While the initial disclosures by Edward Snowden revealed how US authorities are conducting mass surveillance on the world's communications, further reporting by the Guardian newspaper uncovered that UK intelligence services were just as involved in this global spying apparatus. Faced with the prospect of further public scrutiny and accountability, the UK Government gave the Guardian newspaper an ultimatum: hand over the classified documents or destroy them.
The Guardian decided that having the documents destroyed was the best option. By getting rid of only the documents stored on computers in the UK, it would allow Guardian journalists to continue their work from other locations while acquiescing to the Government's demand. However, rather than trust that the Guardian would destroy the information on their computers to the Government's satisfaction, GCHQ sent two representatives to supervise the operation. Typically, reliable destruction of such hardware in the circumstances would be to shred or melt all electronic components using a much larger version of the common paper shredder and leaving only the dust of the original devices. Indeed, some devices such as external USB sticks were turned to dust.
Alternatively, it might have been expected that GCHQ would solely target the hard drives of the devices in question. The hard drives, after all, are one of the few components of a computer where user data is supposed to be retained after the power to the device is removed.
Surprisingly, however, GCHQ were not just interested in hard drives nor did they destroy whole devices. An examination of the targeted hardware by Privacy International, with cooperation from the Guardian, has found the whole episode to be more troubling and puzzling than previously believed.
During our invesitgation, we were surprised to learn that a few very specific components on devices, such as the keyboard, trackpad and monitor, were targeted along with apparently trivial chips on the main boards of laptops and desktops. Initial consultation with members of the technology community supported our identification of the components and that the actions of GCHQ were worth analyzing further.
In light of GCHQ's actions, we have asked hardware manufacturers to explain what these elements actually do: what information can be stored on a device, how much information it can retain, and for how long.
Manufacturers must be transparent
By getting answers to these questions, we can get a glimpse into GCHQ's understanding of IT security threats, but also give individuals the information to better understand the devices they use everyday and how they can protect their personal information. For instance, people and organisations may need to re-evaluate how they dispose of their computing devices, given the very specific hardware components destroyed by GCHQ.
With such a wide range of chip manufacturers, it is impossible to know for certain which vendor produced the actual chips destroyed on the model in question. However, we hope the device manufacturers can shed some light on their preferred sources for such components. Furthermore, without cooperation from the device manufacturers it is impossible to know the precise role played by the component in the overall operation of the device.
Whatever the actual vendor and role of the chip, we need to know more about why GCHQ believes that these components can store user data and retain that data without power.
What was targeted?
We examined all the destroyed components, and while much was destroyed, our intial investigation will look to find out more about the following components targeted by GCHQ:
- keyboard controller chip
- trackpad controller chip
- inverting converter chip
Below, the left image shows a keyboard controller board intact while the right image is the destroyed component provided by the Guardian. From our analysis, we believe the targeted component of the keyboard is the keyboard encoder responsible for communicating over the USB and interpreting key presses on its various I/O pins. We believe this component, under the black covering in the image below, is similar in function to the chip described here.
Intact Keyboard Component Destroyed Keyboard Component
We have reached out to the following companies to ascertain the storage characteristics of a USB keyboard: Apple, Dell, HP, Logitech and Microsoft.
In relation to the trackpad, the first image below shows an intact trackpad controller board from a MacBook Air device, while the second image below shows the destroyed component. We believe the targeted component is a serial flash chip that may perform a similar function to the keyboard controller also targeted. It is noteworthy that the device in question uses the controller board on the trackpad to also connect the keyboard to the main device. We believe the component to be similar to the one described here.
Intact Trackpad Component
Destroyed Trackpad Component
We have reached out to Apple and Synaptics to ascertain the storage characteristics of their trackpads and the components they use.
The final component is an inverting converter, again used on the Apple MacBook Air systems. The image below to the left depicts a similar model to the one destroyed with the component intact while the image to the right clearly shows the component targeted. Due to the generality of this component, it is difficult to ascertain what role this plays in the overall operation of the device, however we believe this component is similar in function to the chip described here.
Intact Inverting Converter Component Destroyed Inverting Converter Component
We have reached out to Apple to understand the storage characteristics of this component and the role it plays in overall device operation.
We will continue to explore the rest of the chips destroyed by GCHQ. We welcome any thoughts from individuals who have an understanding of these components and what their storage capabilities are, and for what purposes. We hope to achieve some much needed transparency about what our devices do and how the unseen components on the inside might betray our privacy.