Spies for Hire
Page 36
We also know from press reports that the NSA passed on the information it gathered from its secret eavesdropping to the Defense Intelligence Agency, the FBI, the CIA, and the Department of Homeland Security.26 These agencies, according to the Washington Post, then “cross-checked” the NSA information “with tips and information collected in other databases.” Much of the DIA information, for example, was processed by the U.S. Northern Command, the domestic military command established in 2002. In some cases, DIA personnel inside the United States conducted physical surveillance of people or vehicles identified from NSA intercepts.27
That sharing would have greatly expanded the number of contractors with access to NSA data beyond the many companies—IBM, SAIC, CACI, and others—that were identified earlier as managing data for the NSA and the Intelligence Community. Consider, for example, the DIA bidding consortiums (also known as blanket purchase agreements) described in chapter 5. These consortiums, led by Booz Allen, CSC, Lockheed Martin, and other companies, are actually small armies of intelligence analysts that bid for work from the DIA, the NSA, and other intelligence agencies. The Booz Allen team was one of the largest, with ten thousand analysts holding top secret clearances, and was hired to conduct data mining and link analysis for both the NSA and the CIA, according to Booz Allen contract documents. It provides one example of how NSA data might have been used.
One member of the Booz Allen team, Attensity, was initially financed by In-Q-Tel. Its programs were particularly useful in analyzing text traffic for suspicious patterns, Attensity CEO Craig Norris told a reporter in 2006. For example, “if a terrorist is planning a bombing, they might say, ‘let’s have a barbecue,’” said Norris. “The software can detect if the word ‘barbecue’ is being used more than usual.”28 (In 2006, Attensity formed a partnership with IBM, an important NSA contractor, to “help mutual customers derive more value from the complex, heterogeneous information spread across their IT systems.”)29 Another company on the Booz Allen team, Visual Analytics Inc., provides a specialized program that searches telephone call and video records to expose “underlying patterns and behaviors pertaining to security-related areas,” according to its Web site. By obtaining this kind of intelligence, agencies can ensure that “decisive and pre-emptive actions can take place,” the company claims.30
Meanwhile, Northrop Grumman’s bidding consortium includes AT&T, ManTech International, and Cipher, which holds analysis contracts for the CIA’s Directorate of Operations. Computer Sciences Corporation, the prime contractor for the NSA’s Groundbreaker project to modernize the agency’s internal communications system, manages a consortium that includes NSA contractors CACI and L-3 Communications. Any one of these companies would have been well equipped to analyze NSA signals, domestic or international.
The relationship between the NSA and the telecom industry dates back to World War II, during a time when global communications was in its infancy. This was when “surveillance, conducted under the auspices of national security, became an instrument of political power,” Laura K. Donohue, a specialist on privacy laws at Stanford University, wrote in a 2006 study on government secrecy published by Northwestern University School of Law.31 One such program was Operation Shamrock, a domestic surveillance program that was first uncovered in 1975 by the Senate Select Committee to Study Governmental Operations with Respect to Intelligence Activities, chaired by Idaho Democrat Frank Church. Shamrock was put in place by the predecessor to the NSA, the U.S. Army Signal Security Agency. In 1945, with the assistance of Secretary of Defense James Forrestal and the blessing of President Harry Truman, the agency persuaded three companies—RCA Communications, Western Union, and ITT World Communications—to hand over to the government information on all incoming and outgoing international telephone calls and telegrams. After some initial reluctance by their chief executives, all of them agreed to participate in the program after receiving assurances they would be exempt from criminal liability or public exposure. At RCA, which provided the “most complete cooperation,”32 according to NSA historian James Bamford, the deal was simplified by the presence in the company’s management team of Sydney Sparks, a former director of the War Department’s Signal Center—an early example of the close ties that still exist between intelligence contractors, the telecommunications industry, and the government.33
By the 1970s, the NSA—which took over the spying operation in 1952—was selecting over 150, 000 messages a month for its analysts to read.34 In the 1960s, the communications companies had begun storing their cable traffic on magnetic tapes instead of hard copies. This development, said Bamford, allowed the NSA to make a “quantum leap forward in its ability to snoop.”35 Undeterred by the switch in technology, NSA couriers simply began picking up ten to twelve disks every morning in New York and transporting them by train or airplane to Fort Meade. There, the first Harvest computer so proudly displayed now at the NSA museum began what may have been the first use of data mining by the intelligence community.
“Once copied,” Bamford wrote in The Puzzle Palace, “the tapes would be run through Harvest, which could be programmed to ‘kick out’ any telegram containing a certain word, phrase, name, location, sender or addressee, or any combination. It might be a name from a watch list, any message containing the word demonstration, or any cable to or from the Israeli UN delegation. In microseconds the full text of any telegram containing selected material could be reproduced. America’s Black Chamber had suddenly gone from [Herbert O.] Yardley”—the U.S. spymaster who famously warned after World War I that “gentlemen don’t read other people’s mail”—“to [George] Orwell.”36
The NSA quickly put these early data mining skills to use in another top secret program, called Minaret. In this operation, the FBI submitted names of U.S. citizens it viewed as security risks to the NSA, which provided the FBI with intelligence gleaned from its Shamrock program. This, too, was an early example of the information sharing between intelligence and law enforcement that has become routine since 9/11. The lists began with leftists and businessmen who had dealings with Cuba, but over time snowballed into a massive surveillance program of antiwar and civil rights activists. Among those on the FBI/NSA watch lists at the time were Dr. Martin Luther King, Jr., Jane Fonda, Joan Baez, Dr. Benjamin Spock, and the Reverend Ralph Abernathy.
Minaret was first exposed by the Church Committee. A few weeks after the initial revelation, CIA director William Colby appeared before a House committee chaired by Otis Pike, D-New York, that was working in tandem with Senator Church. At this hearing, according to Bamford, Colby “let slip the first public acknowledgement of the NSA’s eavesdropping on international communications.”37 Minaret was subsequently killed by President Gerald R. Ford; but the companies that cooperated with the NSA weren’t identified until Representative Bella Abzug, the pugnacious feminist from New York, stepped into the picture. As the Democratic chairman of the House subcommittee on government information, she decided to do what her fellow Democrats later tried, unsuccessfully, in 2006—call the companies to hearings. In what Bamford called “an extraordinary and unprecedented expansion of the doctrine of executive privilege,” President Ford, under the advice of chief of staff Dick Cheney and Secretary of Defense Donald Rumsfeld, instructed the companies not to appear. But Abzug persevered, and the companies, starting with Western Union, made their way to Washington and the klieg lights of a House committee room. The vice president of Western Union turned over a list of NSA surveillance targets from the past eight years. The president of ITT World Communications testified in detail about how Shamrock worked. The corporate cat was finally out of the bag.
In 1976, Ford issued an executive order banning the NSA from intercepting domestic telephone calls and telegrams. Two years later, Congress passed FISA, the Foreign Intelligence Surveillance Act, limiting NSA to spying only on foreign powers or their agents, including groups “engaged in international terrorism or activities in preparation therefor.” To begin surveillance on a “U.S. Person,�
�� as American citizens and foreigners living in the United States are called by the Intelligence Community, the government is supposed to apply to the FISA court for approval. In 1994, Congress amended the FISA statute to allow for warrantless physical searches, not just electronic intercepts, if the government is targeting premises, information, material, or property “used exclusively by or under the open and exclusive control of, a foreign power or powers.”38 That same year, Congress passed the Communications Assistance for Law Enforcement Act, known as CALEA, which requires telecom companies to grant the government special access to their communications systems for legal surveillance. As with FISA, warrants are required.
The history of telecom cooperation with the NSA is a guide to how the NSA went about winning cooperation from the industry in 2001. During the 1940s, when telephone and telegraph companies began turning over their call and telegram records to the NSA, only one or two executives at each firm were in on the secret. Essentially, the government raised the issue of patriotism with them, and the companies went along. That kind of arrangement continued into the 1970s, and is likely how cooperation with the NSA works today. “Once the CEO approved, all the contacts” with the intelligence agencies “would be worked at a lower level,” Kenneth Bass, a former Justice Department official with the Carter administration, told me. “The telcos have been participating in surveillance activities for decades—pre-FISA, post-FISA—so it’s nothing new to them.” Bass, who helped craft the FISA law and worked with the NSA to implement it, added that he “would not be surprised at all” if cooperating executives received from the Bush administration “the same sort of briefing, but much more detailed and specific, that the FISA court got when [the surveillance] was first approved.”39
The Bush administration’s promises to the telcos were finally spelled out during a hearing on FISA before the Senate Judiciary Committee on October 31, 2007. Kenneth L. Wainstein, an assistant attorney general testifying in favor of legislation to grant immunity to the industry, told the committee that “there were letters that went out to these companies that said very forcefully this is being directed, this is directed by the president, and this has been deemed lawful at the very highest levels of the government.”40 Three months later, as the Senate was debating a new FISA bill, Senator Jay Rockefeller, the chairman of the Senate Intelligence Community, declared that the telecom companies deserved immunity because they had received explicit orders from the NSA to cooperate with the warrantless surveillance program. The companies, he told Politico, were “pushed by the government, compelled by the government, required by the government to do this.”41 (That prompted Glenn Greenwald, a prominent critic of the NSA spying program and the administration’s immunity bill, to respond in disgust. “Can someone please tell Jay Rockefeller that we don't actually live in a country where the President has the definitively dictatorial power to ‘compel’ and ‘require’ private actors to break the law by ‘ordering’ them to do so?” he wrote in his column for Salon. “Like all other lawbreakers, telecoms broke the law because they chose to, and profited greatly as a result.”)42
In any case, AT&T and Verizon (which acquired telecom giant MCI in 2005) have a lot to offer U.S. intelligence officials looking for cooperation. In 2001, when the NSA domestic spying program began, AT&T’s CEO was C. Michael Armstrong, the former CEO of Hughes Electronics Corporation, a major defense contractor. At the time, Armstrong was chairman of the Business Roundtable’s Security Task Force, where he was instrumental in creating CEO COM LINK, a secure telecommunications system that linked the chief executives of major U.S. corporations with the Department of Homeland Security and the White House.*
AT&T makes no bones about its national security work. When SBC was preparing to acquire the company in 2005, the two companies underscored their ties with U.S. intelligence in joint comments to the Federal Communications Commission. “AT&T’s support of the intelligence and defense communities includes the performance of various classified contracts,” the companies said, pointing out that AT&T “maintains special secure facilities for the performance of classified work and the safeguarding of classified information.”43 In another intelligence connection, David W. Dornan, who was AT&T’s chairman and CEO at the time of the SBC merger, once sat on SAIC’s board of directors, according to his official biography. Further signs of its role in U.S. intelligence are underscored by job placement ads placed by AT&T. In 2006, for example, AT&T was recruiting for “signals intelligence subject matter experts” with top secret clearances to work for the National Reconnaissance Office’s support team at the U.S. Central Command.
At the same time, AT&T is part of a Northrop Grumman team that bids for classified work with the Defense Intelligence Agency, the NSA, and other intelligence agencies. The company also has extensive contracts on its own with the DIA, including experience in something called Intelligence Campaign Planning. A DIA publication explains that discipline as developing the “synchronization and integration of all sources of intelligence and information to include those from DoD and non-DoD agencies, law enforcement and multinational partners.”44 AT&T, in other words, is playing a key role in managing the sharing of intelligence across agencies, a key focus for U.S. intelligence policy in the aftermath of 9/11. In 2005, AT&T’s Government Solutions unit announced that it had won a $14-million contract to provide engineering and installation work for the Pentagon’s Global Information Grid, the cornerstone of the military’s network centric warfare program; AT&T was a subcontractor to SAIC on the project.45
Verizon’s MCI unit is a major government contractor and was highly valued by Verizon in part because of its work in defense and intelligence. Nicholas Katzenbach, the former U.S. attorney general who was appointed chairman of MCI’s board after the spectacular collapse of its previous owner, WorldCom, reiterated MCI’s intelligence connections in a 2003 statement to the Senate Judiciary Committee. “We are especially proud,” he said, “of our role in supporting our national-security agencies infrastructure, and we are gratified by the many positive comments about our service from officials at the US Department of Defense and other national-security agencies.”46
Verizon’s general counsel—who would presumably have had a say in the company’s decision to cooperate with the NSA—is William Barr. He is a former assistant general counsel at the Central Intelligence Agency, and served as attorney general during the administration of former President George H. W. Bush. In 2007, he was the leading figure in a telecommunications industry lobbying campaign to persuade Congress to grant immunity to the companies that cooperated with the NSA (another key figure in the campaign was AT&T senior executive vice president James Cicconi, who was the deputy chief of staff for George H. W. Bush).47
Verizon is the only one of the major telecommunications companies to admit that it provided customer call records to the federal government. In October 2007, three Democratic lawmakers on the House Energy and Commerce Committee, led by their chairman, John Dingell, D-Michigan, asked the telecom providers for records on their compliance with emergency orders issued by the Bush administration. Two companies, AT&T and Qwest, refused to provide any records. “If such information were to exist,” Wayne Watts, AT&T’s senior executive vice president and general counsel, wrote, AT&T could not lawfully provide it because the federal government “has formally invoked the state secrets privilege to prevent AT&T from either confirming or denying certain facts about alleged intelligence operations and activities that are central to your inquiries.”48
But Verizon disclosed that it had responded 720 times between January 2005 and September 2007 to requests from the federal government for both phone data and Internet protocol records. Over that time, Verizon said it received 94, 000 “lawful requests and demands for customer information” from federal, state, and local officials, including about 36, 000 from the federal government.49 The most detailed requests, Verizon said, came from the FBI, which used administrative subpoenas and National Security Letters—which are con
troversial because they require no probable cause and little judicial oversight—to seek private information from the company.
Some of the FBI’s subpoenas and letters, Verizon said, contained “boilerplate” language directing the company to identify “calling circles” linked to certain telephone numbers “based on a two-generation community of interest” that would have given the FBI access to lists of Verizon customers and all the people they called. Those requests underscored the broad reach of telephone information that the government has been seeking since 9/11. This “community-of-interest data” is seen by the NSA and other agencies as critical to predicting and preventing terrorist attacks and is the first step in a key data mining technique known as link analysis. It can include analyses of which people suspects call most frequently, the time and length of their calls, and the geographic locations of the calling community.50 As we have seen, the NSA, through its Advanced Research and Development Activity, has been funding research into social network and link analyses for some time.
Like AT&T, Verizon refused to comment about its involvement in the NSA’s programs, telling the lawmakers that it had been informed by the Department of Justice that it “cannot confirm or deny Verizon’s role (if any)” in the “classified counter-terrorism programs allegedly instituted in the wake of the September 11 attacks.” But it explained that federal and state laws recognize that “criminals and terrorists may use our networks to discuss or implement their schemes and explicitly authorize Verizon”—through FISA and other statutory provisions—“to provide assistance to government entities in their law enforcement and counter-terrorism efforts.” Moreover, Verizon’s “business records may be of vital importance in investigations and in emergency situations to protect lives,” the company said. FISA orders seeking such records, it added, “are classified documents and as such would be delivered by the government to Verizon personnel holding appropriate security clearances,” and would contain “detailed and specific directions relating to the actions sought and their duration. Given their critical importance to national security, we would comply with such orders as expeditiously as possible.”51*