Spies for Hire
Page 35
But as Cheney, McConnell, and other top officials knew, the private sector’s partnership with the NSA extended far beyond providing the government with access to their switches to the global communications system. For instance, some telecom companies also took a proactive role in the NSA’s intelligence-gathering mission by expanding the universe of telephone calls and Internet traffic available to the agency. As mentioned earlier, one of the Times’s most important disclosures in 2005 was its discovery that the Bush administration, in order to “fully exploit” the technological capabilities of U.S. companies, had been quietly encouraging the telecommunications industry to increase the amount of international traffic it routed through American-based switches.6 This single action brought many more international calls under NSA scrutiny and made it possible for the agency to monitor thousands of cell phone and Internet exchanges it might have otherwise missed. In September 2007, in fact, Admiral McConnell told Congress that the routing switches controlled by U.S. companies were carrying more than half of the global communications scooped up by the NSA’s signals collection efforts. As a result, he argued, the NSA needed new FISA language lifting the requirement for FISA warrants on such traffic even when an American was at one end of the conversation. Without a change to FISA, the Intelligence Community would lose “50 percent of our ability to track, understand and know about these terrorists,” he warned.7 The Democratic-controlled Congress, concerned about its national security image, went along and, as we will see shortly, passed a temporary bill giving legal cover to the NSA’s new ability to listen in on foreign-to-foreign communications passing through the United States.
A second form of cooperation that few Americans are aware of concerns the role of the telecom giants as contractors for the Intelligence Community. As commercial communications and encryption technologies advanced in the years leading up to 2001, AT&T, Verizon, and the other major carriers were hired by the government to build classified communications networks for the NSA and the Pentagon. That alliance spawned new institutions where the government could carry out a dialogue with these companies. Many industry executives, for example, hold leading positions in a secretive agency called the National Security Telecommunications Advisory Committee, a group of business leaders who meet regularly with President Bush, Vice President Cheney, and senior officials in the Intelligence Community to discuss critical issues affecting the national telecommunications system.
Finally, underneath the NSA-telco partnership are dozens of intelligence contractors, including most of the companies identified so far in this book, that provide outsourced information technology and analytical services to the NSA to help the agency analyze the calls and e-mails scooped up by its global surveillance network and sift through telephone data and calling patterns for clues to terrorist plots and other threats to national security. In the preceding chapter we saw what a handful of intelligence pure plays are capable of doing for the NSA; add the large systems integrators such as SAIC and Booz Allen Hamilton to the mix, and the result is a surveillance and eavesdropping system without peer in the world today. That broad alliance between the NSA and the government on one hand and the telecommunications and IT industries on the other is the fundamental issue at stake in the national debate that erupted around FISA in 2007 and 2008. That debate was about far more than a few telecom companies cooperating with the government. As the Times concluded in December 2007, almost two years to the day after they broke the story about the NSA’s surveillance program, “At stake is the federal government’s extensive but uneasy partnership with industry to conduct a wide range of secret surveillance operations in fighting terrorism and crime.”8 That “uneasy partnership and its implications for civil liberties” is the focus of this chapter.
The U.S. telecommunications industry is the world’s largest and most advanced. It includes dozens of companies that compete with AT&T and Verizon for telephone and mobile services, as well as scores of Internet service providers such as Google, Yahoo!, and AOL that provide e-mail and Internet connections to customers around the world. Beneath them are the multinational conglomerates like Apollo, Flag Atlantic, and Global Crossing, which own and operate the global system of undersea fiber-optic cables that link the United States to the rest of the world. Any one of those companies and their U.S. subsidiaries could have been among the firms asked to cooperate with the NSA when President Bush issued his executive order authorizing surveillance without the FISA court’s approval in 2001.* The potential liability, in other words, is huge. “There’s a pretty broad-based group of companies that take communications from overseas and transit them back,” Albert Gidari, a partner in the Seattle law firm of Perkins Coie, whose clients include Google, Nextel Communications, and T-Mobile, told me. Although one company—Qwest Communications International—has admitted that it refused to go along with the NSA’s request, Gidari said it did not act alone. “The list of those who said no is much longer than most people think,” said Gidari, who was unwilling to provide further details.9
With the cooperation of a U.S. telecom provider, U.S. intelligence operatives could easily secure access to global transit traffic, Alan Mauldin, a senior research analyst with TeleGeography Research, a Washington firm that follows the global telecom industry, told me. “You could be inland, at an important city like New York or Washington, D.C., where networks interconnect, and you could have the ability to tap into the whole network for not only that city but between that city and the rest of the world,” he said.10 In addition, foreign-owned cable operators are required by U.S. law to maintain security offices manned by U.S. citizens at the landing sites in Oregon, Florida, New Jersey, and other states where fiber-optic cables come ashore.*
The NSA program that the Times unearthed in December 2005, however, was a small piece of a massive program by the NSA and the Intelligence Community. During the two years that followed the Times’s initial revelations, two more programs came to light, one involving telephone databanks, and the other a direct link between the NSA and private Internet communications. Together, these three programs would provide the NSA with enough data to track the calling and messaging patterns of virtually every American with access to a telephone and a modem. We outlined those programs in chapter 6. Let’s now study them in detail.
The databank program was disclosed by USA Today on May 11, 2006. It reported that the three largest U.S. telecommunications companies, AT&T, Verizon, and BellSouth (which has since merged with AT&T), turned over their vast customer call records to the NSA, allowing the agency to secretly collect information about “tens of millions of Americans” and store it for future analysis. That program reached “into homes and businesses across the nation by amassing information about the calls of ordinary Americans—most of whom aren’t suspected of any crime,” the newspaper said. USA Today concluded, based on interviews with industry officials, that the NSA’s goal was “to create a database of every call ever made” within the nation’s borders.11 Although customer names, street addresses, and other personal information were not handed over, its sources said, the phone numbers could “easily be cross-checked with other databases to obtain that information.”* After that story came out, I was told by a prominent industry consultant who founded one of the companies suspected of cooperating with the NSA that the NSA’s ability to tap into these databases was the most significant part of the NSA’s surveillance program. “These are the big market research databases,” said the consultant, who asked not to be identified. “It’s the scale and scope of this they don’t want to disclose. They’re looking at every single phone call record they can get their hands on for historical perspective, and looking for patterns and also in real time for intercepts.”12
Most of what we know about the NSA’s third program involving communications surveillance comes from Mark Klein, a former AT&T technician.13 In 2006, he filed a detailed affidavit to support a lawsuit filed against AT&T by the Electronic Frontier Foundation, a privacy and civil rights organization based
in San Francisco. At the time of 9/11, Klein was working in AT&T’s Internet operations center in downtown San Francisco, which was an important hub for the World Wide Web in the Bay Area. “My job required me to enable the physical connections between AT&T customers’ Internet communications and the National Security Agency’s illegal, wholesale copying machine for domestic emails, Internet phone conversations, web surfing and all other Internet traffic,” Klein told reporters during a press conference called by the foundation in November 2007 to oppose a bill before Congress backing retroactive immunity to the companies that cooperated with the NSA. “I have first-hand knowledge of the clandestine collaboration between one giant telecommunications company, AT&T, and the NSA to facilitate the most comprehensive illegal domestic spying program in history.”14 The NSA, Klein charged, “committed a massive violation not only of the law but of the Constitution. That’s not the way the Fourth Amendment is supposed to work.”15
Klein’s first inkling of NSA activity came during the summer of 2002, about nine months after the surveillance program began, when an NSA official visited AT&T’s offices in San Francisco. “What the heck is the NSA doing here?” Klein asked himself.16 Over the next month, he and other employees learned that AT&T had built a secure office for the NSA in Room 641A at 611 Folsom Street, the site of a key AT&T facility. At first, Klein thought the NSA’s secret room was linked to the Total Information Awareness project, the massive data mining effort started by the Pentagon shortly after 9/11. But he soon found out that the NSA project was much larger than even John Poindexter might have imagined.
In October 2002, Klein was shifted over to AT&T’s Folsom Street facility, where the NSA’s secret room was located. Klein assumed the agency was working out of the sixth floor, next to the telephone switching rooms where AT&T calls flowed through. To his surprise, the NSA operatives were on the seventh floor—right next to his Internet room. There, high-speed fiber-optic circuits were connected to AT&T’s World-Net Internet service, part of the company’s common backbone network. From documents that had been left in the room, Klein told Frontline, the investigative news show produced by the Public Broadcasting System, he learned that AT&T had allowed NSA to connect a splitter cable from those circuits and divert a duplicate stream of AT&T’s global Internet traffic to the secret room.
Klein also learned that the NSA analysts staffing the room were searching through the traffic with a Narus STA 6400, the most powerful piece of telecom and Internet monitoring equipment available on the world market. The Narus product can be programmed to identify and intercept voice or data communications between e-mail, telephone, or Internet addresses, and can track a communication’s origin and destination as well as its content.17 It is renowned in the industry for inspecting individual messages at extremely high rates of speed.18 By 2002, many telecom companies had chosen the equipment to comply with court-ordered surveillance orders from domestic law enforcement. “The kind of systems we have give you a global view of what’s happening on the Internet,” Ori Cohen, Narus’s founder and CEO, explained to Fortune. “They tell you who’s logging in, at what time, and what they’re doing online.”19*
Upon learning about the NSA’s use of the Narus equipment, Klein experienced a sudden flash of insight. The NSA, he realized, had managed to download massive numbers of e-mails, financial transactions, and other communications flowing around the world on the global telecom system. “It dawned on me sort of all at once, and I almost fell out of my chair,” he told Frontline. “My reaction was that from all the connections I saw, they were basically sweeping up, vacuum-cleaning the Internet through all the data, sweeping it all into this secret room. It was a government, many-tentacled operation to gather daily information on what everybody in the country is doing,” including Web surfing, e-mail, and bank transactions. Peering into that traffic, he said, “sort of opens a window into your entire private life.”20 In his November 2007 press conference, he released documents showing other companies whose traffic AT&T carried; among them were Global Crossing and UUNet, an Internet provider in Virginia now owned by Verizon. When he saw that list, said Klein, he “flipped out. They’re copying the whole Internet. There’s no selection going on here. Maybe they select out later, but at the point of handoff to the government, they get everything.”21 (AT&T never flatly denied Klein’s charges. In an appearance before the Ninth Circuit appeals court in San Francisco, however, AT&T attorney Michael Kellogg did his best to downplay the significance of Klein’s documents. “At best what those materials do is, they speculate about what a certain configuration of equipment would be capable of doing,” he said. “But they provide no indication of what is actually happening in the sealed room and what information is being turned over to the NSA as part of the alleged program.” The arguments in the Electronic Frontier Foundation’s case against AT&T were heard on August 15, 2007.)
Because the NSA programs are so highly classified, it’s impossible to know how the agency used the data it obtained from the wiretaps, telephone databases, and Internet surveillance. Close observers of the intelligence business, however, believe that the NSA did in fact gain access to huge streams of domestic telephone calls and Internet traffic and used that data as the starting point for a massive data mining operation. “If there’s one thing that Americans should know about this program, it’s how extensive it was,” says John Pike, who is one of the nation’s foremost experts on intelligence. “What is stated publicly is that they are only listening to phone conversations where there is a known or suspected terrorist at the other end of the conversation. That’s just not true. I think they’re listening to everybody.” By doing so, Pike says, the NSA and other counterterrorism agencies “are trying to detect thought crime; they are trying to detect pre-crime. They are attempting to disrupt. They’re taking all of this call data and combining it with discount cards and every damn thing under the sun to try to winnow it to see if they can detect evildoers.”22
The Bush administration has never admitted to such a broad policy. But former administration officials with close knowledge of intelligence operations in the aftermath of 9/11 have provided important clues about what the NSA was up to. In 2007, for example, John Yoo, one of the Department of Justice lawyers called upon by the White House to write the legal justifications for the Bush administration’s war policies, told Frontline that the guidelines for NSA surveillance were written in a way to gain access to the entire stream of telecommunications moving through the United States, as opposed to individual snippets of conversation. That “entire stream” was then analyzed for patterns and relationships that might indicate a terrorist plot in the making.
In the war on terror, “the hard thing for our side is to identify where in that stream of civilian, innocent communications Al Qaeda members are disguising their messages to one another, trying to intercept those and find out what they mean,” Yoo told Frontline interviewer Hedrick Smith.23 “And so the government had to figure out how to tap into Al Qaeda’s communications networks. We can’t say, well, that line is the devoted line for Osama bin Laden to talk to his lieutenants, or we know they use that frequency, because they use the Internet, and they use cell phones and telephone calls just like you and I do.” At that point, Smith, a former reporter with the New York Times, paused to ask: So does that mean that the government can “pull out the communications it wants, or does it have to have access to the entire flow?” Yoo was unequivocal: the government needed the entire flow.
“I think the government needs to have at least access to the flow; even if it was going to enforce a warrant, it has to [have] access to the flow,” he said. “There’s not like a single wire you could get a warrant for and tap. In order to get Internet messages, you have to be able to dip into the flow of communications, because Internet communications are broken up.” The same holds true for phone conversations. “What I think the government needs [is] to have access to international communication so it can try to find communications that are coming into th
e country where Al Qaeda is trying to send messages to the cell members in the country. In order to do this, it does have to have access to communication networks.” And here, Yoo said, is where the number crunching comes in. Humans can’t do the sifting alone: we “need to have computers to do it, where we have computers that are able to search through communications and are able to pluck out e-mails, phone calls that have a high likelihood of being terrorists’ communications.” What he was referring to were the dozens of companies that have been employed by the NSA and other government agencies to sift through the data collected from wiretaps and Internet surveillance.24
The NSA’s interest in such data was first disclosed in February 2006 when New York Times technology reporter John Markoff reported that a small group of NSA officials had “slipped into Silicon Valley” that winter to meet with various companies and venture capital funds. They carried with them a “wish list” of technologies they hoped to obtain, including “computerized systems that reveal connections between seemingly innocuous and related pieces of information.”25 A year and a half later, the Times reported that the now famous 2003 confrontation between the White House and John Ashcroft’s Justice Department over NSA operations involved the agency’s use of “computer searches through massive electronic databases” that contained the records of tens of thousands of domestic phone calls and e-mails.*