Spies for Hire

by Tim Shorrock

  Across the parkway from L-3 is the Maryland headquarters of Booz Allen Hamilton, the NSA’s largest systems integrator and one of its chief advisers on IT and network issues. Further down, you see signs for Applied Signal, one of NSA’s leading suppliers of SIGINT processing equipment; Electronic Data Systems (EDS), the Dallas IT firm once owned by Ross Perot that makes the “smart cards” used by the Pentagon to identify its employees in bases around the world; and Omen Inc., an IT subcontractor on the Groundbreaker project. You also pass a smattering of small companies with names like Praxis and Synsys, just waiting for an acquisition deal. Other companies known to work for the NSA include PricewaterhouseCoopers, the financial auditing company; BearingPoint, the Virginia consulting company; and US Investigations Services (USIS), a company owned for most of its existence by the powerful Carlyle Group. It does background checks on NSA employees and contractors.50

  There’s no such thing as a typical NSA contractor. But if you had to pick one, it might be SI International of McLean, Virginia, which runs some of the NSA’s support and management functions. SI is one of the fastest-growing IT companies working for the federal government, and in 2006 earned 48 percent of its $462 million in revenue from contracts with intelligence agencies. SI’s niche is advising intelligence and defense agencies on their acquisition and outsourcing strategies. It also helps intelligence agencies as they shift from proprietary “stovepipes” located within one agency to integrating their IT systems with sister agencies and the Pentagon’s evolving Global Information Grid, the Internet-like system described earlier that will link military commanders, war-fighters, and national collection agencies into a single classified network.

  In 2005, SI signed a three-year contract with the NSA to provide training in financial management, and in 2006 added a five-year $6.9 million task order to run the NSA’s human resources welcome center in Fort Meade. SI bought into many of these contracts by acquiring smaller companies holding specialized NSA contracts. Of particular importance was SI’s $30 million acquisition in 2004 of Bridge Technology Corporation, which had extensive contracts with defense intelligence agencies. Bridge “really gave us name-brand recognition within the Intelligence Community,” S. Bradford “Bud” Antle, SI’s president and CEO, told investors during a 2006 Washington conference on defense investing. “The IC wants other players. They get a bit in-bred because they have a set of contractors that are clean with capabilities they’ve known forever.” For that reason, agencies are pleased when they “see an acquisition like us buying Bridge.”

  Because of its high-visibility role as an adviser for the NSA, SI has filled its management team and board of directors with former high-ranking intelligence officials. Harry Gatanas, SI’s executive vice president for strategic programs, oversees the company’s business with the Pentagon and its intelligence agencies. He came to SI directly from the NSA, where, as we just saw, he was the agency’s senior acquisition executive and the contracting manager for Project Groundbreaker. Prior to coming to the NSA, Gatanas spent thirty years in military intelligence, where his duties included managing contracts for the Army.

  Outside of providing IT support, what contractors actually do for the NSA is shrouded in secrecy. Nearly all NSA contracts are classified, and companies that work for the agency are under strict orders not to divulge details of their operations to the public. Still, the details available in corporate literature and investor presentations can be quite revealing.

  ManTech International, for example, claims on its Web site and in SEC filings that it manages “real-time signal processing systems” for the NSA. ManTech’s work for the agency is managed by its Security and Mission Assurance division, which encompasses intelligence and operations, counterintelligence, information operations, and cyber-warfare, as well as “sources and methods protection planning.” Another Man-Tech specialty, much in demand at the NSA, is providing security for networks within the IC that are used to transmit and receive intelligence from other agencies. “For highly classified programs, including intelligence operations and military programs, we provide secrecy management and security infrastructure services,” ManTech states on the Web site, which features a photograph of a woman with her finger to her lips, presumably whispering “shh.” ManTech also assists the NSA in intercepting enemy communications, a job that entails working closely with NSA teams deployed overseas with the U.S. Army. “For example,” ManTech explains, “when an adversary of a customer implements a new communication technique or protocol, we provide rapid prototyping and re-engineering services, which enable our customers in the Intelligence Community to decipher and exploit the communications.”51

  (This work often places ManTech employees at risk. In 2006, three contractors working for ManTech lost their lives when the Air Afghanistan jet they were taking on their way to a mission crashed in the mountains, killing everyone aboard.)

  CACI International has designed an elaborate Web site to explain the services it provides in the area of signals intelligence. On one page, CACI boasts that it is a “dynamic provider of the nation’s SIGINT needs,” providing SIGINT services “ranging from concept development to system integration.” Most of its NSA work, I was told by industry executives familiar with CACI, is done through a subsidiary called CACI Technologies. In Iraq, units from this division have provided mobile, high-performance computers to support the NSA’s interception of signals emanating from enemy weapons systems, CACI officials told a Washington-area military forum in 2004. They also help the NSA download data about insurgent movements picked up by UAVs.52 That program is “effective, affordable, and deployable” and provides “an incredible amount of power down to the lowest echelon” of the Army, Jeffrey Posdamer, a senior manager at CACI Technologies, told the forum. The system can be used practically anywhere, and apparently has been deployed in Iraq. According to CACI’s chairman, Jack London, his company was instrumental in the joint tracking by the NSA and the NGA that resulted in the 2006 capture and execution of Abu Musab al-Zarqawi, the former commander of Al Qaeda in Iraq.

  London made that disclosure in a surprisingly informative interview with WMAL radio in Washington. In what may have been an unguarded moment, CACI’s CEO boasted of his company’s prowess in signals intelligence and explained how CACI helps the NSA and other agencies monitor Internet traffic and terrorist communications. Data mining—an important task for an agency that must sift through millions of bits of data every day—is “one of our specialties,” he said. He added that CACI does “forensic-type work” using information from “overhead imagery, communications satellites, and intercepts, pulling all these things together in a forensic way, playing the detective, if you will, and connecting the dots and being able to determine connections among organizations and among cells of people.”53 Under contract to the NSA, CACI appears to be spying on a global scale.

  So far, none of the NSA’s IT contractors have admitted their involvement in the agency’s domestic surveillance program, and for the most part congressional hearings on the NSA have avoided the subject of the NSA’s data mining exercises. One lawmaker, however, has pressed the issue: Senator Patrick Leahy, D-Vermont, chairman of the Senate Judiciary Committee, one of the few senators to be briefed on the NSA surveillance program before it became public knowledge. He first noted his concerns in a Washington speech to a conference on computers, freedom, and privacy on May 3, 2006, one week before USA Today broke the story that the major telecommunications companies had turned over their massive customer databases to the NSA.

  One of the potential dangers facing American democracy, Leahy said, is the “post-9/11 rise of partnerships between government and private data collectors, and the outsourcing of data banking and data mining functions that used to be handled by government agencies. This outsourcing already is blurring the few lines of privacy protection that once protected the public.” If these trends continue, he added, “then before too long we will tend to think of privacy as a quaint twentieth-century American v
alue that no longer applies to our everyday lives.”54

  In June 2007, Leahy, acting as the chairman of the Judiciary Committee, issued subpoenas to the White House for all documents addressing President Bush’s authorization for the warrantless electronic surveillance program. The subpoenas sought virtually all legal documents about the program, including documents describing agreements or understandings between the White House, the Department of Justice, and the NSA and “internet service providers, equipment manufacturers, or data processors regarding criminal or civil liability for assisting with or participating in the warrantless electronic surveillance program.”55

  Leahy was one of the few lawmakers who understood the critical role that IT companies play in the analysis of electronic intelligence.*

  In my reporting for this book, I broached the subject of NSA data mining to more than a dozen contracting executives. None would comment about Leahy’s concerns. But one executive, after making clear we were completely off the record, expressed deep regret about what the NSA’s warrantless surveillance program had done to the reputation of the Intelligence Community. Like many of the “seniors” in the industry, he had worked at the NSA and knows how stringent the FISA rules are. Since the 1970s, electronic surveillance has only been permissible for the purpose of collecting foreign intelligence on persons who are knowingly acting on behalf of a foreign power. To reinforce this rule, analysts who are listening to the content of telephone calls have always had large signs over their workspaces saying what to do when the subject is a “US Person”—a category that includes American citizens as well as foreigners residing in the United States. “They have it all worked out, and it works very nicely,” the contractor recalled, and therefore “there is absolutely no [expletive] need to stretch it as Bush and Cheney wanted to do.” If someone on the NSA floor sees something that may require a judgment on FISA, “the system is set up for instant approval virtually, and they never get turned down. So it’s just a crock to say that some bad guy is getting away” because of the FISA system. What “Bush did to the intelligence business set it back years in terms of reputation.”56

  If there’s one generalization to be made about the NSA’s outsourced IT programs, it is this: they haven’t worked very well, and some have been spectacular failures. We saw earlier that Project Groundbreaker, which involved the outsourcing of the NSA’s internal communications system, encountered mismanagement and cost overruns. But despite its problems, the project was renewed in 2007 for another three years. The NSA’s second experiment in outsourcing, Project Trailblazer, managed by SAIC, fared far worse: launched in 2001, it experienced hundreds of millions of dollars in cost overruns, and was canceled in 2005.

  In 2001, around the same time that Project Groundbreaker was transferring the first NSA employees to the Eagle Alliance, the NSA launched an extensive collaboration with the private sector to help the agency sift through the oceans of data flowing into headquarters from its SIGINT systems around the world. The idea behind Trailblazer was to replace the NSA’s Soviet-era eavesdropping technology, which was oriented around capturing communications beamed by radio waves, with software designed to capture communications traveling on cell phones, fiber optics, and across the Internet. At the time Trailblazer was conceived, the Baltimore Sun would report in 2006, the NSA was unable to analyze much of the information it was collecting and using “only blunt tools” based on the origin of a particular message or certain keywords as the basis for keeping or discarding its data.57 As a result, more than 90 percent of the information it was gathering was being discarded without being translated into a coherent and understandable format; only about 5 percent was translated from its digital form into text and then routed to the right division for analysis.

  The NSA wanted a system that would swiftly spot threatening messages amidst the millions of words and phrases flowing through the global communications systems and use computers to sort through the 130 languages used around the world. “How do you find the terrorist ordering a pizza, which is actually a signal for another 9/11?” a former senior intelligence official asked a reporter at the time. “It’s a daunting task.”58 The project was awarded in 2002 to SAIC, which led a team that included Northrop Grumman and Booz Allen Hamilton. “The SAIC team will provide and integrate commercial technologies proven to be scalable, agile, robust, secure, and interoperable to produce and deploy state-of-the-art solutions to challenges facing the NSA today and in the future,” the agency declared in a press release issued on September 19, 2002. “This contract is a continuation of NSA’s effort to transform its national security missions of providing foreign signals intelligence and protecting national security-related information systems using the innovation of industry partners.”59 The initial $300 million Trailblazer contract, said Hayden, the NSA’s director at the time, would “revolutionize how we produce SIGINT in a digital age.”60 Duane Andrews, SAIC’s corporate executive vice president, declared in a press release that SAIC “will continue to provide NSA with all the technology and systems support needed to help them achieve their goals.”61

  SAIC has somewhat of a symbiotic relationship with the NSA: the agency is the company’s largest single customer, and SAIC is the NSA’s largest contractor. SAIC’s penchant for hiring former intelligence officials played an important role in the company’s advancement. As we saw earlier, Andrews, who managed SAIC’s NSA programs for many years, had close ties with Vice President Cheney dating back to the first Gulf War, when he was an assistant secretary of defense in Cheney’s Pentagon. The story of William Black is another case in point. In 1997, Black, a forty-year veteran of the NSA, was hired as an SAIC vice president “for the sole purpose of soliciting NSA business,” according to a published account.62 Three years later, after the NSA initially funded Trailblazer, Black went back to the agency to manage the program; within a year, SAIC won the master contract for the program. Other key SAIC hires for its intelligence division include John Thomas, a retired army major general and commander of the U.S. Army Intelligence Center; Larry Cox, an eleven-year NSA veteran and former director of Lockheed Martin’s SIGINT division; and John J. Hamre, a former deputy secretary of defense in the Clinton administration.* Two former secretaries of defense, William Perry and Melvin Laird, as well as the current secretary, Bob Gates, have served on its board of directors.

  SAIC was chosen in part because, in the years leading up to 9/11, it had developed several key data mining products that were used extensively by the NSA and other agencies. One of them was a powerful program called TeraText, which was first developed in Australia. It supposedly can download millions of pages of texts from books, magazines, Web sites, and intercepted e-mails—in any language—and then sift through them at lightning speeds of two billion documents every four seconds—an amazing feat if it is true. According to Business 2.0 magazine, the program works by identifying patterns and relationships between names, terms, and ideas that “would take the human mind months to collate.”63 SAIC still won’t say if or how TeraText is used by U.S. intelligence, but the TeraText Web site claims that its products have been used for applications in military intelligence “with substantial return on investment,” and by the U.S. Department of Defense “to manage critical assets related to U.S. National Security.”64

  Another SAIC program, called Latent Semantic Indexing (LSI), was developed by SAIC’s Telcordia subsidiary.65 It uses artificial intelligence tools to search for abstract relationships in intercepted messages and public documents. Using LSI, Washington Technology reported in 2006, “intelligence and investigative agencies can discern meaning, pinpoint threats and suspicious activity, and disambiguate aliases, regardless of language.”66 A third program, called Pathfinder, is a Web-based software application used to sort rapidly through structured and unstructured data. According to SAIC’s Web site, it is used by the NSA, the Defense Intelligence Agency, the Office of Naval Intelligence, and Joint Task Force 7 and Joint Task Force 180, the unified U.S. military command
s in Iraq and Afghanistan. Among its uses, SAIC says, are terrorism link analysis, information warfare, financial investigations, and detection of money laundering, “and a host of other applications [that] make Pathfinder an indispensable part of any indications and warning or predictive intelligence operation.”67

  As envisioned, SAIC and its subcontractors would translate all digitized communications intercepted by the NSA into plain text or voice, and then run the information through the TeraText, LSI, and other data mining programs to search for possible terrorist connections and patterns. That data would then be stored in searchable databases and forwarded to the right desk at the NSA for appropriate analysis. But the program quickly ran into trouble. In December 2002, the House and Senate intelligence committees studying the failures that led up to 9/11 reported that, although Trailblazer was “frequently cited” as the solution to the NSA’s data management problems, “implementation of those solutions is three to five years away and confusion still exists as to what will actually be provided by the program.” The report was also scathing in its criticism of the NSA itself. The joint inquiry “found a high level of frustration among contractors who do business with the NSA.” Common themes included “extremely poor quality of solicitation packages and acquisition expertise and the inability of program managers to speak with consistency and authority on future contract opportunities.”68

  In April 2005, Hayden informed Congress that Trailblazer was several hundred million dollars over budget and months behind schedule. The NSA, Hayden said, had underestimated the costs by a long shot. “It was just far more difficult than anyone anticipated,” he told a Senate hearing.69 In May 2006, Newsweek’s investigative team looked into Trailblazer and concluded that the program “has produced nearly a billion dollars’ worth of junk hardware and software.”70 A few days later, Hayden was asked about that article during his confirmation hearing for CIA director. He argued that the NSA had overreached, and should have tried to bite off smaller pieces of the project one at a time. “We were throwing deep and we should have been throwing short passes,” he told Senator Ron Wyden. “A lot of the failure was, we were trying to do too much all at once. We should have been less grandiose, not gone for moon shots and been tighter in, more specific, looking at concrete results, closer in rather than overachieving by reaching too far.”