—JAMES CLAPPER, director of national intelligence, 2013
IN THE GAME OF NATIONS, which often is not visible to public scrutiny, the great prize is state secrets that reveal the hidden weaknesses of a nation’s potential adversaries. The most important of these in peacetime is communication intercepts. It was just such state secrets that Edward Snowden took from the NSA in the spring of 2013. Before that breach, America’s paramount advantage in this subterranean competition was its undisputed dominance in the business of obtaining and deciphering the communications of other nations. The NSA was the instrument by which the United States both protected its own secret communications and stole the secrets of foreign nations. The NSA, however, has an Achilles’s heel: It is dependent on civilian computer technicians who do not necessarily share its values to operate its complex system. Because of this dependence, it was not able in 2013, as it turned out, to protect its crucial sources and methods.
Snowden exposed this vulnerability when he walked away with the aforementioned descriptions of the gaps in America’s coverage of the communications of its adversaries. Even though the Cold War had been declared over after the collapse of the Soviet Union a quarter of a century earlier, the age-old enterprise of espionage did not end with it. Russia and China still sought to blunt the edge that the NSA gave the United States. The Snowden breach therefore needs to be considered in the context of the once and future intelligence war.
The modern enterprise of reading the communications of other nations traces back in the United States to military code-breaking efforts preceding America’s entry into World War I. The invention of the radio at the end of the nineteenth century soon provided the means of rapidly sending and getting messages from ships, submarines, ground forces, spies, and embassies. These over-the-air messages could also be intercepted from the ether by adversaries. If they were to remain secret, they could not be sent in plain text. They had to be sent in either code, in which letters are substituted for one another, or, more effectively, a cipher, in which numbers are substituted for letters. Making and breaking codes and ciphers became a crucial enterprise for nations. By 1914, the U.S. Army and Navy had set up units, staffed by mathematicians, linguists, and crossword puzzle solvers, to intercept and decode enemy messages. After the war had ended in 1918, these units were fused into a cover corporation called the Code Compilation Company, which moved to new offices on Thirty-Seventh Street and Madison Avenue in New York City.
Under the supervision of the famous cryptographer Herbert O. Yardley, a team of twenty code breakers was employed in what was called the Black Chamber. Yardley arranged for Western Union, which had the telegraph monopoly in America, to provide the Black Chamber with all the telegrams coming into the United States. “Its far-seeking eyes penetrate the secret conference chambers at Washington, Tokyo, London, Paris, Geneva, Rome,” Yardley wrote about the Black Chamber. “Its sensitive ears catch the faintest whispering in the foreign capitals of the world.” But in 1929, at the instructions of President Herbert Hoover, Secretary of State Henry Stimson closed the Black Chamber, saying famously, “Gentlemen should not read each other’s mail.”
The moratorium did not last long. With war looming in Asia and Europe, President Franklin D. Roosevelt reactivated the operation as the Signal Security Agency. It proved its value in breaking the Japanese machine-generated cipher “Purple.” In June 1942, using deciphered Japanese messages to pinpoint the location of the Japanese fleet at Midway, America won a decisive naval victory in the Pacific. Germany’s Enigma encoding machines, with three encoding wheels, proved more of a challenge. Initially, British cryptanalysts led by the brilliant mathematician Alan Turing succeeded in building a rudimentary computer to decipher Germany’s messages to its submarines and bombers, but in 1942 Germany added a fourth set of encoding wheels, escalating what was essentially a battle of machine intelligence. The U.S. Navy then contracted with the National Cash Register Company to build a computing machine capable of breaking the improved Enigma, and in May 1943 it succeeded.
By the time the war ended in 1945, the United States had over one hundred giant decryption machines in operation. This unrivaled capability to read the communications of foreign nations, which remained one of America’s most closely guarded secrets, was transferred to the Army Security Agency based at Fort Meade, Maryland. Then, on October 24, 1952, President Harry S. Truman greatly expanded its purview and changed its name to the National Security Agency.
The NSA was given two missions. The first one was protecting the communications of the U.S. government. The main risk was that the Soviets would find a way of breaching U.S. government channels of communications. The second mission was intercepting all the relevant communications and signals of foreign governments. This latter mandate included the governments of allies as well as enemies. The president, the other intelligence services, and the Department of Defense deemed what was relevant for national security. Even though the NSA remained part of the Department of Defense, its job went far beyond providing military intelligence. It also acted as a service agency to other American intelligence services. They prepared shopping lists of foreign communications intelligence targets for the NSA to pursue.
As the Cold War heated up in the 1960s, the NSA provided intelligence not only to the Pentagon but to the Department of State, the Central Intelligence Agency, the Treasury Department, the Atomic Energy Commission, and the FBI. With a multibillion-dollar “black budget” hidden from public scrutiny, the NSA’s technology directorate invested in state-of-the-art equipment, including supercomputers that could break almost any cipher, antennas mounted on geosynchronous satellites that vacuumed in billions of foreign telephone calls, and other exotic capabilities. It also devised stealthy means of breaking into channels that its adversaries believed were secure. This enterprise required not only an army of technical specialists capable of remotely intercepting even the faintest traces of electromagnetic signals, hacking into computers, and eavesdropping on distant conversations but also special units called “tailored access operations,” to plant listening devices in embassies and diplomatic pouches. The NSA also organized elaborate expeditions to give access to or even penetrate physical cables in enemy territory. In 1971, for example, the NSA sent a specially equipped submarine into Russia’s Sea of Okhotsk in Asia to tap through Arctic ice. The target was a Russian cable four hundred feet below the surface that connected the Russian naval headquarters in Vladivostok with a missile testing range.
In 1980, President Ronald Reagan gave the NSA a clear mandate to expand its interception of foreign communications. In Executive Order 12333, he told the NSA that “all means, consistent with applicable Federal law and this [Executive] order, and with full consideration of the rights of United States persons, shall be used to obtain reliable intelligence information to protect the United States and its interests.” It did not restrict any foreign country, either an adversary or an ally, from its surveillance.
The NSA’s target soon became nothing short of the entire electromagnetic spectrum. “We are approaching a time when we will be able to survey almost any point on the earth’s surface with some sensor,” Admiral Stansfield Turner, the former director of central intelligence, wrote in 1985. “We should soon be able to keep track of most of the activities on the surface of the earth.” Bobby Ray Inman, a former director of the NSA and deputy director of the CIA, argued that the “vastness of the [American] intelligence ‘take’ from the Soviet Union, and the pattern of continuity going back years, even decades,” greatly diminished the possibility of Soviet deception so long as the NSA kept secret its sources.
The NSA did not rely entirely on its own sensors for this global surveillance. It also formed intelligence-sharing alliances with key allies. The most important was with the British code-breaking service, GCHQ, which had achieved enormous success in World War II in using computers to crack the German Enigma cipher. This alliance expanded to include Canada, Australia, and New Zealand in the so-called Five Eyes Alliance
. Because over 80 percent of international phone calls and Internet traffic passed through fiber-optic cables in these five countries, the alliance had the capability of monitoring almost all phone and Internet communications.
The NSA also established fruitful liaisons with the cyber services of Germany, France, Spain, Italy, the Netherlands, Portugal, Israel, Japan, and South Korea, which were often willing to provide the NSA with access to telecommunications links in their countries. These long-term allies greatly strengthened the NSA’s hand in other ways in the intelligence war. For example, the so-called James Bond provision of the British Intelligence Services Act of 1994 allowed officers of the GCHQ to commit illegal acts outside Britain, including planting devices to intercept data from computer servers, cell phones, and other electronic targets. And, as Snowden’s release of documents revealed in 2013 and 2014, these foreign allies fully shared their information with the NSA.
Of course, the liaison between the NSA and its allies was a two-way street. In 2013, none of these other countries had a global network of geosynchronous sensors in outer space and under the ocean that could monitor signals from missile launching, submarines, military deployments, nuclear tests, and other matters of strategic importance to them. Nor did these allies have the cipher-breaking capabilities of the array of NSA supercomputers. The NSA had assiduously built these means at a cost of over half a trillion dollars and employed tens of thousands of linguists who could translate almost any dialect or language of interest.
Even though these allies had their own cipher services and local capabilities, they depended on the NSA to provide them with a large share of their signals intelligence. From the perspective of defending themselves from potential threats, the deal that these allies had with the NSA was mutually advantageous.
The NSA’s overseas intelligence gathering was not limited to adversary nations. With the exception of the Five Eyes allies, it gathered data that was deemed important by the president and the Defense Department in friendly countries. These operations had been approved by every American president and funded by every American Congress since 1941. After all, even in the realm of allies, activities take place that run counter to American interests. The 9/11 conspiracy, for example, was hatched in Hamburg, Germany, and financed in Dubai and Saudi Arabia.
Nor were American allies unaware of the reach of the NSA. “Yes, my continental European friends, we have spied on you. And it is true we use computers to sort through data by using keywords,” the former CIA director James Woolsey wrote in The Wall Street Journal in 2000. “Have you stopped to ask yourselves what we are looking for?” Whether or not it was appreciated by other countries, the global harvesting of communications intelligence by the NSA was hardly a secret.
As the NSA expanded further, it delegated part of its work to regional bases, including ones in Utah, Texas, Hawaii, and Japan. The paramount task of the NSA remained monitoring the channels of communications that an adversary might use. The vast proliferation of these channels in cyberspace, which included e-mail, social media, document sharing, and other innovations of the Internet age, greatly complicated this task. Even so, this challenge was not insurmountable, because most of the Internet actually traveled through fiberglass landline cables that crossed the territories of the United States, Britain, and Australia. So the NSA found the technical means, including voluntarily gaining access to major Internet companies, to “harvest” vast amounts of this Internet data. America’s other intelligence agencies quickly recognized the value of the communications intelligence gleaned from foreign telecommunications. John E. McLaughlin, who was the CIA’s acting director in 2004, described the NSA as nothing less than the “very foundation of U.S. intelligence.” It served as a “foundation” for the CIA because intercepted communications intelligence allowed the CIA (and other U.S. intelligence services) to test and verify the reports of their human sources in foreign countries. Moreover, because of the immense amount of foreign data that the NSA vacuumed in through its global sensors, it provided the CIA with an effective means for discovering new targets in adversary nations.
By the first decade of this century, the NSA’s surreptitious efforts to render the Internet transparent to U.S. intelligence had earned it a new set of enemies. They were the previously mentioned hacktivists who were attempting to shield the activities of Internet users from the intrusions of government surveillance. They employed both encryption and Tor software to defeat that surveillance. But the NSA did not conceal that it was intent on countering any attempt to interfere with its surveillance of the Internet. It built back doors into encryption and worked to unravel the Tor scrambling of IP addresses. It made leading hacktivists targets. Brian Hale, the spokesman for the director of national intelligence, disclosed that the United States routinely intercepted the cyber signatures of parties suspected of hacking into U.S. government networks.
Following the 9/11 attacks on the Pentagon and the World Trade Center, the surveillance of the Internet became an integral part of the Bush administration’s war on terrorism. In October 2001, Congress expanded the NSA’s mandate by passing the USA Patriot Act. As I described earlier, Section 215 of the act directly authorized the NSA, with the approval of the FISA court, to collect and store domestic telephone billing records. The idea was to better coordinate domestic and foreign intelligence about al-Qaeda and other jihadist groups. This put the NSA directly in the anti-terrorist business. It also necessitated the NSA vastly increasing its coverage of the Internet.
—
The mantra in government in this post-9/11 intelligence world became “connect the dots.” Congress through this act essentially demolished the wall between domestic and foreign intelligence when any NSA activity related to foreign-directed terrorism. It further made the NSA a partner with the FBI in tracking phone calls made from phones originating outside the United States by known foreign jihadists. If these calls were made to individuals inside, the NSA was now authorized to retrieve the billing records of the person called and those people whom he or she called. These traces were then supplied to the FBI. The new duties also increased the NSA’s need to create new bureaucratic mechanisms to monitor its compliance with FISA court orders. Rajesh De, the NSA’s general counsel at the time of the Snowden breach, described the NSA as becoming by 2013 “one of the most regulated enterprises in the world.” Grafted onto its intelligence activities were layers of mandated reporting to oversight officials. Not only did the NSA have its own chief compliance officer, chief privacy and civil liberties officer, and independent inspector general, but the NSA also had to report to a different set of compliance officers at the Department of Defense, the Office of the Director of National Intelligence, and the Department of Justice. Additionally, the Department of Justice dispatched a team of lawyers every sixty days to review the results of “every single tasking decision” approved by the FISA court.
According to De, just assembling these reports involved thousands of hours of manpower. In addition, the president’s Oversight Board required that the NSA’s Office of the General Counsel and inspector general supply it every ninety days with a list of every single error and deviation from procedure made by every NSA employee anywhere in the world, including even minor typing errors. These requirements, according to De, inundated a large part of the NSA legal and executive staff in a sea of red tape. Yet this regulation could not undo surveillance programs such as the one Snowden revealed of Verizon’s turning over the billing records of its customers to the NSA, because the NSA was in compliance with the FISA court order (even though, as it turned out in 2015, the FISA court might have erred in interpreting the law).
The NSA’s focus on surveillance might have led to the neglect of its other mission: protecting the integrity of the channels through which the White House, government agencies, and military units send information. This task had been made vastly more difficult by the proliferation of computer networks, texting, and e-mails. To protect government networks from cyber attacks
, the Pentagon belatedly created the U.S. Cyber Command in 2009. In it, the cyber-defense units of the army, navy, marines, and air force cyber forces were merged together and put under the command of the NSA director. General Keith Alexander became the first director of this new command. One problem for the Cyber Command was separating attacks by civilians, including criminals, hacktivists, and anarchists, from cyber warfare sponsored and supported by adversary states. Because foreign intelligence services often closely imitated the tools of civilian hackers, and were even known to provide them with hacking tools, it was not easy for the Cyber Command to unambiguously determine if the ultimate perpetrator of a cyber attack was state sponsored. For example, the identification of North Korea as the principal actor behind the attack on Sony in December 2014 appeared to be a rare success, but many cyber-security experts believed that it might be a false trail used to hide the real attacker. Clues could be fabricated in cyberspace to point to the wrong party.
The job of the Cyber Command was to prevent such an attack. To this end, it planted viruses on hundreds of thousands of computers in private hands to act as sentinels to spot other suspicious viruses that could mount such an attack. Private computers had become a new battleground in the cyber wars. It also built a capability to retaliate. Still, cyber attacks, which were launched through layers of other countries’ computers, could not be unambiguously traced back to the true perpetrator.
This escalation by the Cyber Command set the stage for expanded forms of warfare in cyberspace. “The Chinese are viewed as the source of a great many attacks on western infrastructure and just recently, the U.S. electrical grid,” General Alexander said in explaining the need for this consolidation. “If that is determined to be an organized attack, I would want to go and take down the source of those attacks.” The same retaliation would presumably be used against Russia, Iran, or any other adversary. Dominance of cyberspace itself now became part of the NSA’s mandate.
How America Lost Its Secrets Page 22
