Inside Menwith Hill

Sunday 23 October 2016


The narrow roads are quiet and winding, surrounded by rolling green fields and few visible signs of life beyond the occasional herd of sheep. But on the horizon, massive white golf ball-like domes protrude from the earth, protected behind a perimeter fence that is topped with piercing razor wire. Here, in the heart of the tranquil English countryside, is the National Security Agency’s largest overseas spying base.

Once known only by the code name Field Station 8613, the secret base — now called Menwith Hill Station — is located about nine miles west of the small town of Harrogate in North Yorkshire. Originally used to monitor Soviet communications through the Cold War, its focus has since dramatically shifted, and today it is a vital part of the NSA’s sprawling global surveillance network.

For years, journalists and researchers have speculated about what really goes on inside Menwith Hill, while human rights groups and some politicians have campaigned for more transparency about its activities. Yet the British government has steadfastly refused to comment, citing a longstanding policy not to discuss matters related to national security.

Now, however, top-secret documents obtained by The Intercept offer an unprecedented glimpse behind Menwith Hill’s razor wire fence. The files reveal for the first time how the NSA has used the British base to aid “a significant number of capture-kill operations” across the Middle East and North Africa, fueled by powerful eavesdropping technology that can harvest data from more than 300 million emails and phone calls a day.

Over the past decade, the documents show, the NSA has pioneered groundbreaking new spying programs at Menwith Hill to pinpoint the locations of suspected terrorists accessing the internet in remote parts of the world. The programs — with names such as GHOSTHUNTER and GHOSTWOLF — have provided support for conventional British and American military operations in Iraq and Afghanistan. But they have also aided covert missions in countries where the U.S. has not declared war. NSA employees at Menwith Hill have collaborated on a project to help “eliminate” terrorism targets in Yemen, for example, where the U.S. has waged a controversial drone bombing campaign that has resulted in dozens of civilian deaths.

The disclosures about Menwith Hill raise new questions about the extent of British complicity in U.S. drone strikes and other so-called targeted killing missions, which may in some cases have violated international laws or constituted war crimes. Successive U.K. governments have publicly stated that all activities at the base are carried out with the “full knowledge and consent” of British officials.

The revelations are “yet another example of the unacceptable level of secrecy that surrounds U.K. involvement in the U.S. ‘targeted killing’ program,” Kat Craig, legal director of London-based human rights group Reprieve, told The Intercept.

“It is now imperative that the prime minister comes clean about U.K. involvement in targeted killing,” Craig said, “to ensure that British personnel and resources are not implicated in illegal and immoral activities.”
---

The British government’s Ministry of Defence, which handles media inquires related to Menwith Hill, declined to comment for this story.

The NSA referred a request for comment to the Director of National Intelligence’s office.

Richard Kolko, a spokesperson for the DNI, said in a statement: “The men and women serving the intelligence community safeguard U.S. national security by collecting information, conducting analysis, and providing intelligence for informed decision making under a strict set of laws, policies and guidelines. This mission protects our nation and others around the world.”

The equipment at Menwith Hill covers roughly one square mile, which is patrolled 24 hours a day by armed British military police and monitored by cameras perched on posts that peer down on almost every section of the 10-foot perimeter fence.

Most visible from the outside are a cluster of about 30 of the giant white domes. But the site also houses a self-contained community, accessible only to those with security clearance. Among operations buildings in which analysts listen in on monitored conversations, there is a bowling alley, a small pool hall, a bar, a fast food restaurant, and a general store.

Most of the world’s international phone calls, internet traffic, emails, and other communications are sent over a network of undersea cables that connect countries like giant arteries. At spy outposts across the world, the NSA and its partners tap into these cables to monitor the data flowing through them. But Menwith Hill is focused on a different kind of surveillance: eavesdropping on communications as they are being transmitted through the air.

According to top-secret documents obtained by The Intercept from NSA whistleblower Edward Snowden, Menwith Hill has two main spying capabilities. The first is called FORNSAT, which uses powerful antennae contained within the golf ball-like domes to eavesdrop on communications as they are being beamed between foreign satellites. The second is called OVERHEAD, which uses U.S. government satellites orbiting above targeted countries to locate and monitor wireless communications on the ground below — such as cellphone calls and even WiFi traffic.

In the late 1980s, international communication networks were revolutionized by new fiber-optic undersea cables. The technology was cheaper than satellites and could transmit data across the world much faster than ever before, at almost the speed of light. For this reason, according to the NSA’s documents, in the mid-1990s the U.S. intelligence community was convinced that satellite communications would soon become obsolete, to be fully replaced by fiber-optic cable networks.

But the prediction proved to be wrong. And millions of phone calls are still beamed between satellites today, alongside troves of internet data, which the NSA has readily exploited at Menwith Hill.

“The commercial satellite communication business is alive and well and bursting at the seams with increasingly sophisticated bulk DNI (Digital Network Intelligence) traffic that is largely unencrypted,” the NSA reported in a 2006 document. “This data source alone provides more data for Menwith Hill analysts to sift through than our entire enterprise had to deal with in the not-so-distant past.”

As of 2009, Menwith Hill’s foreign satellite surveillance mission, code-named MOONPENNY, was monitoring 163 different satellite data links. The intercepted communications were funneled into a variety of different repositories storing phone calls, text messages, emails, internet browsing histories, and other data.

It is not clear precisely how many communications Menwith Hill is capable of tapping into at any one time, but the NSA’s documents indicate the number is extremely large. In a single 12-hour period in May 2011, for instance, its surveillance systems logged more than 335 million metadata records, which reveal information such as the sender and recipient of an email, or the phone numbers someone called and at what time.

To keep information about Menwith Hill’s surveillance role secret, the U.S. and U.K. governments have actively misled the public for years through a “cover story” portraying the base as a facility used to provide “rapid radio relay and conduct communications research.” A classified U.S. document, dated from 2005, cautioned spy agency employees against revealing the truth. “It is important to know the established cover story for MHS [Menwith Hill Station] and to protect the fact that MHS is an intelligence collection facility,” the document stated. “Any reference to satellites being operated or any connection to intelligence gathering is strictly prohibited.”

The outpost was built in the 1950s as part of a deal made by the British and American governments to house U.S. personnel and surveillance equipment. In its early days, Menwith Hill’s technology was much more primitive. According to Kenneth Bird, who worked at the base in the 1960s during the Cold War, it was focused then on monitoring high frequency radio signals in Eastern Europe. Intercepted conversations were recorded on Ampex tape recorders, Bird noted in his published 1997 account, with some transcribed by analysts in real-time using typewriters.

The modern Menwith Hill is a very different place. Now, not only are its spying systems capable of vacuuming up far more communications, but they also have a far broader geographic reach. In addition, the targets of the surveillance have drastically changed, as have the purposes for which the eavesdropping is carried out.

The documents obtained by The Intercept reveal that spy satellites operated at Menwith Hill today can target communications in China and Latin America, and also provide “continuous coverage of the majority of the Eurasian landmass,” where they intercept “tactical military, scientific, political, and economic communications signals.” But perhaps the most significant role the base has played in recent years has been in the Middle East and North Africa.

Especially in remote parts of the world where there are no fiber-optic cable links, it is common for internet connections and phone calls to be routed over satellite. Consequently, Menwith Hill became a vital asset in the U.S. government’s counterterrorism campaign after the 9/11 attacks. Since then, the base has been used extensively to tap into communications in otherwise hard-to-reach areas where Islamic extremist groups such as al Qaeda and al Shabaab have been known to operate — for example, in the Afghanistan-Pakistan border region, Somalia, and Yemen.

Crucially, however, Menwith Hill has been used for more than just gathering intelligence on people and governments across countries in the Middle East and North Africa. Surveillance tools such as the GHOSTHUNTER system were developed to directly aid military operations, pinpointing the locations of targeted people or groups so that they could then be captured or killed.

The NSA’s documents describe GHOSTHUNTER as a means “to locate targets when they log onto the internet.” It was first developed in 2006 as “the only capability of its kind” and it enabled “a significant number of capture-kill operations” against alleged terrorists. Only a few specific examples are given, but those cases give a remarkable insight into the extraordinary power of the technology.

In 2007, for instance, analysts at Menwith Hill used GHOSTHUNTER to help track down a suspected al Qaeda “facilitator” in Lebanon who was described as “highly actionable,” meaning he had been deemed a legitimate target to kill or capture. The location of the target — who was known by several names, including Abu Sumayah — was traced to within a few hundred meters based on intercepts of his communications. Then a spy satellite took an aerial photograph of the neighborhood in Sidon, south Lebanon, in which he was believed to be living, mapping out the surrounding streets and houses. A top-secret document detailing the surveillance indicates that the information was to be passed to a secretive special operations unit known as Task Force 11-9, which would have been equipped to conduct a covert raid to kill or capture Sumayah. The outcome of the operation, however, is unclear, as it is not revealed in the document.

In another case in 2007, GHOSTHUNTER was used to identify an alleged al Qaeda “weapons procurer” in Iraq named Abu Sayf. The NSA’s surveillance systems spotted Sayf logging into Yahoo email or messenger accounts at an internet cafe near a mosque in Anah, a town on the Euphrates River that is about 200 miles northwest of Baghdad. Analysts at Menwith Hill used GHOSTHUNTER to track down his location and spy satellites operated from the British base captured aerial images. This information was passed to U.S. military commanders based in Fallujah to be included as part of a “targeting plan.”

A few days later, a special operations unit named Task Force-16 stormed two properties, where they detained Sayf, his father, two brothers, and five associates.

By 2008, the apparent popularity of GHOSTHUNTER within the intelligence community meant that it was rolled out at other surveillance bases where NSA has a presence, including in Ayios Nikolaos, Cyprus, and Misawa, Japan. The expansion of the capability to the other bases meant that it now had “near-global coverage.” But Menwith Hill remained its most important surveillance site. “[Menwith Hill] still supplies about 99% of the FORNSAT data used in GHOSTHUNTER geolocations,” noted a January 2008 document about the program.

A 2009 document added that GHOSTHUNTER’s focus was at that time “on geolocation of internet cafés in the Middle East/North Africa region in support of U.S. military operations” and said that it had to date “successfully geolocated over 5,000 VSAT terminals in Iraq, Afghanistan, Syria, Lebanon, and Iran.” VSAT, or Very Small Aperture Terminal, is a satellite system commonly used by internet cafés and foreign governments in the Middle East to send and receive communications and data. GHOSTHUNTER could also home in on VSATs in Pakistan, Somalia, Algeria, the Philippines, Mali, Kenya, and Sudan, the documents indicate.

Menwith Hill’s unique ability to track down satellite devices across the world at times placed it on the front line of conflicts thousands of miles away. In Afghanistan, for instance, analysts at the base used the VSAT surveillance to help track down suspected members of the Taliban, which led to “approximately 30 enemy killed” during one series of attacks that were mentioned in a top-secret July 2011 report. In early 2012, Menwith Hill’s analysts were again called upon to track down a VSAT: this time, to assist British special forces in Afghanistan’s Helmand Province. The terminal was swiftly located, and within an hour an MQ-9 Reaper drone was dispatched to the area, presumably to launch an airstrike.

But the lethal use of the surveillance data does not appear to have been restricted to conventional war zones such as Afghanistan or Iraq. The NSA developed similar methods at Menwith Hill to track down terror suspects in Yemen, where the U.S. has waged a covert drone war against militants associated with al Qaeda in the Northern Peninsula.

In early 2010, the agency revealed in an internal report that it had launched a new technique at the British base to identify many targets “at almost 40 different geolocated internet cafés” in Yemen’s Shabwah province and in the country’s capital, Sanaa. The technique, the document revealed, was linked to a broader classified initiative called GHOSTWOLF, described as a project to “capture or eliminate key nodes in terrorist networks” by focusing primarily on “providing actionable geolocation intelligence derived from [surveillance] to customers and their operational components.”

The description of GHOSTWOLF ties Menwith Hill to lethal operations in Yemen, providing the first documentary evidence that directly implicates the U.K. in covert actions in the country.

Menwith Hill’s previously undisclosed role aiding the so-called targeted killing of terror suspects highlights the extent of the British government’s apparent complicity in controversial U.S. attacks — and raises questions about the legality of the secret operations carried out from the base.

There are some 2,200 personnel at Menwith Hill, the majority of whom are Americans. Alongside NSA employees within the complex, the U.S. National Reconnaissance Office also has a major presence at the site, running its own “ground station” from which it controls a number of spy satellites.

But the British government has publicly asserted as recently as 2014 that operations at the base “have always been, and continue to be” carried out with its “knowledge and consent.” Moreover, roughly 600 of the personnel at the facility are from U.K. agencies, including employees of the NSA’s British counterpart Government Communications Headquarters, or GCHQ.

For several years, British human rights campaigners and lawmakers have been pressuring the government to provide information about whether it has had any role aiding U.S. targeted killing operations, yet they have been met with silence. In particular, there has been an attempt to establish whether the U.K. has aided U.S. drone bombings outside of declared war zones — in countries including Yemen, Pakistan, and Somalia — which have resulted in the deaths of hundreds of civilians and are in some cases considered by United Nations officials to possibly constitute war crimes and violations of international law.

Though the Snowden documents analyzed by The Intercept state that Menwith Hill has aided “a significant number” of “capture-kill” operations, they do not reveal specific details about all of the incidents that resulted in fatalities. What is clear, however, is that the base has targeted countries such as Yemen, Pakistan, and Somalia as part of location-tracking programs like GHOSTHUNTER and GHOSTWOLF — which were created to help pinpoint individuals so they could be captured or killed — suggesting it has played a part in drone strikes in these countries.

Craig, the legal director at Reprieve, reviewed the Menwith Hill documents — and said that they indicated British complicity in covert U.S. drone attacks. “For years, Reprieve and others have sought clarification from the British government about the role of U.K. bases in the U.S. covert drone program, which has killed large numbers of civilians in countries where we are not at war,” she told The Intercept. “We were palmed off with platitudes and reassured that any U.S. activities on or involving British bases were fully compliant with domestic and international legal provisions. It now appears that this was far from the truth.”

Jemima Stratford QC, a leading British human rights lawyer, told The Intercept that there were “serious questions to be asked and serious arguments to be made” about the legality of the lethal operations aided from Menwith Hill. The operations, Stratford said, could have violated the European Convention on Human Rights, an international treaty that the U.K. still remains bound to despite its recent vote to leave the European Union. Article 2 of the Convention protects the “right to life” and states that “no one shall be deprived of his life intentionally” except when it is ordered by a court as a punishment for a crime.

Stratford has previously warned that if British officials have facilitated covert U.S. drone strikes outside of declared war zones, they could even be implicated in murder. In 2014, she advised members of the U.K. Parliament that because the U.S. is not at war with countries such as Yemen or Pakistan, in the context of English and international law, the individuals who are targeted by drones in these countries are not “combatants” and their killers are not entitled to “combatant immunity.”

“If the U.K. government knows that it is transferring data that may be used for drone strikes against non-combatants … that transfer is probably unlawful,” Stratford told the members of Parliament. “An individual involved in passing that information is likely to be an accessory to murder.”

GCHQ refused to answer questions for this story, citing a “long standing policy that we do not comment on intelligence matters.” A spokesperson for the agency issued a generic statement asserting that “all of GCHQ’s work is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight.” The spokesperson insisted that “U.K.’s interception regime is entirely compatible with the European Convention on Human Rights.”

In February 2014, the U.S. Department of Defense announced after a review that it was planning to reduce personnel at Menwith Hill by 2016, with about 500 service members and civilians set to be removed from the site. A U.S. Air Force spokesperson told the military newspaper Stars and Stripes that the decision was based on technological advances, which he declined to discuss, though he mentioned improvements in “server capacity to the hardware that we’re using; we’re doing more with less.”

The documents provided by Snowden shine light on some of the specific technological changes. Most notably, they show that there has been significant investment in introducing new and more sophisticated mass surveillance systems at Menwith Hill in recent years. A crucial moment came in 2008, when then-NSA Director Keith Alexander introduced a radical shift in policy. Visiting Menwith Hill in June that year, Alexander set a challenge for employees at the base. “Why can’t we collect all the signals, all the time?” he said, according to NSA documents. “Sounds like a good summer homework project for Menwith.”

As a result, a new “collection posture” was introduced at the base, the aim being to “collect it all, process it all, exploit it all.” In other words, it would vacuum up as many communications within its reach as technologically possible.

Between 2009 and 2012, Menwith Hill spent more than $40 million on a massive new 95,000-square-foot operations building — nearly twice the size of an average American football field. A large chunk of this space — 10,000 square feet — was set aside for a data center that boasted the ability to store huge troves of intercepted communications. During the renovations, the NSA shipped in new computer systems and laid 182 miles of cables, enough to stretch from New York City to the outskirts of Boston. The agency also had a 200-seat-capacity auditorium constructed to host classified operations meetings and other events.

Some of the extensive expansion work was visible from the road outside the secure complex, which triggered protests from a local activist group called the Campaign for the Accountability of American Bases. Since the early 1990s, the group has closely monitored activities at Menwith Hill. And for the last 16 years, its members have held a small demonstration every Tuesday outside the base’s main entrance, greeting NSA employees with flags and colorful homemade banners bearing slogans critical of U.S. foreign policy and drone strikes.

Fabian Hamilton, a member of Parliament based in the nearby city of Leeds, has become a supporter of the campaign’s work, occasionally attending events organized by the group and advocating for more transparency at Menwith Hill. Hamilton, who represents the Labour Party, has doggedly attempted to find out basic information about the base, asking the government at least 40 parliamentary questions since 2010 about its activities. He has sought clarification on a variety of issues, such as how many U.S. personnel are stationed at the site, whether it is involved in conducting drone strikes, and whether members of a British parliamentary oversight committee have been given full access to review its operations. But his efforts have been repeatedly stonewalled, with British government officials refusing to provide any details on the grounds of national security.

Hamilton told The Intercept that he found the secrecy shrouding Menwith Hill to be “offensive.” The revelations about the role it has played in U.S. killing and capture operations, he said, showed there needed to be a full review of its operations. “Any nation-state that uses military means to attack any target, whether it is a terrorist, whether it is legitimate or not, has to be accountable to its electorate for what it does,” Hamilton said. “That’s the basis of our Parliament, it’s the basis of our whole democratic system. How can we say that Menwith can carry out operations of which there is absolutely no accountability to the public? I don’t buy this idea that you say the word ‘security’ and nobody can know anything. We need to know what is being done in our name.”

This article first appeared at The Intercept.