

Dishonourable mentions: former NSA and CIA chief Michael Hayden for "I didn’t do anything wrong"; New GCHQ spy chief Robert Hannigan for "GCHQ is happy to be part of a mature debate on privacy in the digital age."

Orwellian euphemism of the year

New Zealand's prime minister John Key tries and fails to make mass surveillance palatable to the public in September by re-branding it "mass protection."

Outrageous admission of the year

Former NSA and CIA chief Michael Hayden tells an audience at Johns Hopkins University in April: "We kill people based on metadata."

Understatement of the year

President Barack Obama, in August, on the CIA's brutal human rights abuses post 9/11: "We tortured some folks."

Gaffe of the year

UK foreign secretary Philip Hammond, who is responsible for signing off on GCHQ surveillance operations, illustrates that he doesn't have a clue what he's been approving during a parliamentary hearing in October.

Hypocrite of the year

Michael Hayden, the CIA chief who overseen the agency's secret extrajudicial kidnapping operations that involved imprisoning and torturing terrorism suspects, some of whom were entirely innocentcomplains in December that a Senate report criticising CIA torture methods was like being "tried and convicted in absentia. We were not given an opportunity to mount a defense."

Most bizarre mass surveillance justification of the year

UK prime minister David Cameron explains to British lawmakers in January that fictional TV crime dramas demonstrate the need for new dragnet spying powers.

Most absurd response to surveillance revelations of the year

A special joint award that goes to the Canadian prime minister's parliamentary secretary, Paul Calandra, and John Key, New Zealand's prime minister. Instead of addressing the substance of revelations about secret government spying in 2014 (that I was involved in reporting), Calandra and Key both resorted to weird and childish petty insults, calling my colleague Glenn Greenwald a "porn spy" (Calandra) and a "loser" (Key).

Villain of the year

UK police and security agencies for establishing a precedent that means journalism — the mere publication of facts and opinions — can now be considered terrorism; for working to secretly identify journalists' confidential sources; and for eavesdropping on lawyers' privileged communications.