By Kim Zetter
A U.S. Navy EP-3E Orion Patrol aircraft assigned to the Fleet Air Reconnaissance Squadron flying over Gibraltar, June 20, 1991.
WHEN CHINA boldly seized a U.S. underwater drone in the South China Sea last December and initially refused to give it back, the incident ignited a weeklong political standoff and conjured memories of a similar event more than 15 years ago.
In April 2001, just months before the 9/11 attacks gripped the nation, a U.S. Navy spy plane flying a routine reconnaissance mission over the South China Sea was struck by a People’s Liberation Army fighter jet that veered aggressively close.
The mid-air collision killed the Chinese pilot, crippled the Navy plane, and forced it to make an emergency landing at a Chinese airfield, touching off a tense international showdown for nearly two weeks while China refused to release the two-dozen American crew members and damaged aircraft.
The sea drone captured in December was a research vessel, not a spy craft, according to the Pentagon, so its seizure didn’t risk compromising secret military technology.
The sea drone captured in December was a research vessel, not a spy craft, according to the Pentagon, so its seizure didn’t risk compromising secret military technology.
That wasn’t the case with the spy plane, which carried a trove of surveillance equipment and classified signals intelligence data.
For more than a decade, U.S. officials have refused to say what secrets China might have gleaned from the plane.
For more than a decade, U.S. officials have refused to say what secrets China might have gleaned from the plane.
Two years after the incident, journalists saw a redacted U.S. military report, which revealed that although crew members had jettisoned documents out an emergency hatch as they flew over the sea and had managed to destroy some signals-collection equipment before the plane fell into the hands of the Chinese, it was “highly probable” China had still obtained classified information from the plane. Attempts by journalists and academics to learn more over the years have been unsuccessful.
But now, a comprehensive Navy-NSA report completed three months after the collision, and included among documents obtained by NSA whistleblower Edward Snowden in 2013, finally reveals extensive details about the incident, the actions crew members took to destroy equipment and data, and the secrets that were exposed to China — which turned out to be substantial though not catastrophic.
The unredacted Navy report, supplemented by a 2001 Congressional Research Service summary of the incident, as well as The Intercept’s interviews with two crew members on board during the collision, presents the most detailed picture yet of the P-3 incident, a critical moment in U.S.-China military relations.
Although the Navy report cites a number of problems with what turned out to be ineffective efforts to destroy classified information, it vindicates the crew as well as pilot and mission commander, Navy Lt. Shane Osborn, who was hounded by critics for years — in and out of the military — who thought he should have ditched the plane and its sensitive equipment in the sea rather than land it in enemy territory.
But now, a comprehensive Navy-NSA report completed three months after the collision, and included among documents obtained by NSA whistleblower Edward Snowden in 2013, finally reveals extensive details about the incident, the actions crew members took to destroy equipment and data, and the secrets that were exposed to China — which turned out to be substantial though not catastrophic.
The unredacted Navy report, supplemented by a 2001 Congressional Research Service summary of the incident, as well as The Intercept’s interviews with two crew members on board during the collision, presents the most detailed picture yet of the P-3 incident, a critical moment in U.S.-China military relations.
Although the Navy report cites a number of problems with what turned out to be ineffective efforts to destroy classified information, it vindicates the crew as well as pilot and mission commander, Navy Lt. Shane Osborn, who was hounded by critics for years — in and out of the military — who thought he should have ditched the plane and its sensitive equipment in the sea rather than land it in enemy territory.
Osborn was awarded the Distinguished Flying Cross for showing “superb airmanship and courage” in stabilizing and landing the damaged aircraft, but in 2014 when he made a failed bid for a U.S. Senate seat in Nebraska, former military personnel popped up in the press again to revive the criticism against him.
“He was flying one of the crown jewels of the reconnaissance force,” Capt. Jan van Tol, a retired Navy officer and senior fellow at the Center for Strategic and Budgetary Assessments, told the Omaha World-Herald.
“He was flying one of the crown jewels of the reconnaissance force,” Capt. Jan van Tol, a retired Navy officer and senior fellow at the Center for Strategic and Budgetary Assessments, told the Omaha World-Herald.
“I think the right answer is he should have ditched it at sea, or taken it anyplace but China.”
Asked whether he stood by that comment today, van Tol told The Intercept that he’s hesitant to question the judgment of a pilot who was on the scene and understood the conditions better than he does, but he still feels Osborn had an obligation to better safeguard the aircraft’s secrets.
“I think there may have been another option [to land in Vietnam],” he said, trying to recall the events in 2001.
“It would have been better to go to Vietnam than China.”
The collision occurred about 70 miles southeast of Hainan Island, where Osborn landed the plane; Vietnam was about 180 miles away.
Asked whether he stood by that comment today, van Tol told The Intercept that he’s hesitant to question the judgment of a pilot who was on the scene and understood the conditions better than he does, but he still feels Osborn had an obligation to better safeguard the aircraft’s secrets.
“I think there may have been another option [to land in Vietnam],” he said, trying to recall the events in 2001.
“It would have been better to go to Vietnam than China.”
The collision occurred about 70 miles southeast of Hainan Island, where Osborn landed the plane; Vietnam was about 180 miles away.
Although the latter wasn’t a great distance, it would have been the less attractive option to the crew, according to Osborn, given the shaky condition of the aircraft and their loss of critical flight instruments and altitude from the collision.
But the investigators who produced the Navy-NSA report didn’t fault the crew for the most part.
In their assessment, they praised Osborn and his flight crew for saving the lives of everyone on board as well as the $80 million aircraft.
And although they found fault with the crew’s demolition efforts and with supervisors onboard who failed to effectively coordinate and communicate with crew members during the incident, they mostly blamed the military for failing to properly prepare officers and crew for such an event.
The 117-page report, prepared by a team of investigators from the Navy and NSA, is based on interviews conducted with the crew right after their release from China and on physical re-enactments of their destruction methods — in some cases recreated with scientific precision — to determine how effective the methods might have been in preventing the Chinese from gleaning secrets.
👁10th Anniversary Edition EP 3 Damage Assessment Redacted117 pages
The report describes the crew’s haphazard and jury-rigged efforts to destroy equipment without proper tools and the woefully inadequate training they received for dealing with a scenario the Navy should have considered inevitable.
Even though several close encounters with Chinese fighter jets had occurred in the region before, procedures for dealing with such a situation were insufficient, and the crew never underwent emergency destruction drills.
As a result, they were left scrambling in the heat of the moment to determine what needed to be destroyed and how to do it.
Although the crew had about 40 minutes between the moment of collision and the landing in China — plenty of time to jettison or destroy all sensitive material, investigators concluded — there “were no readily available means or standard procedures for timely destruction of computers, electronic media, and hardcopy material.”
This deficiency, along with the lack of training, investigators wrote, “was the primary cause of the compromise of classified material.”
Another stumbling block?
The crew hadn’t maintained a comprehensive inventory of classified material on the plane.
This made it difficult for them to ensure that everything got destroyed, and it meant that investigators had to rely on the recollections of crew members about what they had carried on the plane to determine what the Chinese might have seen.
Jeffrey Richelson, author of a number of books on the intelligence community and a senior fellow with the National Security Archive, is one person who has sought for years to uncover more information about the incident.
He told The Intercept that the report adds important context and understanding to the historical record around it, adding that although the aerial confrontation may not have been a seismic event in terms of intelligence losses, it was a significant geopolitical moment in the history of U.S.-China relations.
A key part of understanding this “is [knowing] what was lost and the damage assessment.”
To that end, he said, the report is a “valuable document.”
A U.S. Navy EP-3 surveillance plane operating out of Kadena Air Force Base, Okinawa, Japan, was involved in a midair collision April 1, 2001 with fighter aircraft from the Republic of China.
SINCE THE MID-1940S, the U.S. military has used planes to collect signals intelligence.
The spy plane involved in the 2001 collision was one of 11 such aircraft the U.S. used to fill critical intelligence gaps left by satellites.
Planes offered a number of benefits over satellites for signals collection.
They could be maneuvered more easily to get closer and better signals reception, and their conspicuous presence spurred targeted militaries to react, thereby creating more communications to be intercepted.
The turboprop EP-3E Aries involved in the crash was built by Lockheed Martin and was equipped with receivers, antennas, and special software to capture and process a range of signals.
The spy planes generally carried a crew of linguists, cryptographers, and technicians, and the one flying over the South China Sea that day carried an eighteen-member reconnaissance team from the Navy, Marines, and Air Force, in addition to the six-member flight crew.
The aircraft left Okinawa early in the morning with a mission to monitor Chinese communications as well as radar and weapon-systems signals.
Flight path of the turboprop EP-3E Aries involved in the crash.
It was flying at 22,500 feet along a well-worn surveillance path off Hong Kong’s coast in international airspace.
The crew was five hours into a roughly ten-hour mission when they intercepted messages from China’s nearby Lingshui air base indicating they were about to have company.
About ten minutes later, two Chinese F-8 fighter jets appeared in the sky about a mile away.
The plane was already nearing the end of its outbound leg and preparing to head back to base, so the pilots initiated an early turnaround with the plane in autopilot for the trip home.
One of the fighter jets approached from the rear left and stopped 10 feet away from the spy plane’s wing.
Its pilot, Wang Wei, saluted the American crew, then fell back 100 feet .
The U.S. flew about two hundred reconnaissance missions a year in the region, and this wasn’t the first time PLA pilots, including Wei, had dogged U.S. spy planes.
They usually just approached the American aircraft, reported what they saw to their ground crew, and returned to base.
But recently they had become more aggressive.
On several occasions, PLA pilots had buzzed the spy planes, overtaking them at high speed and sometimes passed beneath them before abruptly pulling up in front at close range.
Wei was particularly aggressive, recalled one crew member who was on the plane but asked to remain anonymous because he’s not authorized to discuss the incident.
“[Wei] was extra crazy. He would get so close to the plane that you could literally jump from one wingtip to another wingtip,” he told The Intercept.
An American crew had captured a picture of Wei flying dangerously close on a previous occasion.
In the image, he was holding up a piece of paper to the American crew displaying his e-mail address on it.
The U.S. had complained to Beijing in December and January, warning that the antics were a danger to both American and Chinese crews.
But China said the U.S. was encroaching its sovereign airspace.
Chinese pilot Wang Wei stands in the cockpit of a jet. After a collision with a U.S. Navy surveillance plane on April 1, 2001 Chinese officials reported that Wang parachuted out of his F-8 fighter over the South China Sea and is presumed dead.
On April 1, Wei was at it again.
After his initial approach, he advanced on the EP-3E a second time, this time stopping just five feet short of the spy plane and mouthed something to the American crew before falling back again.
Then he tried a third time.
On this approach, however, he maneuvered too close to the plane and got sucked in by one of the EP-3E’s propellers.
The collision sliced the F-8 in half.
Shrapnel from the F-8 flew through the spy plane’s fuselage and into the nose cone, shearing it off, and damaged the spy plane’s radome — a dome that protects radar equipment — two propellers, and an engine.
The Chinese fighter jet plummeted into the sea, and the spy plane rolled upside down and immediately depressurized, creating chaos inside.
“I think they keep the cabin pressured at 7,000 feet, and you go from 7,000 to 30,000 instantaneously,” said the crew member, describing the shock.The plane plunged 14,000 feet while shaking violently.
“We’re falling like a rock and … everyone thought we were going to die,” he recalled.
As Osborn, the pilot, tried to regain control of the aircraft, he ordered everyone to prepare to bail. With wind roaring inside the cabin, warning lights flashing, and the plane plummeting, crew members struggled to communicate over the noise while donning parachutes, survival vests, and helmets.
They were lined up and ready to jump into the sea, the crew member said, when Osborn managed to stabilize the plane and ordered the crew to prepare to land in the water.
But then Osborn changed his mind.
“If I would have put it in the water, it would have killed us all,” he told The Intercept.
“I had no flaps [to slow the plane], instruments were out, and I was overweight for a normal landing by 30,000 pounds [due to the fuel]. The airplane was coming apart. Once I thought the airplane could make it [to nearby land], that was what we needed to do.”
The only option, given that it wasn’t clear how long the plane would hold, was the PLA’s nearby Lingshui air base on Hainan Island.
Aircrew of the US EP-3 line-up along a red brick walkway upon arrival 12 April 2001 at Hickam Air Force Base in Hawaii.
THE DESTRUCTION EFFORTS began once Osborn made the decision to land the plane, said the crew member.
This meant the crew had about 20 minutes remaining to accomplish everything they needed before they were on the ground.
The only problem was, they didn’t have a clue what they needed to do.
It wasn’t the first time cryptologic sources and methods were at risk of compromise.
In 1968, North Korea captured the USS Pueblo and acquired a large inventory of highly sensitive intelligence materials from the ship.
Since then, crews were supposed to be trained in emergency destruction procedures.
But that didn’t happen with the EP-3E crew.
Only one member of the crew had ever participated in an in-flight emergency destruction drill.
A typical CMS, or COMSEC, box like the one on the EP-3E Aries that contained cryptographic keying material.
An emergency action plan for landing in hostile territory directed crews to shred or jettison sensitive material and to destroy equipment with an ax.
But it didn’t describe how they should do this.
As a result, the crew didn’t know hard drives should be destroyed in a special manner to prevent data recovery.
“We trained parachute drills about a million times. We had fire drills. But we never practiced emergency destruction procedures for classified data,” the crew member said.
“We were totally underprepared for it.”
Because the crew didn’t have a shredder onboard, they tore paper materials by hand and scattered the pieces throughout the plane, hoping the Chinese wouldn’t be able to reconstitute them.
They also took cassette tapes containing intercepted data and stretched them until they tore.
The plane did have a fire ax for breaking through the bulkhead in an emergency evacuation, but the blade was too dull and the handle too short to be wielded effectively for destroying equipment. Instead the crew improvised by dropping laptops on the floor, stomping on them, bashing them against a desk, and bending them across a chair — all methods that would have been insufficient to ensure the Chinese could not recover data from them.
“I was bashing in computer screens. People were ripping wires out of the wall,” the crew member said.
“By the time we landed, the plane was in total disrepair. We had screwed up the inside of that plane as much as we could.”
A laptop destroyed by the crew of the EP-3E Aries.
The crew member said someone handed him a “super heavy” briefcase containing classified material and told him to destroy everything in sight with it.
Based on a description in the Navy-NSA report, the briefcase was likely an aluminum CMS, or COMSEC box, which contained cryptographic keying material the plane’s navigator had stuffed into it before passing it to the crew member.
While using it to bash equipment, the report notes, the box sprung open, scattering its classified contents around the plane.
The crew managed to jettison some cryptographic keying material, as well as codebooks and two laptops out the emergency hatch.
But 16 cryptographic keys, other codebooks and laptops, and a large computer for processing signals intelligence remained on board.
As for the signals collection equipment, they destroyed the display terminals and controls but not the tuners and signals-processors, the most critical parts of the systems.
The plane also had a number of cryptographic voice and data devices onboard — for securing communication and data transmissions between the plane and home base — that didn’t get destroyed, although the crew managed to zero-out the memory on them.
The crew did have one bit of luck on their side.
Although other planes in the military’s spy fleet had recently undergone a major surveillance equipment upgrade, according to Osborn, their plane was still two weeks away from getting one. “The equipment we had on that plane was old and outdated and a lot of it didn’t work properly,” he said.
As the crew did their best to destroy the material, Osborn prepared to land on Hainan Island. Although the U.S. had an agreement with Moscow about what American crews should do if they had to make an emergency detour into Russian territory — including which radio frequencies and call signs to use — there was no agreement or guidance for China, investigators noted in the report.
As a result, the pilot sent out a series of Mayday calls on an international distress frequency instead of the frequency the PLA used, and got no response.
Osborn landed the plane at Lingshui anyway.
Military trucks met the spy plane on the ground, and steered it to the runway’s end where two-dozen Chinese soldiers surrounded the plane.
Osborn kept the engines running while the crew dashed off one last message to the Pacific Reconnaissance Operations Center: They had landed safely.
Then the crew zeroed-out the radio’s encryption device and exited the plane.
The emergency landing touched off a flurry of diplomacy to secure release of the crew and plane. Osborn said he and other members of the flight crew were interrogated daily, and the Chinese told Osborn that they’d be thrown into prison indefinitely if he didn’t allow the reconnaissance crew to be questioned as well.
They eventually were questioned, but all refused to supply the Chinese with any substantial information, Osborn notes.
After eleven days and extensive pressure from the U.S., China released the crew.
China also agreed to return the plane, but only on condition that it was dismantled first.
Lockheed Martin sent technicians to separate the tail, engines, and wings from the fuselage and flew the pieces via cargo plane to an air base in Georgia.
There, investigators began the process of determining what intelligence might have been lost.
INVESTIGATORS UNCOVERED a lot of surprises during their analysis of the incident.
They found, for example, that the crew had a lot of unnecessary classified data onboard, which was needlessly put at risk of compromise.
They had, for example, entire codebooks as well as nearly a month’s worth of top-secret keying material — which the military used to secure its communications — that wasn’t going to be put in use until well after their flight mission ended.
The exposure wasn’t detrimental since the military changed its keys daily and within 15 hours after the spy plane landed in China, authorities had retired all of that day’s keys and replaced them with new ones.
But a worldwide key the military used to authenticate GPS data had 250,000 users worldwide, and they all had to be notified before the key could be replaced — this took nearly two weeks.
The concern about the exposed crypto material wasn’t that China could use the keys to decrypt that day’s U.S. communications, but that it provided insight into U.S. cryptologic methods.
The U.S. used “high quality randomization and strong fail-safe designs” in its keying material and crypto devices, the investigators noted.
If China studied the material to incorporate similar designs into its own systems, it would make it harder for the U.S. to analyze PRC communications in the future.
But the excess crypto keys weren’t the only unnecessary data on the plane.
The crew also had the names of intelligence personnel — U.S. and foreign partners — who weren’t on the plane, including several dozen employees of the NSA and NSGA Misawa.
The data included names, addresses, social security numbers, and a description of official duties for U.S. personnel.
The exposure, investigators worried, could have an adverse impact on future assignments and travel plans for affected personnel.
In addition to this, the crew had a manual onboard that provided a comprehensive overview of how the U.S. exploits signals and nearly two dozen U.S. Signals Intelligence Directives, or excerpts of these directives, many of which weren’t critical to the crew’s mission.
Issued by the NSA director, the directives lay out policy for SIGINT activities, and some of these included detailed instructions for collecting, processing, and distributing intercepts.
Three of the directives were particularly sensitive.
They included special procedures for signals-recognition and reporting; specific targets of interest for signals collection in China, North Korea, the Philippines, Cambodia, Vietnam and Thailand; as well as information that China could have used to inject false data into intercepts.
As for materials and equipment that were critical to the crew’s mission, the plane had six carry-on computers, two of which were the most sensitive systems onboard.
They contained a suite of software tools for collecting, analyzing, and processing communications intelligence, foreign instrumentation signals, and electronic intelligence signals.
All of the data and software on these systems was compromised.
One of the systems was used for processing what are known as PROFORMA communications.
These are communications between command-and-control centers and radar systems, weapon systems, surface-to-air missiles, anti-aircraft artillery, and fighter aircraft.
The computer contained detailed information for processing more than two-dozen PROFORMA communications for North Korea, Russia, Vietnam, China, and U.S. allies.
Investigators worried the information would lead China to alter its communication methods to prevent future U.S. collection of PROFORMA communications, or help China collect and process the communications of other countries — including allies — if it wasn’t already doing so.
China could also share the information with North Korea, Cuba, and Russia to help them do the same.
This wasn’t the only sensitive information about U.S. allies that was exposed.
The plane also had information about the emitter parameters for allied weapon systems, and the names and locations of radar sites around the world and the radar systems installed at each — information China could use to exploit the systems.
But the information the investigators considered the most sensitive on the plane were the tasking instructions for collecting data from China.
These revealed information such as what data the U.S. was interested in collecting and the frequencies and call signs China used for its data.
The investigators deemed this a serious compromise, since it could prompt China to alter its methods. And in one of the systems for collecting communications, the crew had also inadvertently left behind a tape that contained 45 minutes of encrypted and decrypted Chinese naval communications.
Jason Healey, a former signals intelligence officer who worked with reconnaissance aircraft in the Air Force and is now a senior research scholar at Columbia University’s School of International and Public Affairs, said this could have helped the Chinese understand U.S. decryption capabilities.
“If it’s got both encrypted and plaintext or decrypted [intercepts], it could hint how we go through the decryption process, and that would be very useful to their cryptographers to not just know that we can break it, but how we implement that in software,” he told The Intercept.
Another important secret exposed by data on the plane was the fact that the U.S. had the ability to locate and collect signal transmissions associated with Chinese submarines, and correlate them to specific vessels using direction-finding capabilities.
“Although the PRC probably believed that the U.S. possessed this information it was probably not aware that the information could be derived from SIGINT collection and analysis,” the investigators wrote.
The data also exposed how much the U.S. knew about China’s submarine-launched ballistic missiles program, including its organization, missile-testing operations and communications.
The Lockheed Martin Aeronautics Company’s recovery team removed the four propeller-engine assemblies from the EP-3 at China’s Lingshui air base, on Saturday June 23, 2001.
DESPITE THE WEALTH of data and equipment that was exposed in the incident, the investigators ultimately concluded that the intelligence losses were not catastrophic.
Instead, they deemed the losses medium-to-low in severity.
But there was one caveat: without a complete inventory of all the classified data that was on the plane and potentially exposed to China, their assessment was inevitably incomplete.
But with regard to the secrets they knew were on the plane and exposed, they concluded that these wouldn’t help China better exploit U.S. encryption systems, though they could help it develop countermeasures to hinder U.S. surveillance by copying tradecraft the U.S. used to secure its own communication.
Investigators worried, for example, that China might now augment its encryption or switch from “over-the-air transmissions to landline transmissions, or to more advanced radio communications techniques, such as frequency hopping.”
The last time China had altered its communication methods had been in the 1980s, the investigators wrote, and it had taken the NSA months to re-establish collection and analysis capabilities and the recovery was “still incomplete” in 2001 they noted.
Luckily, at the time the report was written, three months after the collision, the U.S. had not yet detected any alterations in China’s communication habits or methods.
But investigators cautioned this could change in subsequent months and years.
They didn’t seem too worried about it, however; they were confident that if China did employ new countermeasures, the U.S. could overcome them with a little work.
Healey said he was not surprised by the overall assessment of the intelligence losses, since he doesn’t think China learned very much it didn’t already know about what the planes were collecting.
“I’m sure it would have been good for [China] to understand overall capabilities of the aircraft,” he said, “but the nature of most of the intelligence these aircraft would have been collecting would not have been a windfall for the Chinese or their Russian friends.”
Richelson agreed, and said the only real concern was whether China altered its communication methods months after the report was written.
“There are worst-case fears of what a compromise might bring, and then the actual reality of what it does bring in the future,” he noted.
“You can’t judge that a month after the compromise.”
It’s possible the assessment of the investigators did later change.
In 2010, journalist Seymour Hersh published an article in the New Yorker asserting that the U.S. didn’t fully realize the extent of the intelligence losses from the EP-3E incident until late 2008.
He writes that shortly after Barack Obama was elected president that year, the NSA picked up a barrage of intercepts from the Chinese that were intercepts of U.S. communications.
“The intercepts included details of planned American naval movements,” Hersh wrote and said U.S. officials believed the Chinese wanted the U.S. to pick up the intercepts as a way to boast to the U.S. that it had the ability to decipher U.S. signals.
However, Hersh did not specify why anyone believed this was connected to the EP-3E intelligence losses.
The NSA declined to comment on any aspect of the Navy-NSA report obtained by Snowden or the intelligence losses revealed in it.
In the end, there was at least one positive outcome from the EP-3E incident.
The military implemented a number of measures to better protect data and equipment on spy planes and to improve crew training.
But it only recently addressed another issue around the incident — the lack of an agreement with China about how to handle aircraft interactions in the region.
It took until November 2014 for the U.S. and China to finally adopt a memorandum to regulate the “safety of air and maritime encounters,” after a dangerous near-miss event occurred in August that year between a Chinese fighter jet and a U.S. Navy P-8 anti-submarine warfare aircraft.
Whether that agreement will prevent future collisions is unclear.
In May 2016, another close encounter occurred between China and the U.S. when two Chinese J-11 tactical planes flew dangerously close to an EP-3E.
Officials said this was an anomaly, however, and that encounters in the region had become safer in the wake of the 2014 agreement.
Their concern, they noted, was now focussed on a different problem area — Russian planes buzzing U.S. ships and planes in the Baltic and Black Sea regions.
But the investigators who produced the Navy-NSA report didn’t fault the crew for the most part.
In their assessment, they praised Osborn and his flight crew for saving the lives of everyone on board as well as the $80 million aircraft.
And although they found fault with the crew’s demolition efforts and with supervisors onboard who failed to effectively coordinate and communicate with crew members during the incident, they mostly blamed the military for failing to properly prepare officers and crew for such an event.
The 117-page report, prepared by a team of investigators from the Navy and NSA, is based on interviews conducted with the crew right after their release from China and on physical re-enactments of their destruction methods — in some cases recreated with scientific precision — to determine how effective the methods might have been in preventing the Chinese from gleaning secrets.
👁10th Anniversary Edition EP 3 Damage Assessment Redacted117 pages
The report describes the crew’s haphazard and jury-rigged efforts to destroy equipment without proper tools and the woefully inadequate training they received for dealing with a scenario the Navy should have considered inevitable.
Even though several close encounters with Chinese fighter jets had occurred in the region before, procedures for dealing with such a situation were insufficient, and the crew never underwent emergency destruction drills.
As a result, they were left scrambling in the heat of the moment to determine what needed to be destroyed and how to do it.
Although the crew had about 40 minutes between the moment of collision and the landing in China — plenty of time to jettison or destroy all sensitive material, investigators concluded — there “were no readily available means or standard procedures for timely destruction of computers, electronic media, and hardcopy material.”
This deficiency, along with the lack of training, investigators wrote, “was the primary cause of the compromise of classified material.”
Another stumbling block?
The crew hadn’t maintained a comprehensive inventory of classified material on the plane.
This made it difficult for them to ensure that everything got destroyed, and it meant that investigators had to rely on the recollections of crew members about what they had carried on the plane to determine what the Chinese might have seen.
Jeffrey Richelson, author of a number of books on the intelligence community and a senior fellow with the National Security Archive, is one person who has sought for years to uncover more information about the incident.
He told The Intercept that the report adds important context and understanding to the historical record around it, adding that although the aerial confrontation may not have been a seismic event in terms of intelligence losses, it was a significant geopolitical moment in the history of U.S.-China relations.
A key part of understanding this “is [knowing] what was lost and the damage assessment.”
To that end, he said, the report is a “valuable document.”
A U.S. Navy EP-3 surveillance plane operating out of Kadena Air Force Base, Okinawa, Japan, was involved in a midair collision April 1, 2001 with fighter aircraft from the Republic of China.
SINCE THE MID-1940S, the U.S. military has used planes to collect signals intelligence.
The spy plane involved in the 2001 collision was one of 11 such aircraft the U.S. used to fill critical intelligence gaps left by satellites.
Planes offered a number of benefits over satellites for signals collection.
They could be maneuvered more easily to get closer and better signals reception, and their conspicuous presence spurred targeted militaries to react, thereby creating more communications to be intercepted.
The turboprop EP-3E Aries involved in the crash was built by Lockheed Martin and was equipped with receivers, antennas, and special software to capture and process a range of signals.
The spy planes generally carried a crew of linguists, cryptographers, and technicians, and the one flying over the South China Sea that day carried an eighteen-member reconnaissance team from the Navy, Marines, and Air Force, in addition to the six-member flight crew.
The aircraft left Okinawa early in the morning with a mission to monitor Chinese communications as well as radar and weapon-systems signals.
Flight path of the turboprop EP-3E Aries involved in the crash.
It was flying at 22,500 feet along a well-worn surveillance path off Hong Kong’s coast in international airspace.
The crew was five hours into a roughly ten-hour mission when they intercepted messages from China’s nearby Lingshui air base indicating they were about to have company.
About ten minutes later, two Chinese F-8 fighter jets appeared in the sky about a mile away.
The plane was already nearing the end of its outbound leg and preparing to head back to base, so the pilots initiated an early turnaround with the plane in autopilot for the trip home.
One of the fighter jets approached from the rear left and stopped 10 feet away from the spy plane’s wing.
Its pilot, Wang Wei, saluted the American crew, then fell back 100 feet .
The U.S. flew about two hundred reconnaissance missions a year in the region, and this wasn’t the first time PLA pilots, including Wei, had dogged U.S. spy planes.
They usually just approached the American aircraft, reported what they saw to their ground crew, and returned to base.
But recently they had become more aggressive.
On several occasions, PLA pilots had buzzed the spy planes, overtaking them at high speed and sometimes passed beneath them before abruptly pulling up in front at close range.
Wei was particularly aggressive, recalled one crew member who was on the plane but asked to remain anonymous because he’s not authorized to discuss the incident.
“[Wei] was extra crazy. He would get so close to the plane that you could literally jump from one wingtip to another wingtip,” he told The Intercept.
An American crew had captured a picture of Wei flying dangerously close on a previous occasion.
In the image, he was holding up a piece of paper to the American crew displaying his e-mail address on it.
The U.S. had complained to Beijing in December and January, warning that the antics were a danger to both American and Chinese crews.
But China said the U.S. was encroaching its sovereign airspace.
Chinese pilot Wang Wei stands in the cockpit of a jet. After a collision with a U.S. Navy surveillance plane on April 1, 2001 Chinese officials reported that Wang parachuted out of his F-8 fighter over the South China Sea and is presumed dead.
On April 1, Wei was at it again.
After his initial approach, he advanced on the EP-3E a second time, this time stopping just five feet short of the spy plane and mouthed something to the American crew before falling back again.
Then he tried a third time.
On this approach, however, he maneuvered too close to the plane and got sucked in by one of the EP-3E’s propellers.
The collision sliced the F-8 in half.
Shrapnel from the F-8 flew through the spy plane’s fuselage and into the nose cone, shearing it off, and damaged the spy plane’s radome — a dome that protects radar equipment — two propellers, and an engine.
The Chinese fighter jet plummeted into the sea, and the spy plane rolled upside down and immediately depressurized, creating chaos inside.
“I think they keep the cabin pressured at 7,000 feet, and you go from 7,000 to 30,000 instantaneously,” said the crew member, describing the shock.The plane plunged 14,000 feet while shaking violently.
“We’re falling like a rock and … everyone thought we were going to die,” he recalled.
As Osborn, the pilot, tried to regain control of the aircraft, he ordered everyone to prepare to bail. With wind roaring inside the cabin, warning lights flashing, and the plane plummeting, crew members struggled to communicate over the noise while donning parachutes, survival vests, and helmets.
They were lined up and ready to jump into the sea, the crew member said, when Osborn managed to stabilize the plane and ordered the crew to prepare to land in the water.
But then Osborn changed his mind.
“If I would have put it in the water, it would have killed us all,” he told The Intercept.
“I had no flaps [to slow the plane], instruments were out, and I was overweight for a normal landing by 30,000 pounds [due to the fuel]. The airplane was coming apart. Once I thought the airplane could make it [to nearby land], that was what we needed to do.”
The only option, given that it wasn’t clear how long the plane would hold, was the PLA’s nearby Lingshui air base on Hainan Island.
Aircrew of the US EP-3 line-up along a red brick walkway upon arrival 12 April 2001 at Hickam Air Force Base in Hawaii.
THE DESTRUCTION EFFORTS began once Osborn made the decision to land the plane, said the crew member.
This meant the crew had about 20 minutes remaining to accomplish everything they needed before they were on the ground.
The only problem was, they didn’t have a clue what they needed to do.
It wasn’t the first time cryptologic sources and methods were at risk of compromise.
In 1968, North Korea captured the USS Pueblo and acquired a large inventory of highly sensitive intelligence materials from the ship.
Since then, crews were supposed to be trained in emergency destruction procedures.
But that didn’t happen with the EP-3E crew.
Only one member of the crew had ever participated in an in-flight emergency destruction drill.
A typical CMS, or COMSEC, box like the one on the EP-3E Aries that contained cryptographic keying material.
An emergency action plan for landing in hostile territory directed crews to shred or jettison sensitive material and to destroy equipment with an ax.
But it didn’t describe how they should do this.
As a result, the crew didn’t know hard drives should be destroyed in a special manner to prevent data recovery.
“We trained parachute drills about a million times. We had fire drills. But we never practiced emergency destruction procedures for classified data,” the crew member said.
“We were totally underprepared for it.”
Because the crew didn’t have a shredder onboard, they tore paper materials by hand and scattered the pieces throughout the plane, hoping the Chinese wouldn’t be able to reconstitute them.
They also took cassette tapes containing intercepted data and stretched them until they tore.
The plane did have a fire ax for breaking through the bulkhead in an emergency evacuation, but the blade was too dull and the handle too short to be wielded effectively for destroying equipment. Instead the crew improvised by dropping laptops on the floor, stomping on them, bashing them against a desk, and bending them across a chair — all methods that would have been insufficient to ensure the Chinese could not recover data from them.
“I was bashing in computer screens. People were ripping wires out of the wall,” the crew member said.
“By the time we landed, the plane was in total disrepair. We had screwed up the inside of that plane as much as we could.”
A laptop destroyed by the crew of the EP-3E Aries.
The crew member said someone handed him a “super heavy” briefcase containing classified material and told him to destroy everything in sight with it.
Based on a description in the Navy-NSA report, the briefcase was likely an aluminum CMS, or COMSEC box, which contained cryptographic keying material the plane’s navigator had stuffed into it before passing it to the crew member.
While using it to bash equipment, the report notes, the box sprung open, scattering its classified contents around the plane.
The crew managed to jettison some cryptographic keying material, as well as codebooks and two laptops out the emergency hatch.
But 16 cryptographic keys, other codebooks and laptops, and a large computer for processing signals intelligence remained on board.
As for the signals collection equipment, they destroyed the display terminals and controls but not the tuners and signals-processors, the most critical parts of the systems.
The plane also had a number of cryptographic voice and data devices onboard — for securing communication and data transmissions between the plane and home base — that didn’t get destroyed, although the crew managed to zero-out the memory on them.
The crew did have one bit of luck on their side.
Although other planes in the military’s spy fleet had recently undergone a major surveillance equipment upgrade, according to Osborn, their plane was still two weeks away from getting one. “The equipment we had on that plane was old and outdated and a lot of it didn’t work properly,” he said.
As the crew did their best to destroy the material, Osborn prepared to land on Hainan Island. Although the U.S. had an agreement with Moscow about what American crews should do if they had to make an emergency detour into Russian territory — including which radio frequencies and call signs to use — there was no agreement or guidance for China, investigators noted in the report.
As a result, the pilot sent out a series of Mayday calls on an international distress frequency instead of the frequency the PLA used, and got no response.
Osborn landed the plane at Lingshui anyway.
Military trucks met the spy plane on the ground, and steered it to the runway’s end where two-dozen Chinese soldiers surrounded the plane.
Osborn kept the engines running while the crew dashed off one last message to the Pacific Reconnaissance Operations Center: They had landed safely.
Then the crew zeroed-out the radio’s encryption device and exited the plane.
The emergency landing touched off a flurry of diplomacy to secure release of the crew and plane. Osborn said he and other members of the flight crew were interrogated daily, and the Chinese told Osborn that they’d be thrown into prison indefinitely if he didn’t allow the reconnaissance crew to be questioned as well.
They eventually were questioned, but all refused to supply the Chinese with any substantial information, Osborn notes.
After eleven days and extensive pressure from the U.S., China released the crew.
China also agreed to return the plane, but only on condition that it was dismantled first.
Lockheed Martin sent technicians to separate the tail, engines, and wings from the fuselage and flew the pieces via cargo plane to an air base in Georgia.
There, investigators began the process of determining what intelligence might have been lost.
INVESTIGATORS UNCOVERED a lot of surprises during their analysis of the incident.
They found, for example, that the crew had a lot of unnecessary classified data onboard, which was needlessly put at risk of compromise.
They had, for example, entire codebooks as well as nearly a month’s worth of top-secret keying material — which the military used to secure its communications — that wasn’t going to be put in use until well after their flight mission ended.
The exposure wasn’t detrimental since the military changed its keys daily and within 15 hours after the spy plane landed in China, authorities had retired all of that day’s keys and replaced them with new ones.
But a worldwide key the military used to authenticate GPS data had 250,000 users worldwide, and they all had to be notified before the key could be replaced — this took nearly two weeks.
The concern about the exposed crypto material wasn’t that China could use the keys to decrypt that day’s U.S. communications, but that it provided insight into U.S. cryptologic methods.
The U.S. used “high quality randomization and strong fail-safe designs” in its keying material and crypto devices, the investigators noted.
If China studied the material to incorporate similar designs into its own systems, it would make it harder for the U.S. to analyze PRC communications in the future.
But the excess crypto keys weren’t the only unnecessary data on the plane.
The crew also had the names of intelligence personnel — U.S. and foreign partners — who weren’t on the plane, including several dozen employees of the NSA and NSGA Misawa.
The data included names, addresses, social security numbers, and a description of official duties for U.S. personnel.
The exposure, investigators worried, could have an adverse impact on future assignments and travel plans for affected personnel.
In addition to this, the crew had a manual onboard that provided a comprehensive overview of how the U.S. exploits signals and nearly two dozen U.S. Signals Intelligence Directives, or excerpts of these directives, many of which weren’t critical to the crew’s mission.
Issued by the NSA director, the directives lay out policy for SIGINT activities, and some of these included detailed instructions for collecting, processing, and distributing intercepts.
Three of the directives were particularly sensitive.
They included special procedures for signals-recognition and reporting; specific targets of interest for signals collection in China, North Korea, the Philippines, Cambodia, Vietnam and Thailand; as well as information that China could have used to inject false data into intercepts.
As for materials and equipment that were critical to the crew’s mission, the plane had six carry-on computers, two of which were the most sensitive systems onboard.
They contained a suite of software tools for collecting, analyzing, and processing communications intelligence, foreign instrumentation signals, and electronic intelligence signals.
All of the data and software on these systems was compromised.
One of the systems was used for processing what are known as PROFORMA communications.
These are communications between command-and-control centers and radar systems, weapon systems, surface-to-air missiles, anti-aircraft artillery, and fighter aircraft.
The computer contained detailed information for processing more than two-dozen PROFORMA communications for North Korea, Russia, Vietnam, China, and U.S. allies.
Investigators worried the information would lead China to alter its communication methods to prevent future U.S. collection of PROFORMA communications, or help China collect and process the communications of other countries — including allies — if it wasn’t already doing so.
China could also share the information with North Korea, Cuba, and Russia to help them do the same.
This wasn’t the only sensitive information about U.S. allies that was exposed.
The plane also had information about the emitter parameters for allied weapon systems, and the names and locations of radar sites around the world and the radar systems installed at each — information China could use to exploit the systems.
But the information the investigators considered the most sensitive on the plane were the tasking instructions for collecting data from China.
These revealed information such as what data the U.S. was interested in collecting and the frequencies and call signs China used for its data.
The investigators deemed this a serious compromise, since it could prompt China to alter its methods. And in one of the systems for collecting communications, the crew had also inadvertently left behind a tape that contained 45 minutes of encrypted and decrypted Chinese naval communications.
Jason Healey, a former signals intelligence officer who worked with reconnaissance aircraft in the Air Force and is now a senior research scholar at Columbia University’s School of International and Public Affairs, said this could have helped the Chinese understand U.S. decryption capabilities.
“If it’s got both encrypted and plaintext or decrypted [intercepts], it could hint how we go through the decryption process, and that would be very useful to their cryptographers to not just know that we can break it, but how we implement that in software,” he told The Intercept.
Another important secret exposed by data on the plane was the fact that the U.S. had the ability to locate and collect signal transmissions associated with Chinese submarines, and correlate them to specific vessels using direction-finding capabilities.
“Although the PRC probably believed that the U.S. possessed this information it was probably not aware that the information could be derived from SIGINT collection and analysis,” the investigators wrote.
The data also exposed how much the U.S. knew about China’s submarine-launched ballistic missiles program, including its organization, missile-testing operations and communications.
The Lockheed Martin Aeronautics Company’s recovery team removed the four propeller-engine assemblies from the EP-3 at China’s Lingshui air base, on Saturday June 23, 2001.
DESPITE THE WEALTH of data and equipment that was exposed in the incident, the investigators ultimately concluded that the intelligence losses were not catastrophic.
Instead, they deemed the losses medium-to-low in severity.
But there was one caveat: without a complete inventory of all the classified data that was on the plane and potentially exposed to China, their assessment was inevitably incomplete.
But with regard to the secrets they knew were on the plane and exposed, they concluded that these wouldn’t help China better exploit U.S. encryption systems, though they could help it develop countermeasures to hinder U.S. surveillance by copying tradecraft the U.S. used to secure its own communication.
Investigators worried, for example, that China might now augment its encryption or switch from “over-the-air transmissions to landline transmissions, or to more advanced radio communications techniques, such as frequency hopping.”
The last time China had altered its communication methods had been in the 1980s, the investigators wrote, and it had taken the NSA months to re-establish collection and analysis capabilities and the recovery was “still incomplete” in 2001 they noted.
Luckily, at the time the report was written, three months after the collision, the U.S. had not yet detected any alterations in China’s communication habits or methods.
But investigators cautioned this could change in subsequent months and years.
They didn’t seem too worried about it, however; they were confident that if China did employ new countermeasures, the U.S. could overcome them with a little work.
Healey said he was not surprised by the overall assessment of the intelligence losses, since he doesn’t think China learned very much it didn’t already know about what the planes were collecting.
“I’m sure it would have been good for [China] to understand overall capabilities of the aircraft,” he said, “but the nature of most of the intelligence these aircraft would have been collecting would not have been a windfall for the Chinese or their Russian friends.”
Richelson agreed, and said the only real concern was whether China altered its communication methods months after the report was written.
“There are worst-case fears of what a compromise might bring, and then the actual reality of what it does bring in the future,” he noted.
“You can’t judge that a month after the compromise.”
It’s possible the assessment of the investigators did later change.
In 2010, journalist Seymour Hersh published an article in the New Yorker asserting that the U.S. didn’t fully realize the extent of the intelligence losses from the EP-3E incident until late 2008.
He writes that shortly after Barack Obama was elected president that year, the NSA picked up a barrage of intercepts from the Chinese that were intercepts of U.S. communications.
“The intercepts included details of planned American naval movements,” Hersh wrote and said U.S. officials believed the Chinese wanted the U.S. to pick up the intercepts as a way to boast to the U.S. that it had the ability to decipher U.S. signals.
However, Hersh did not specify why anyone believed this was connected to the EP-3E intelligence losses.
The NSA declined to comment on any aspect of the Navy-NSA report obtained by Snowden or the intelligence losses revealed in it.
In the end, there was at least one positive outcome from the EP-3E incident.
The military implemented a number of measures to better protect data and equipment on spy planes and to improve crew training.
But it only recently addressed another issue around the incident — the lack of an agreement with China about how to handle aircraft interactions in the region.
It took until November 2014 for the U.S. and China to finally adopt a memorandum to regulate the “safety of air and maritime encounters,” after a dangerous near-miss event occurred in August that year between a Chinese fighter jet and a U.S. Navy P-8 anti-submarine warfare aircraft.
Whether that agreement will prevent future collisions is unclear.
In May 2016, another close encounter occurred between China and the U.S. when two Chinese J-11 tactical planes flew dangerously close to an EP-3E.
Officials said this was an anomaly, however, and that encounters in the region had become safer in the wake of the 2014 agreement.
Their concern, they noted, was now focussed on a different problem area — Russian planes buzzing U.S. ships and planes in the Baltic and Black Sea regions.
Aucun commentaire:
Enregistrer un commentaire