Deep State

Home > Other > Deep State > Page 28
Deep State Page 28

by Marc Ambinder


  Suspicion about NSA motives and operations may be an inevitable historical fact given its range and scope. But fallout from the controversy over warrantless wiretapping has drifted into the NSA’s other missions as well. The “puzzle palace” is responsible for information assurance (which basically means it protects the Defense Department from cyber threats), and it creates and breaks codes. These tasks remain more difficult today because of, again, a legal system on a heightened state of alert against the NSA, so to speak, and a Congress less likely to write checks without certain assurances.

  Here we tell the story of what we think, to a reasonably degree of certainty, the NSA did after 9/11. We have omitted a number of sensitive details because we (alone) do not possess the knowledge to determine what would and would not compromise national security. We have relied on the guidance of people who know about the program to help achieve an appropriate balance.

  Ten years after 9/11, Hayden, now retired, remains accessible. He answers questions sent to his AOL e-mail address. “Can the UK task the US with listening to British citizens? Can the US task the Brits with collecting on US citizens?”

  “Absolutely not,” he replies.

  “Does the NSA maintain a database of potential political undesirables in the event of martial law in the US?”

  “An urban legend,” he says.10

  Did the NSA illegally eavesdrop on American citizens?

  Though the intelligence community esteems Hayden—indeed, it’s hard to find someone he has worked with who will speak ill of him even in private—in public he becomes quite defensive about the special programs. Of course, he cannot be too defensive, because he can’t present a defense. The program, discontinued and then revived under the FISA Amendments Act of 2008, is ongoing and has expanded beyond what even he envisioned for it. It remains Top Secret and compartmentalized as SI, or “Special Intelligence.” If that wasn’t enough, the program is stovepiped into a special compartment whose name itself is classified.11

  The basic reasoning behind such draconian secrecy measures is that if Bill the Plumber knows roughly how the NSA intercepts communications originating within the United States, then Michelle the Terrorist will likely also know this and change her communication methods accordingly. The United States, collectively, will then find it harder to figure out where the bad gals and guys are. So far as national security arguments go, this one is fairly basic. Still, it’s not inherently persuasive, being predicated on a condition that there are terrorists who assume the U.S. government doesn’t have a method of listening to telephone calls or reading e-mails.

  That said, when the New York Times printed details of the NSA surveillance program in 2005—whatever one’s feelings about the special programs and their legality—there is evidence that the bad guys weren’t making these assumptions. The Times bowed to White House pressure to sit on the story for a year but reversed course shortly before the publication of a book by one of the story’s lead reporters. Though the Times story itself did not contain any details that intelligence officials could later tie to any American lives placed in jeopardy—and indeed, the NSA thanked the Times in private for its discretion, while publicly flailing it—the percussive effect led to a disclosure that made it harder for the NSA to perform basic functions: that American companies were cooperating with the NSA, mostly by providing them with reams of data about foreign communications that happened to touch (or “transit through”) an American wire. “This, by far, was the worst disclosure,” Hayden said in an interview. “It actively stopped collection that no one anywhere had any problem with.”

  Ironically, the first public confirmation that President Bush had authorized the acquisition of information from these domestic junctions came courtesy of Bob Graham of Florida, chairman of the Senate Select Committee on Intelligence, who mentioned it to the Washington Post after the Times first reported the domestic terminal portion of the story. Graham had been told about the cooperative arrangement between the government and the telecoms in October 2002. Not long after that the NSA and the telecoms had figured out how to sift through reams of metadata in real time. Earlier that summer, the NSA had started to set up splitters at key telecom network nodes across the country, including one in San Francisco that was exposed by a whistleblower.12

  The special programs (of which the Terrorist Surveillance Program is a part) reside at the intersection of two very complicated and overlapping bodies of law, each with its own language and legislative history. Laws circumscribing the practice of domestic law enforcement and statutes proscribing the country’s flexibility to respond to existential military threats are not always reconcilable—nor were they designed to be. Where laws governing domestic law enforcement tend to minimize powers and focus on the traditional balance of self-government and security, the larger body of national security laws often justifies its own existence with the need to give the executive branch a normative foundation for extraordinary actions.

  The NSA operates collection platforms in more than fifty countries and uses airplanes and submarines, ships and satellites, specially modified trucks, and cleverly disguised antennas. It has managed to break the cryptographic systems of most of its targets and prides itself on sending first-rate product to the president of the United States.

  Inside the United States, the NSA’s collection is regulated by FISA, passed in 1978 to provide a legal framework for intercepting communications related to foreign intelligence or terrorism where one party is inside the United States and might be considered a “U.S. person.”

  Three bits of terminology: The NSA “collects on” someone, with the preposition indicating the broad scope of the verb. Think of a rake pushing leaves into a bin. The NSA intercepts a very small percentage of the communications it collects. At NSA, to “intercept” is to introduce to the collection process an analyst, who examines a leaf that has appeared in his or her computer bin. (An analyst could use computer software to assist here, but the basic distinction the NSA makes is that the actual interception requires intent and specificity on behalf of the interceptor.) A “U.S. person” refers to a U.S. citizen, a legal resident of the United States, or a corporation or business legally chartered inside the United States.13

  Before the Terrorist Surveillance Program went live, the system was designed to work something like this: When the FBI or CIA developed information about foreign espionage or terrorist plots that tied legitimately bad people to U.S. persons (citizens, corporations, charities), the government, through the Justice Department’s Office of Intelligence Policy and Review, applied for a FISA warrant. This allowed the NSA to collect all electronic communications that directly emanated from, or were directed to, that specific U.S. person—so long as one side of the conversation was known to be overseas.

  In practice, the process went like this: If an NSA analyst decided that one party of a conversation she was about to monitor (or had just intercepted) might be inside the United States, she would have to convince her superior that there was probable cause to believe that the person inside the United States was connected to the foreign intelligence purpose that the analyst was tasked with collecting on. The superior would go the NSA general counsel, who could veto the request. If the general counsel approved, however, a packet of materials would be created for the Justice Department to review. Again, Justice could say no, but if they said yes, they (that is, Justice) would have to draft a document demonstrating probable cause for the duty judge on the FISC. This process could be done quickly, but often was not, and certainly couldn’t be scaled sufficiently so that potentially urgent situations could be approved. Even accepting that FISA allowed for orderless interceptions in emergencies, the bottleneck of processing applications would be significant. The government was required to have probable cause to believe that the person overseas was a member of, or significantly associated with, a foreign government or terrorist entity. Also, intention mattered. The primary purpose of surveillance had to be to gather foreign intelligence.14 />
  What the special programs did, from a 30,000-foot level, was remove the multiple layers of lawyers. Analysts could decide for themselves whether probable cause existed to intercept a communication. Their work was subject to regular review by the inspector general of the NSA, who would sample target folders to see if the analyst’s operational standard of probable cause met hers. The special programs allowed the NSA to determine much more quickly whether a flashing dot somewhere in the world was worth paying attention to or could be safely ignored. It allowed the NSA to directly acquire a raw feed from telecoms—AT&T, BellSouth, and Verizon—and merge it with data collected from a number of other sources (e-mail servers, most of which were based in U.S. credit bureaus; credit card companies; passport records)—to identify the U.S.-based target of a foreign communicator with ties to terrorism, or, in some cases, to identify the foreign-based communicator based on a live intercept. The telecoms provided bulk data in the form of CDRs—Call Detail Records, which included the destination number, the duration of the call, and the location of the call (a home switch, a cell tower, an IP address). The NSA and the telecoms widened secure data channels already constructed for the purpose of allowing law enforcement to monitor to-and-from telephone information in real time—a requirement of the Communications Assistance for Law Enforcement Act.

  There was quite a bit the agency could monitor in real time.15 Based on a scrap of paper collected somewhere overseas with a U.S. phone number on it, the NSA could figure out what other numbers that number called and even determine whether any of those domestic-terminal numbers were in contact with numbers associated with others on the watch list. (This form of analysis is called Community of Interest collection.) To be clear, at this stage of the process the NSA is not actively intercepting communications. It is collecting and analyzing metadata to determine whose communications to intercept. The equipment the NSA reportedly used at the telecom switches (the places where Internet traffic gets routed from one company’s system to another) allowed them, in theory, to query e-mail traffic for content. The NSA insists that performing such semantic analysis on content was not done until the target was established.∗

  The effectiveness of the special programs of the NSA is a mystery. There are a couple of cases where they provided real assistance to investigators. But the FBI claims that early on the NSA added needless complications to the Bureau’s efforts to determine whether sleeper cells actually existed inside the United States. It was difficult to segregate data that came from the special programs from data that came from normal NSA FISA intercepts. Today, the NSA is more judicious with the information about domestic targets that it provides to the FBI.

  Operationally, the NSA keeps secret what internal checklist must be satisfied before it asks telecommunications companies for stored data sets; how quickly it can drill down on a target after identifying it; how, precisely, it uses target and link analysis (also known as data mining) to develop probable cause; what equipment it uses; what auditing tools it uses; and more.16

  What is known is that the NSA’s special programs are larger than they were when they first existed as a presidentially authorized intelligence collection tool. Inside the government there is a consensus that the programs are critical to national security. This consensus did not come easily, and from a civil libertarian standpoint the checks and balances are insufficient. It could be that the Justice Department, the courts, and Congress previously objected to the program only because they weren’t let in on the secret. Now that they’re in on it, they’re willing participants in its perpetuation and expansion.

  In the days after September 11, 2001, Vice President Dick Cheney and David Addington, his legal counsel, both of whom intimately knew the habits of Congress and the executive branch, had assumed the opposite would be true. They ordered that details of the special programs remain so tightly compartmented that lawyers for the NSA were forbidden to discuss the matter with lawyers from the Justice Department. The barest minimum number of congressmen received briefings. So tightly stretched was the secrecy blanket that even the National Security Council’s legal team was kept in the dark, as was the president’s chief homeland security adviser and the Justice Department’s chief liaison with the FISA court.17

  Only one attorney in the Justice Department’s internal legal office, John Yoo, was providing the legal guidance. Yoo had no one to help him. He was formerly a constitutional law professor at the University of California, Berkeley, with a strong interest in national security. At Justice, he wrote several opinions that read like law articles but in practice would serve to justify a wide range of practical actions. His boss, Jay Bybee, had been confirmed but could not assume his post as head of the Office of Legal Counsel (OLC) until his teaching term ended. But he would never be read in to the program.18 Nor was his boss, the deputy attorney general. When this later came out, it appeared that Cheney and Addington had hand-selected someone they knew would be sympathetic to their case. But the truth is more prosaic: Yoo was simply the go-to guy for national security in OLC at the time. Had Bybee been at his Justice desk, he would have been the one to decide who would formulate the opinion.

  At the NSA, Hayden immediately consulted his general counsel. “Here’s what the president wants me to do under 12333,” he told Robert Deitz, referring to the executive order authorizing intelligence collection. “Can we do it?” This was a Thursday. Deitz spent a sleepless night trying to figure it out, but came in on Friday morning with an answer: there was no constitutional question at stake—but yes, the NSA could probably do this either under an implicit exemption in FISA, or, if not, the act itself had suddenly revealed itself to be unconstitutionally constraining on the president’s power. As Deitz read court opinions going back decades, he noted that even where judges explicitly limited the president’s reach, they always tacked on a footnote implying that nothing in their opinion was designed to constrain the president’s ability to perform his main Article II functions. Deitz and Hayden agreed on two things: if the programs were revealed, they wouldn’t lie to Congress about them, and Hayden would inform at least the chief of the FISC and the Gang of Eight from the start. Both used the same metaphor: they wanted to make Congress “pregnant,” too. The programs were legal, in Deitz’s view, but very close to the line.

  Hayden then asked his SIGINT chief, Maureen Baginski, to figure out how many people would be needed to run the programs. Given the sensitivity involved, he had a hand in personally selecting everyone who would participate. Early the next day, a Saturday morning, Hayden, Deitz, and about fifty unsuspecting NSA analysts and engineers filed into a conference room in the main headquarters building. Hayden has several times since recounted the directive he gave to the staff: they would carry out only what the president authorized “and not one photon more.” At the time he did not know, he now concedes, how realistic that promise was, given that the NSA had never attempted this type of thing before. But he knew that it would send a message to those who would operate the program: overcollection (which is inevitable) in a program like this is more than a minor sin.

  Before 9/11, there was plenty of secrecy associated with the FISC. Its decisions were never public, and the subject of the surveillance would be—so far as the government was concerned—blissfully ignorant.19 In 1999, engineers brought a program to Hayden called ThinThread. It looked quite promising to an agency that was struggling to keep up with its core intelligence-gathering mission. Hayden’s analysts were hearing a lot of chatter about millennium-related terror plots, and ThinThread was a $20 million computer system that could do what the NSA admitted it needed to do better—tap into the ever-changing global telephonic and network architecture.20

  One thing that the NSA could not do without a court order was acquire—the verb is important—communications that did not fully bypass the United States. If both ends of the conversation came from sources outside the United States, the NSA could intercept it, even if the wires through which the electrons and photons flowed phys
ically went through the United States. But it was very hard to segregate these conversations from domestic traffic, and the NSA couldn’t collect everything and then segregate it. That the NSA had the authority to do this at all was itself a necessary secret, and it remains redacted in official NSA regulations from the 1990s and the early part of the 2000s that were obtained by the authors under the Freedom of Information Act.

  ThinThread’s proponents believed they had figured out a way to intercept conversations without technically “acquiring” them, where one terminal might indeed be in the United States. NSA signals intelligence operations managers believed that by subjecting the content of these communications to encryption they could analyze the metadata for suspicious patterns. The response from the NSA’s lawyers was unanimous: the agency could not acquire communications inside the United States without a warrant whether they were encrypted or not. The lawyers had asked the Justice Department for its view; President Bill Clinton’s team found no basis in law for it. Therefore, the neat technology of ThinThread was not something the NSA could use. After the special programs began, the NSA used a program called Trailblazer to do link analysis on the data provided by telecoms and other sources. Trailblazer did not encrypt communications, which raised a red flag for many NSA SIGINT teams who weren’t read in to the program. Why wasn’t ThinThread being used? Trailblazer, by comparison, seemed more Orwellian and more expensive.∗

  The reason was that Hayden now had the authority to acquire communications inside the United States (where one terminal was reasonably believed to be outside the United States) without an order. From his perspective, he didn’t need ThinThread. And in any event, his software engineers told him that it wouldn’t scale. It would later emerge, as Hayden acknowledges, that the system ultimately used to acquire U.S. communications didn’t work as well as it could have, but that was no reason to replace it with an untested, entirely different system.21

 

‹ Prev