NSA data may have been used to target Kim Dotcom

The New Zealand police who took down Mega founder Kim Dotcom had some key intelligence on his online activity, provided by a foreign government’s spy powers.

Those powers, it’s worth noting, are strikingly similar to ones we’ve recently learned are possessed by the U.S.’s National Security Agency.

As noticed by blogger Keith Ng, an affidavit in Dotcom’s case shows that the Organised and Financial Crime Agency, which coordinated the raid on Dotcom’s mansion in his adopted homeland of New Zealand, asked for help from New Zealand’s Government Communications Security Bureau. The GCSB is New Zealand’s equivalent of the NSA.

The affidavit tasked “selectors” to look for information on Kim Dotcom. As noted by the ACLU’s Chris Soghoian, that’s the same terminology used with the NSA’s XKeyscore online surveillance initiative. Through XKeyscore, the NSA builds a searchable database of  “nearly everything a typical user does on the Internet,” according to one agency slide. That includes information like phone calls, emails, logins, and general “user activity.” 

The affidavit doesn’t explicitly confirm that intelligence acquired by OFCANZ came from NSA intelligence, but simple deduction shows that there’s only a handful of sources with that type of access. Since 1946, intelligence agencies in five countries—GCSB, the NSA, as well as the equivalent agencies in the U.K., Australia, and Canada—have shared information, allied under the banner of “Five Eyes.” Former NSA contractor Edward Snowden has previously pointed to the Five Eyes as sharing information obtained through other programs whose existence he has proven through leaks.

And it’s clear that the information in the Dotcom case was shared among Five Eyes agencies. As with the NSA slides Snowden leaked, that described how XKeyscore works, the “querying” letter included in the affidavit is headed with “REL TO NZL, AUS, CAN, GBR, USA”—the Five Eyes countries.

As for what the agency in question queried, much of that information is redacted. But it does include a fairly comprehensive list of Dotcom signifiers: email addresses and websites that presumably belong to him, an Internet protocol (IP) address, plus more traditional intelligence like passport numbers and physical addresses.

The U.S. repeatedly insists that its Internet surveillance tools are for preventing terrorism; on Wednesday, the NSA reiterated that those Internet powers are “the most significant tool in the NSA collection arsenal for the detection, identification, and disruption of terrorist threats to the U.S. and around the world.” 

If the NSA did use its intelligence to help take down Dotcom, it would be the first known case of that information being used against an alleged criminal with no suspicion of terrorism, violence, or sex-trafficking. Sensitive-but-unclassified documents have shown that in a handful of cases, NSA intelligence is used against other major suspects.

Dotcom is currently wanted by the FBI, which seeks to extradite him to the U.S. to face charges of copyright infringement and money laundering.

Illustration by Jason Reed

Kevin Collier

Kevin Collier

A former senior politics reporter for the Daily Dot, Kevin Collier focuses on privacy, cybersecurity, and issues of importance to the open internet. Since leaving the Daily Dot in March 2016, he has served as a reporter for Vocativ and a cybersecurity correspondent for BuzzFeed.