by Shane Harris
This wasn’t wiretapping as usual. The agency didn’t just want to target individual people’s communications. They wanted blanket access to the information about the network as a whole. It was an extraordinary request, but it wasn’t the first time the spy agency had made it. Indeed, Mike Hayden himself had proposed the idea on February 27, 2001, nine months before the terrorist attacks.
On that day James Payne, the head of Qwest Communications’ federal government business unit, accompanied the company’s chief executive to au business meeting with Hayden at his Fort Meade headquarters. The CEO, Joe Nacchio, wanted a piece of a new NSA contract called Groundbreaker, a multibillion-dollar program to outsource maintenance of the agency’s nonclassified technology systems, such as desktop computers. Several Washington mainstays were vying for a piece of the deal, forming large teams of companies. Payne had made plenty of drop-in calls like this before to discuss potential business with large, important clients. Indeed, he was an old hand in the close-knit club of federal telecom contractors and agency executives.
A lifelong Washingtonian, Payne had mastered the ins and outs of the government market. He knew how to build relationships not just with agency chiefs but with the program managers and contracting officials underneath them who had the final say on how dollars were spent. They were the seldom seen bureaucrats who ultimately decided which companies rose and fell.
Payne’s impeccable dress, polished demeanor, and practically antebellum gentility seemed outwardly at odds with the bureaucrats and bean counters of the federal contracting market. But his refined style masked the heart of a bare-knuckled businessman. Payne had grown up in the government telecom space, a viper pit in its own right where executives hopped among companies and found themselves fighting alongside a friend one day and bidding against him the next. They understood the bottom line—the federal government was, by far, the largest single buyer of telecom services in the United States. Payne fought for the business he won; the NSA was no exception.
Qwest already had an in with the NSA, having worked on agency projects for a few years. The company had allocated portions of its telecom network for the agency’s exclusive use. Payne and Nacchio wanted to expand the business relationship. And so did Hayden.
In the meeting Hayden told Payne and Nacchio that he wanted information about Qwest’s customers, as well as the flow of traffic across its network, in order to track computer hackers and foreign intelligence services trying to penetrate U.S. government systems, particularly within the Defense Department. The agency was going after digital spies, not terrorists. Part of the NSA’s charter included the defense of government secrets. And by 2001, outside forces were trying to capture them with alarming frequency and some success. Government officials had also begun to fear a “digital Pearl Harbor” if intruders were to seize control of sensitive military systems or other key U.S. infrastructures, like power grids or the financial system, via the Internet. Hayden couldn’t let that happen.
The agency didn’t need to target individuals to look for anomalous behavior. It could monitor—or rather, have Qwest monitor—an entire network for suspicious patterns of activity. Maybe it was a particular Internet address probing a government network or a series of bogus information requests pinged off a server indicating the preparation for some massive electronic attack. Faceless signals, but signals nonetheless.
Telecom carriers routinely monitored their networks for fraud and hacking activity, so they had an enormous amount of intelligence capability already deployed. And Qwest was well positioned to help the agency. Perhaps even uniquely so.
The company was building a new and much heralded high-speed network for phone and Internet traffic. It promised faster, more powerful data flows, and it caught the attention of senior U.S. military officials. They worried about how it might be exploited by hackers, but they also wanted to use it themselves. Qwest was a darling of the Internet Age. Philip Anschutz, who owned the Southern Pacific Railroad, founded the company in 1988, and it eventually built the first all-digital, fiber-optic network by laying lines alongside railroad tracks. Those lines linked to terminals in key geographic locations, from which Qwest provided high-speed Internet and data connections to its customers. The company was based in Denver and was the largest carrier in the Rocky Mountain corridor, home to some of the military’s most important command-and-control facilities. U.S. Strategic Command, which oversaw the country’s nuclear arsenal, was a neighbor. And Buckley Air Force Base, in Aurora, Colorado, was a major downlink facility for U.S. spy satellites, including “eyes in the sky” that detected foreign missile launches.
The military and intelligence community needed what Qwest had: its network, its agility, and its information. In late 1997 a three-star general had met with Nacchio at his Denver office and later told one of Nacchio’s associates that he wanted to use the company’s network “for government purposes.” After that meeting Qwest chased after a pair of potentially lucrative deals to build private, secure networks for defense and intelligence agencies. So on that February day in 2001, when Hayden asked Qwest for its assistance monitoring cyberthreats, he had plenty of reason to think Nacchio would comply.
But he didn’t. Hayden’s proposal struck Nacchio, Payne, and Qwest’s lawyers as potentially illegal. If the company were to hand over customer information to the NSA without a lawful order, it could violate the Electronic Communications Privacy Act (ECPA), a 1986 statute that extended the wiretapping restrictions on phone calls to electronic information transmitted and stored in a computer. Though it might sour the company’s friendly relationship with the NSA, Qwest said no.
It was hardly the last Payne would hear of the matter. Time and again the agency raised it in meetings. Payne had a feeling that the NSA wasn’t just asking for the information for its own use; they also appeared to be acting on behalf of other government agencies. As the company continued to vie for the NSA business, the request hung unresolved in the air.
It was still unresolved as planes crashed into the World Trade Center and the Pentagon. The NSA quickly came calling again—on Qwest, as well as on its competitors, the country’s major telecom carriers and Internet service providers. Except this time the agency wasn’t hunting for hackers.
In the weeks after the attacks the NSA asked telecom executives for access to their customer records as well as direct, physical access to their data. The NSA specifically asked companies for their call-detail records, the logs of whom customers had called, on what days, and how long they had talked. Companies kept these records for routine billing matters. The NSA wanted them to feed the BAG.
If analysts started with a list of phone numbers, they could find all the other numbers called from those phones, and so establish the close circle of people in the targets’ daily lives. From there it was just a matter of exponential analysis. The NSA could look at all the numbers called from the second layer of phones, and all the numbers that those numbers called, pushing out until they’d identified a vast network of callers. Then, they could layer it over with e-mail information, financial reports, any kind of transaction the hunters could get their hands on to add meaning to the lines and dots that the BAG spit out.
Considering that terrorists often talk and write in code, this transactional data, or “metadata,” if properly exploited could yield more valuable information than recordings of the phone calls themselves. The same was true for e-mail messages, though establishing who actually sent an e-mail and where it came from was technically harder to do.
In any case, the NSA would have to collect huge amounts of metadata in order to capture specific communications and to establish patterns of activity among terrorist groups. Analysts had to set baselines about what constituted “normal” versus “suspicious” behavior. To make any reasonable determination the agency needed thousands, potentially even hundreds of thousands or millions, of customers’ call records. Analysts needed a thirty-thousand-foot view of the battlefield before knowing whom to target, whic
h phones to tap, and which e-mails to snatch. And they needed those metadata preferably as soon as they were created, since call-detail records were not real-time accounts of who had called whom. The NSA needed a way to tap into the network at the source. It needed the kind of access that Qwest had refused to give almost a year earlier.
But once again, when the NSA came calling, Qwest said no. This time the agency seemed to have a new argument: The USA PATRIOT Act made it easer for the government to obtain certain private communications. But still Nacchio declined. The company decided it would violate the privacy requirements of another law, the Telecommunications Act. Try as they might, NSA officials could not convince Qwest’s executives and lawyers that their requests for customer information passed legal muster. Agency officials rebutted by questioning the company’s patriotism. They let it be known that Qwest’s competitors were already on board. All around Washington the message to the companies whose assistance the NSA needed was clear: You must help us. Many executives agreed willingly. Others held out. Nacchio was one, and as far as the government was concerned, he was on the wrong side.
Lawyers for telecom and Internet companies were working overtime to comply with the government requests. Some came in the form of traditional warrants. But the emissaries of the most secretive terrorist surveillance programs carried only the assurances of the president of the United States and the attorney general. They averred that these untraditional requests were lawful and necessary to protect the nation.
Telecom data was only a part of the trove. In the first weeks after the 9/11 attacks, the Treasury Department formed a new investigative unit tasked to disrupt the routes of terrorist financing by monitoring bank transactions and money transfers. Al Qaeda and other groups had made brilliant use of the global financial system and its ability to move money effortlessly from one country to another. The government wanted to know how they did it.
The Treasury team, dubbed Operation Green Quest, was specifically interested in a money-moving system called hawala. For decades, hawala dealers had helped clients around the world quietly move money without the aid of electronic requests or even bank accounts. Hawala dealers didn’t actually transport currency. Instead, they arranged for cash pickups with other dealers, and their clients paid a fee for the brokering service. A cabdriver in the United States could find a local hawala dealer and ask him to get a thousand dollars to his brother in India. The dealer would contact another in Mumbai, who would then get in touch with the brother and pay him. Hawala dealers were constantly giving money out and taking it in, along with their cut. They managed their own books, which were kept in balance by trust and tradition. It was quick, discreet, and largely untraceable.
It was also generally unknown to U.S. investigators as a terrorist funding mechanism. In fact, before the 9/11 attacks, the Treasury Department and the FBI had never mounted a task force investigation into terrorist financing and assets at all. As Operation Green Quest and a partner group at the FBI got up to speed, however, they became quick studies on hawala as well as on overt mechanisms that terrorists used to move money, often in sums that avoided detection by banks and government regulators.
The FBI unit, called the Financial Review Group, set out to discover the financial linkages that tied the nineteen hijackers to one another and to their sources. Agents, some of them working out of the bureau’s crisis management center in Washington, pored over credit card statements, ATM transactions, and wire transfer receipts like auditors trying to reverse engineer some fraudulent scheme. Their work eventually led to the indictment of Zacarias Moussaoui, who the FBI suspected would have been the twentieth hijacker aboard a doomed airliner on September 11 had he not been detained earlier on an immigration violation.
FBI agents also dove into credit and debit card histories housed at First Data in Colorado. The huge company processed almost half of all card charges in the United States and ran payments for customers located around the world too. The agents were there at the company’s request. Like a number of American businesses large and small, First Data voluntarily handed over its data in the days after the attacks, a patriotic and perhaps legally risky gesture that was driven by the same fear of an impending follow-up attack. First Data also owned Western Union, which meant that the government’s terrorist trackers were now tapped into two vital streams for moving money.
The FBI and Operation Green Quest weren’t alone in sniffing out terrorists’ money trails. The Treasury Department’s Financial Crimes Enforcement Network also spun up into wartime tempo. FinCEN was one of the most sophisticated electronic intelligence units in the government, with a solid reputation for catching money launderers, organized criminals, and drug traffickers exploiting the U.S. banking system. A unit at the Customs Bureau in Northern Virginia also joined the fray. Agents there built dummy Web sites, hoping to snare people donating to terrorist groups. Agents loaded the sites with code words that frequent hawala users would recognize, as well as with other terms meant to entice terrorism funders.
Based on all this financial intelligence, law enforcement agents launched raids on Islamic charities suspected of backing Al Qaeda and affiliated groups. It was also vital to CIA agents as they tracked suspected terrorists and their middlemen in Pakistan, Afghanistan, and the Middle East.
As Treasury, Customs, and FBI agents probed electronic and underground financial mechanisms, they unearthed evidence that terrorists were supported through a vast network of wire transfers as well as cash funneled through long-standing money-laundering rings run by groups posing as legitimate businesses. These were located in the United States and overseas. The terrorist financing machine was a global enterprise, the investigators realized. If they could disrupt it, they might prevent more attacks. But if they knew where the money was coming from, they also might find out where the terrorists, and their backers, were hiding.
That’s what the NSA wanted to know. Owing to an unprecedented level of cooperation among law enforcement and intelligence agencies, as well as new financial reporting requirements placed on banks and money transfer services, the NSA became privy to a wealth of financial intelligence, including wire transfer records, credit card transactions, and “suspicious activity reports,” which financial institutions were required to file anytime their customers moved a certain volume of money. In effect, the NSA turned banks and transfer services into their eyes and ears on the financial networks. The agency set up financial watch lists—whenever a particular target used a credit card or moved money, a red flag went up. But financial data was also poured into the BAG and overlapped with phone and e-mail communications in an effort to dig deeper into terrorists’ social networks. The tiniest bit of information might be the key clue that put the agency on the terrorists’ trail, and ultimately led to his brothers in arms.
Throughout 2002 the NSA sated its analysts’ ravenous appetite for more intelligence. Phone calls, e-mails, metadata, financial transactions. Anything that could serve the agency’s twin goals of tracking terrorists and disrupting their plots.
The NSA was hardly alone in this quest. Nor was it the sole collector of intelligence. But those presidential authorities that allowed the agency to side-step the Foreign Intelligence Surveillance Act also came with new responsibility. For years the NSA had played a supporting role, providing tactical intelligence to the military in wartime or responding to requests from national leaders. Now the agency was on point. It plugged into an array of data sources, including those at AT&T, one of the oldest and most important telecom providers. The agency made arrangements to siphon phone and Internet traffic off the company’s network. The NSA was also privy to financial intelligence streams coming out of the Treasury Department and the FBI. And, of course, its traditional foreign intelligence mission continued unabated.
But for all its riches of data, the NSA was still starving. Access to information wasn’t the challenge. What to do with it—how to make sense of it—that’s what mattered most. And as it sucked in more and more d
ata, the NSA started to choke.
The agency could store terabytes of intelligence in its vast databases, but it couldn’t analyze it fast enough before the mounds piled ever higher. Despite its vaunted, almost mystical reputation as an all-seeing eye, the NSA was physically incapable of analyzing all of this information in real time as it coursed through the world’s networks. Analysts could only search digital archives after information was collected.
That wasn’t their only problem. Once they obtained the information from their data banks and fed it into the BAG, the resulting analysis overwhelmed them. The BAG’s very design, the way it compressed information into more manageable forms, actually diluted nuance. The graph might only reveal how many times a particular word appeared in a conversation, not necessarily the significance of the word or how it related to other words. The same could be said for a lot of mining tools, but the BAG had another particular handicap. When it displayed those connections as lines, they could be so dense as to be indecipherable. A mishmash of lines, dots, and intersections, weaves and lattices. To some of the analysts and techies at the NSA it looked like the BAG had taken the information and twisted it up into a sickening, knotted jumble. They named these unhelpful diagrams after another tangled mess they’d seen their pets cough up at home—hair balls.
And that was how the hunters learned a painful lesson about the BAG: For it to tell them things, they had to feed it. But the more they fed it, the less it actually told them.
