The combination of deduplication and constant improvements in storage technology allowed the agency to store intelligence data for progressively longer periods of time. Just over the course of my career, the agency’s goal went from being able to store intelligence for days, to weeks, to months, to five years or more after its collection. By the time of this book’s publication, the agency might already be able to store it for decades. The NSA’s conventional wisdom was that there was no point in collecting anything unless they could store it until it was useful, and there was no way to predict when exactly that would be. This rationalization was fuel for the agency’s ultimate dream, which is permanency—to store all of the files it has ever collected or produced for perpetuity, and so create a perfect memory. The permanent record.
The NSA has a whole protocol you’re supposed to follow when you give a program a code name. It’s basically an I Ching–like stochastic procedure that randomly picks words from two columns. An internal website throws imaginary dice to pick one name from column A, and throws again to pick one name from column B. This is how you end up with names that don’t mean anything, like FOXACID and EGOTISTICALGIRAFFE. The point of a code name is that it’s not supposed to refer to what the program does. (As has been reported, FOXACID was the code name for NSA servers that host malware versions of familiar websites; EGOTISTICALGIRAFFE was an NSA program intended to exploit a vulnerability in certain Web browsers running Tor, since they couldn’t break Tor itself.) But agents at the NSA were so confident of their power and the agency’s absolute invulnerability that they rarely complied with the regulations. In short, they’d cheat and redo their dice throws until they got the name combination they wanted, whatever they thought was cool: TRAFFICTHIEF, the VPN Attack Orchestrator.
I swear I never did that when I went about finding a name for my backup system. I swear that I just rolled the bones and came up with EPICSHELTER.
Later, once the agency adopted the system, they renamed it something like the Storage Modernization Plan or Storage Modernization Program. Within two years of the invention of EPICSHELTER, a variant had been implemented and was in standard use under yet another name.
* * *
THE MATERIAL THAT I disseminated to journalists in 2013 documented such an array of abuses by the NSA, accomplished through such a diversity of technological capabilities, that no one agent in the daily discharge of their responsibilities was ever in the position to know about all of them—not even a systems administrator. To find out about even a fraction of the malfeasance, you had to go searching. And to go searching, you had to know that it existed.
It was something as banal as a conference that first clued me in to that existence, sparking my initial suspicion about the full scope of what the NSA was perpetrating.
In the midst of my EPICSHELTER work, the PTC hosted a conference on China sponsored by the Joint Counterintelligence Training Academy (JCITA) for the Defense Intelligence Agency (DIA), an agency connected to the Department of Defense that specializes in spying on foreign militaries and foreign military–related matters. This conference featured briefings given by experts from all the intelligence components, the NSA, CIA, FBI, and military, about how the Chinese intelligence services were targeting the IC and what the IC could do to cause them trouble. Though China certainly interested me, this wasn’t the kind of work I would ordinarily have been involved in, so I didn’t pay the conference much mind until it was announced that the only technology briefer was unable to attend at the last minute. I’m not sure what the reason was for that absence—maybe flu, maybe kismet—but the course chair for the conference asked if there was anyone at the PTC who might be able to step in as a replacement, since it was too late to reschedule. One of the chiefs mentioned my name, and when I was asked if I wanted to give it a shot, I said yes. I liked my boss, and wanted to help him out. Also, I was curious, and relished the opportunity to do something that wasn’t about data deduplication for a change.
My boss was thrilled. Then he told me the catch: the briefing was the next day.
I called Lindsay and told her I wouldn’t be home. I was going to be up all night preparing the presentation, whose nominal topic was the intersection between a very old discipline, counterintelligence, and a very new discipline, cyberintelligence, coming together to try to exploit and thwart the adversary’s attempts to use the Internet to gather surveillance. I started pulling everything off the NSA network (and off the CIA network, to which I still had access), trying to read every top secret report I could find about what the Chinese were doing online. Specifically, I read up on so-called intrusion sets, which are bundles of data about particular types of attacks, tools, and targets. IC analysts used these intrusion sets to identify specific Chinese military cyberintelligence or hacking groups, in the same way that detectives might try to identify a suspect responsible for a string of burglaries by a common set of characteristics or modus operandi.
The point of my researching this widely dispersed material was to do more than merely report on how China was hacking us, however. My primary task was to provide a summary of the IC’s assessment of China’s ability to electronically track American officers and assets operating in the region.
Everyone knows (or thinks they know) about the draconian Internet measures of the Chinese government, and some people know (or think they know) the gravamen of the disclosures I gave to journalists in 2013 about my own government’s capabilities. But listen: It’s one thing to casually say, in a science-fiction dystopic type of way, that a government can theoretically see and hear everything that all of its citizens are doing. It’s a very different thing for a government to actually try to implement such a system. What a science-fiction writer can describe in a sentence might take the concerted work of thousands of technologists and millions of dollars of equipment. To read the technical details of China’s surveillance of private communications—to read a complete and accurate accounting of the mechanisms and machinery required for the constant collection, storage, and analysis of the billions of daily telephone and Internet communications of over a billion people—was utterly mind-boggling. At first I was so impressed by the system’s sheer achievement and audacity that I almost forgot to be appalled by its totalitarian controls.
After all, China’s government was an explicitly antidemocratic single-party state. NSA agents, even more than most Americans, just took it for granted that the place was an authoritarian hellhole. Chinese civil liberties weren’t my department. There wasn’t anything I could do about them. I worked, I was sure of it, for the good guys, and that made me a good guy, too.
But there were certain aspects of what I was reading that disturbed me. I was reminded of what is perhaps the fundamental rule of technological progress: if something can be done, it probably will be done, and possibly already has been. There was simply no way for America to have so much information about what the Chinese were doing without having done some of the very same things itself, and I had the sneaking sense while I was looking through all this China material that I was looking at a mirror and seeing a reflection of America. What China was doing publicly to its own citizens, America might be—could be—doing secretly to the world.
And although you should hate me for it, I have to say that at the time I tamped down my unease. Indeed, I did my best to ignore it. The distinctions were still fairly clear to me. China’s Great Firewall was domestically censorious and repressive, intended to keep its citizens in and America out in the most chilling and demonstrative way, while the American systems were invisible and purely defensive. As I then understood US surveillance, anyone in the world could come in through America’s Internet infrastructure and access whatever content they pleased, unblocked and unfiltered—or at least only blocked and filtered by their home countries and American businesses, which are, presumptively, not under US government control. It was only those who’d been expressly targeted for visiting, for example, jihadist bombing sites or malware marketplaces who would find
themselves tracked and scrutinized.
Understood this way, the US surveillance model was perfectly okay with me. It was more than okay, actually—I fully supported defensive and targeted surveillance, a “firewall” that didn’t keep anybody out, but just burned the guilty.
But in the sleepless days after that sleepless night, some dim suspicion still stirred in my mind. Long after I gave my China briefing, I couldn’t help but keep digging around.
* * *
AT THE START of my employment with the NSA, in 2009, I was only slightly more knowledgeable about its practices than the rest of the world. From journalists’ reports, I was aware of the agency’s myriad surveillance initiatives authorized by President George W. Bush in the immediate aftermath of 9/11. In particular, I knew about its most publicly contested initiative, the warrantless wiretapping component of the President’s Surveillance Program (PSP), which had been disclosed by the New York Times in 2005 thanks to the courage of a few NSA and Department of Justice whistleblowers.
Officially speaking, the PSP was an “executive order,” essentially a set of instructions set down by the American president that the government has to consider the equal of public law—even if they’re just scribbled secretly on a napkin. The PSP empowered the NSA to collect telephone and Internet communications between the United States and abroad. Notably, the PSP allowed the NSA to do this without having to obtain a special warrant from a Foreign Intelligence Surveillance Court, a secret federal court established in 1978 to oversee IC requests for surveillance warrants after the agencies were caught domestically spying on the anti–Vietnam War and civil rights movements.
Following the outcry that attended the Times revelations, and American Civil Liberties Union challenges to the constitutionality of the PSP in non-secret, regular courts, the Bush administration claimed to have let the program expire in 2007. But the expiration turned out to be a farce. Congress spent the last two years of the Bush administration passing legislation that retroactively legalized the PSP. It also retroactively immunized from prosecution the telecoms and Internet service providers that had participated in it. This legislation—the Protect America Act of 2007 and the FISA Amendments Act of 2008—employed intentionally misleading language to reassure US citizens that their communications were not being explicitly targeted, even as it effectively extended the PSP’s remit. In addition to collecting inbound communications coming from foreign countries, the NSA now also had policy approval for the warrantless collection of outbound telephone and Internet communications originating within American borders.
That, at least, was the picture I got after reading the government’s own summary of the situation, which was issued to the public in an unclassified version in July 2009, the very same summer that I spent delving into Chinese cyber-capabilities. This summary, which bore the nondescript title Unclassified Report on the President’s Surveillance Program, was compiled by the Offices of the Inspector Generals of five agencies (Department of Defense, Department of Justice, CIA, NSA, and the Office of the Director of National Intelligence) and was offered to the public in lieu of a full congressional investigation of Bush-era NSA overreach. The fact that President Obama, once in office, refused to call for a full congressional investigation was the first sign, to me at least, that the new president—for whom Lindsay had enthusiastically campaigned—intended to move forward without a proper reckoning with the past. As his administration rebranded and recertified PSP-related programs, Lindsay’s hope in him, as well as my own, would prove more and more misplaced.
While the unclassified report was mostly just old news, I found it informative in a few respects. I remember being immediately struck by its curious, they-do-protest-too-much tone, along with more than a few twists of logic and language that didn’t compute. As the report laid out its legal arguments in support of various agency programs—rarely named, and almost never described—I couldn’t help but notice the fact that hardly any of the executive branch officials who had actually authorized these programs had agreed to be interviewed by the inspector generals. From Vice President Dick Cheney and his counsel David Addington to Attorney General John Ashcroft and DOJ lawyer John Yoo, nearly every major player had refused to cooperate with the very offices responsible for holding the IC accountable, and the IGs couldn’t compel them to cooperate, because this wasn’t a formal investigation involving testimony. It was hard for me to interpret their absence from the record as anything other than an admission of malfeasance.
Another aspect of the report that threw me was its repeated, obscure references to “Other Intelligence Activities” (the capitalization is the report’s) for which no “viable legal rationale” or no “legal basis” could be found beyond President Bush’s claim of executive powers during wartime—a wartime that had no end in sight. Of course, these references gave no description whatsoever of what these Activities might actually be, but the process of deduction pointed to warrantless domestic surveillance, as it was pretty much the only intelligence activity not provided for under the various legal frameworks that appeared subsequent to the PSP.
As I read on, I wasn’t sure that anything disclosed in the report completely justified the legal machinations involved, let alone the threats by then deputy attorney general James Comey and then FBI director Robert Mueller to resign if certain aspects of the PSP were reauthorized. Nor did I notice anything that fully explained the risks taken by so many fellow agency members—agents much senior to me, with decades of experience—and DOJ personnel to contact the press and express their misgivings about how aspects of the PSP were being abused. If they were putting their careers, their families, and their lives on the line, it had to be over something graver than the warrantless wiretapping that had already made headlines.
That suspicion sent me searching for the classified version of the report, and it was not in the least dispelled by the fact that such a version appeared not to exist. I didn’t understand. If the classified version was merely a record of the sins of the past, it should have been easily accessible. But it was nowhere to be found. I wondered whether I was looking in the wrong places. After a while of ranging fairly widely and still finding nothing, though, I decided to drop the issue. Life took over and I had work to do. When you get asked to give recommendations on how to keep IC agents and assets from being uncovered and executed by the Chinese Ministry of State Security, it’s hard to remember what you were Googling the week before.
It was only later, long after I’d forgotten about the missing IG report, that the classified version came skimming across my desktop, as if in proof of that old maxim that the best way to find something is to stop looking for it. Once the classified version turned up, I realized why I hadn’t had any luck finding it previously: it couldn’t be seen, not even by the heads of agencies. It was filed in an Exceptionally Controlled Information (ECI) compartment, an extremely rare classification used only to make sure that something would remain hidden even from those holding top secret clearance. Because of my position, I was familiar with most of the ECIs at the NSA, but not this one. The report’s full classification designation was TOP SECRET//STLW//HCS/COMINT//ORCON/NOFORN, which translates to: pretty much only a few dozen people in the world are allowed to read this.
I was most definitely not one of them. The report came to my attention by mistake: someone in the NSA IG’s office had left a draft copy on a system that I, as a sysadmin, had access to. Its caveat of STLW, which I didn’t recognize, turned out to be what’s called a “dirty word” on my system: a label signifying a document that wasn’t supposed to be stored on lower-security drives. These drives were being constantly checked for any newly appearing dirty words, and the moment one was found I was alerted so that I could decide how best to scrub the document from the system. But before I did, I’d have to examine the offending file myself, just to confirm that the dirty word search hadn’t flagged anything accidentally. Usually I’d take just the briefest glance at the thing. But this time, as soon I ope
ned the document and read the title, I knew I’d be reading it all the way through.
Here was everything that was missing from the unclassified version. Here was everything that the journalism I’d read had lacked, and that the court proceedings I’d followed had been denied: a complete accounting of the NSA’s most secret surveillance programs, and the agency directives and Department of Justice policies that had been used to subvert American law and contravene the US Constitution. After reading the thing, I could understand why no IC employee had ever leaked it to journalists, and no judge would be able to force the government to produce it in open court. The document was so deeply classified that anybody who had access to it who wasn’t a sysadmin would be immediately identifiable. And the activities it outlined were so deeply criminal that no government would ever allow it to be released unredacted.
One issue jumped out at me immediately: it was clear that the unclassified version I was already familiar with wasn’t a redaction of the classified version, as would usually be the practice. Rather, it was a wholly different document, which the classified version immediately exposed as an outright and carefully concocted lie. The duplicity was stupefying, especially given that I’d just dedicated months of my time to deduplicating files. Most of the time, when you’re dealing with two versions of the same document, the differences between them are trivial—a few commas here, a few words there. But the only thing these two particular reports had in common was their title.
Whereas the unclassified version merely made reference to the NSA being ordered to intensify its intelligence-gathering practices following 9/11, the classified version laid out the nature, and scale, of that intensification. The NSA’s historic brief had been fundamentally altered from targeted collection of communications to “bulk collection,” which is the agency’s euphemism for mass surveillance. And whereas the unclassified version obfuscated this shift, advocating for expanded surveillance by scaring the public with the specter of terror, the classified version made this shift explicit, justifying it as the legitimate corollary of expanded technological capability.
Permanent Record Page 17
