India may be working with the American National Security Agency (NSA) to intercept email, chat, VPN data, VoIP and voice call records among others. This is based on documents that were newly released by Edward Snowden to Danish newspaper Dagbladet Information and The Intercept. You can download the files here. Also see these documents that were used by The Intercept editor Glenn Greenwald for writing his book on the issue.

According to these documents, India is an “Approved SIGINT partner” with the NSA. SIGINT is a common term used in intelligence circles that stands for signals Intelligence, and refers to capturing of communication between two people. Decrypting of messages, traffic analysis etc are also part of SIGINT. The agency then taps these SIGINT partnerships for creating two major programs called RAMPART-A and WINDSTOP for collecting data in transit between the source and the servers, as opposed to collecting data from each Internet company (Google, Microsoft, Yahoo) separately. Considering WINDSTOP only partners with second parties, primarily the UK, to access communications into and out of Europe and Middle East, third-party partner like India should fall under RAMPART-A.

sigint partners

Approved SIGINT partners (click to expand)

RAMPART-A provides NSA with collection against long-haul international leased communications through special access initiatives with world-wide SIGINT partnerships. RAMPART-A has access to over 3 Terabites of data per second encompassing all communication technologies such as voice, fax, telex, modem, e-mail, internet chat, VPN, VoIP and voice call records. This program has “TURMOIL” capabilities according to the documents, which means that these sensors can passively collect vast amounts of data. It may also be used for spotting common internet encryption technologies that the NSA can exploit.

Worldwide SIGINT platform

Worldwide SIGINT platform (Click to expand)

New Delhi is mentioned in another slide that lists all units that are part of SIGINT platform. The NSA has Computer Network Exploitation in 50,000 locations around the world and from the graphic above it looks like there are at least five of them in India that are part of SIGINT. It is not clear where exactly these are or which companies they are.

These documents also talks about FAIRVIEW, which has corporate relationships with ISP and telcos and collects communications data from fiber cables and various infrastructure through which data passes through. These documents don’t however mention if FAIRVIEW has relationships with Indian companies.

Data collected upstream internationally are of two kind according to these documents: DNI selectors has all information about a user’s activity online, while DNR selectors are meta data of voice calls made and messages sent through telcos.

How Indian embassy was targeted

Another document leaked by Snowden shows that Indian embassy in US was monitored. The NSA used the following methods for collecting information from the embassy and officials there:

Implants (sensors or recording devices possibly) in the Indian embassy to collect data.
Screen grabs. Method is called Vagrant
– Created images of disks. This is bizarre considering that India is a part of SIGINT.
– It also used a method termed ‘magnetic’ through which a sensor collected data from magnetic emanations. We’re not sure what this means.

This document is from 2010 and it indicates that snooping from these offices were dropped shortly afterwards.

close_access_sigads

These new documents also mention the amount spent by NSA on foreign partners to create and maintain the RAMPART-A and WINDSTOP programs. However, there is no country-wise split so it is not clear how much was spent in India or paid to Indian companies.

foreign_partner_access_budget

What about NATGRID, CMS and Netra?

Indian government has been building Central Monitoring System (CMS) for monitoring all online communication in India, Netra for keyword based tracking of online content and NATGRID for linking all available personal data of people in India. This year, India made it to the Enemies of the Internet report published by Reporters Without Borders for the first time, along with US, UK and Russia, for creating these three monitoring tools. That being the case, we don’t know if these projects are already part of RAMPART-A or if the government is considering sharing this data with the NSA in the future.

With these three projects, Indian government will be able to intercept all online communication in India, but it does not have the decryption code for deciphering these messages. It had approached the US government last year seeking help to decrypt messages sent over services such as WhatsApp and Skype. It had similarly fought long and hard to get these codes from BlackBerry as well. However, by the time the mobilephone manufacturer agreed to hand over these details, the popularity of Blackberry handsets had already declined in India.