In 2013, journalists began revealing secrets associated with members of the Five Eyes (FVEY) intelligence alliance. These secrets were disclosed by Edward Snowden, a US intelligence contractor. The journalists who published about the documents did so after carefully assessing their content and removing information that was identified as unduly injurious to national security interests or threatened to reveal individuals’ identities. During my tenure at the Citizen Lab I provided expert advice to journalists about the newsworthiness of different documents and, also, content that should be redacted as its release was not in the public interest. In some cases documents that were incredibly interesting were never published on the basis that doing so would be injurious to national security, notwithstanding the potential newsworthiness of the documents in question.
Since 2013 I have worked with the Snowden documents for a variety of research projects. As part of these projects I have tried to decipher the meaning of the covernames that litter the document (e.g., CASCADE, MEMORYHOLE, SPEARGUN, or PUZZLECUBE), as well as objectively trying to summarise what is contained in the documents themselves without providing commentary on the appropriateness, ethics, or lawfulness of the activities in question.
In all cases the materials which are summarised on my website have been published, in open-source, by professional news organizations or other publishers. None of the material that I summarise or host is new and none of it has been leaked or provided to me by government or non-government bodies. No current or former intelligence officer has provided me with details about any of the covernames or underlying documents. This said, researchers associated with the Citizen Lab and other academic institutions have, in the past, contributed to some of the materials published on this website.
As a caveat, all descriptions of what the covernames mean or refer to, and what are contained in individual documents leaked by Edward Snowden, are provided on a best-effort basis. Entries will be updated periodically as time is available to analyse further documents or materials.
Summaries are organized by the year in which the underlying documents were made public, as opposed to the year they may have been authored internal to the agency.
This page was last updated January 17, 2023.
- GCSB Update 21 March 2012
- GCSB Update 22 April 2010
- GCSB Access to NSA Database (Snippet)
- SPEARGUN Phase 1
- GCSB SIGINT Development Quarterly Report
GCSB Update 21 March 2012
Summary: This slide deck discusses common updates between the National Security Agency (NSA) and their New Zealand counterparts, the Government Communications Security Bureau (GCSB). It was produced by the COMSAT Advisory Board (CAB). The updates give an overview of the activities at the GCSB Waihopai surveillance sites in New Zealand, codenamed IRONSAND.
First, it details the economic status of the GCSB, specifically plans to co-locate it with the New Zealand Intelligence and Security Service (NZSIS) and the “unprecedented” economic pressures facing the GCSB.
Second, it gives an update on the court proceedings of the 2008 Ploughshares “Radome Incident” where peace activists punctured one of the radomes covering the Waihopai signals antennae.
Third, the slides detail how the International Telecommunications Satellite Organization (INTELSAT), a provider of fixed satellite services, replaced its IS-701 type satellites with IS-18 satellites, and the implications of this replacement. The satellites are used for broadcasting, business, and telecommunications purposes. The slides map out the coverage of the satellites in the Pacific along the Western and Southern hemispheres. The slides also note that “Project SPEARGUN” is under way. It is unclear what, specifically, SPEARGUN entails.
Fourth, under the heading “SHAREDQUEST (SQ),” the slides provide updates on DARKQUEST (DQ) and FALLOWHAUNT (FH). Funding for Phase II of DARKQUEST was delayed and FALLOWHAUNT lacked KEYCARD capability. Both DARKQUEST and FALLOWHAUNT were installed November 10. Slides also reference NSA upgrades to “T&F” (May 2012) and the future installation of APPARITION (June 2012). Installations for “GPS” on September 12 were expected, as was SHADOWCAT. There is no information in the slides about what these codenames specifically refer to.
Document Published: March 8, 2015 Document Dated: March 21, 2012 Document Length: 17 pages Associated Article: Documents Shine Light on Shadowy New Zealand Surveillance Base; Snowden files: Inside Waihopai's domes Download Document: GCSB Update 21 March 2012 Authoring Agency: GCSB Classification: SECRET COMINT REL TO NZL FVEY Codenames: APPARITION, DARKQUEST, FALLOWHAUNT, IRONSAND, KEYCARD, SHADOWCAT, SHAREDQUEST, SILVER PEAK
GCSB Update 22 April 2010
Summary. This slide deck, produced by the COMSAT Advisory Board (CAB), discusses common updates between the National Security Agency (NSA) and its New Zealand counterparts, the Government Communications Security Bureau (GCSB). The updates give an overview of the activities at the GCSB Waihopai surveillance sites in New Zealand, codenamed IRONSAND. Many of the updates are bullet points only, with little descriptive text to expand on given points.
In terms of content, the deck first addresses the budgetary challenges facing the GCSB. Second, it recalls the court proceedings of the 2008 Ploughshares “Radome Incident” where peace activists punctured one of the radomes covering the Waihopai signals antennae. Third, it gauges the operational performance (in terms of availability) of various systems on the site for February and March 2010. Fourth, it discusses the result of a virtualisation visit that discussed foreign satellite surveillance as well as the VQuest Initiative, which is part of the SHAREDQUEST project or program. The presentation concludes by acknowledging how TORUS satellite antennae are enabling an increase in COMSAT and FORNSAT collection, and notes that an Menwith Hill Station (MHS) Technical Exchange is planned for late April 2010, at which IRONSAND will be briefed on the MHS “Collect it all” initiative and investigate the IRONSAND virtualisation and data centre concept.
Document Published: March 8, 2015 Document Dated: April 22, 2010 Document Length: 13 pages Associated Article: Documents Shine Light on Shadowy New Zealand Surveillance Base; Snowden files: Inside Waihopai's domes Download Document: GCSB Update 22 April 2010 Authoring Agency: GCSB Classification: SECRET COMINT REL TO USA, FVEY Codenames: CALIX, COMMONGROUND, DUALTIRE, FLUTE, FRESNELEFFECT, IRONSAND, JACKHAMMER, JUGGERNAUT, KILOMISER, KRAUSS, LATENTHEAT, LEGALREPTILE, LOPERS D1, LOPERS M1, MOONSCAPE, SEMITONE, SHAREDQUEST, SSA, STONEGATE, SURFBOARD, VENUSAFFECT, VINEYARD, VINTAGE, VQUEST, WEALTHYCLUSTER
GCSB Access to NSA Database (Snippet)
Summary: This screenshot from a larger document notes how 20% of GCSB analysts cannot access NSA databases, such as XKEYSCORE, which is problematic because some New Zealand data is automatically captured exclusively by NSA systems. The snippet notes that access to DSD’s XKEYSCORE systems will function as a ‘first step’ towards full access to NSA systems.
Document Published: March 5, 2015 Document Dated: Unknown Document Length: 1 page Associated Article: The price of the Five Eyes club: Mass spying on friendly nations Download Document: GCSB Access to NSA Database (Snippet) Classification: Unknown Authoring Agency: GCSB (assumed) Codenames: XKEYSCORE
SPEARGUN Phase 1
Summary. This is a heavily redacted excerpt from a document that attests to the existence of a Government Communications Security Bureau (GCSB) cable access program, codenamed SPEARGUN. The new GCSB Act was expected in July 2013 as well the installation of a metadata probe in mid-2013.
Document Published: September 1, 2014 Document Dated: Undated Document Length: 1 page Associated Article: New Zealand Launched Mass Surveillance Project While Publicly Denying It Download Document: SPEARGUN Phase 1 Authoring Agency: GCSB Classification: TS/SI/NF (New Zealand) Codenames: SPEARGUN
GCSB SIGINT Development Quarterly Report
Summary: This document is an update concerning the Government Communications Security Bureau’s (GCSB) signals development activities for the second quarter of 2009. There are nine updates in the document which provide developments and trends related to target telecommunications; four of them have been completely redacted for publication.
Updates one and two provide updates on investments and public network developments in the Solomon Islands and Fiji, respectively. In the Solomon Islands the GCSB fine-tuned its CAPRICA collection to capture information emitted from recently installed 1800MHz cells by Solomon Telekom. The document also notes that the GCSB and DSD were planning a Radio-Frequency survey, codenamed PREBOIL, at GBR, Honiara. In Fiji, the GSCB noted that targets in the government and Republic of Fiji Military Forces (RFMF) were increasingly moving away from Vodafone services for Digicel services. The GCSB’s Development unit worked with the DSD’s Military Support unit to analyze how the Fiji Government, RFMF, and Fiji Police maintained their communications and operations practices.
The third update recognized how an undersea cable (South Pacific Island Network Cable) might be adopted within the South Pacific region. Analysts conclude that costs, disruptive satellite data satellites, and French ownership of the cable could prevent its wide scale adoption. The cable laying ship that dropped the SPIN cable was monitored using Electronic Signals Intelligence (ELINT). Also noted in this update are Digicel’s forthcoming deployment in Nauru and difficulties the company was facing securing a deal in Kiribati; difficulties stemmed from the government demanding local management of the Digicel network.
Update eight acknowledged progress in implementing a GCSB XKEYSCORE suite. Part of this involved updating IRONSAND with a virtualization of XKEYSCORE and preparing analysts for full-take collection and second party sharing. The DSD was anxious to share XKEYSCORE data and had modified its graphical user interface to meet GCSB compliance requirements; the GCSB also received training on compliance auditing so as to satisfy the GCSB’s Inspector General.
Update nine addressed the benefits of placing a GCSB development analyst within the DSD for four months, as part of GCSB’s preparation to ‘stand up’ its SIGINT development network analysis team. Training included network infrastructure analysis, access analysis, investigating call records sent over FTP, as well as in SS7 and VPNs.
Document Published: March 4, 2014 Document Dated: July 2009 Document Length: 6 pages Associated Article: The price of the Five Eyes club: Mass spying on friendly nations ; New Zealand Spies on Neighbors in Secret 'Five Eyes' Global Surveillance Download Document: GCSB SIGINT Development Quarterly Report Authoring Agency: GCSB Classification: TOP SECRET // COMINT // REL TO USA, AUS, CAN, GBR, NZL Codenames: CAPRICA, IRONSAND, PREBOIL, XKEYSCORE