THE SHADOW FACTORY
The Ultra Secret NSA from 9/11 to the To The Eavesdropping on America
BY JAMES BAMFORD
Splitter
The Ultra Secret NSA from 9/11 to the To The Eavesdropping on America
BY JAMES BAMFORD
Splitter
In the old days of copper telephone wires, a basic tap consisted simply
of attaching a pair of alligator clips to a telephone wire. Through induction,
the clips pick up the conversations as they leak—or radiate—from
the copper wire. But with glass fibers there is no leakage and thus tapping
through induction is out. Instead, tapping into a fiber-optic cable literally
requires major surgery.
After the NSA proposed its warrant less eavesdropping scheme to
AT&T, the company’s AT&T Labs in New Jersey drew up a step-by-step
guide for the technicians who would carry out the task on the high-capacity
cables. Titled “Splitter Cut-In and Test Procedure” and dated January
13, 2003, it said, “This procedure covers the steps required to insert optical
splitter's into select live Common Backbone (C.B.B) [AT&T’s nationwide
system] O.C 3, O.C 12 and O.C 48 optical circuits.”
In preparing for the cut into the cable, the company took a number
of precautions in the event the “surgery” went badly. Instructions were
given to the technicians to begin the operation in the wee hours of the
morning, around two o’clock, when there is the least amount of traffic
moving through the cables.
Also, in the same way surgeons worry about patients losing too much
blood during an operation, the AT&T cable tappers were concerned that
the fibers would bleed too much light and thus they would lose their precious
signal—and with it millions of e-mails and other data. There was
no way to prevent some loss, but they needed to keep it below seven decibels—their unit of measurement—and preferably no more than six. As a
precaution, one technician would keep constant track of the decibel level
as the operation was taking place. Any significant decrease in the level
was to be reported immediately to nervous engineers at AT&T’s Network
Operations Center in Bridgeton, Missouri, which coordinated the technical
aspects of the program.
On the night of the operation, all went well inside the “splitter box.”
From the cut, mirror like images of the photons passing through the glass
fibers were redirected within the box onto a second cable. Once this was
completed, the signals then continued on to the World Net modems and
routers. From there, the e-mail and other messages reached their final
destination—and the businesswoman’s husband in Cincinnati read the
e-mail she had sent from Surabaya just moments before.
But the clone cable, with a duplicate copy of the woman’s e-mail, took
a different route. It descended one floor below to Room 641 A, a small
corner space on the sixth floor controlled not by AT&T, but by the NSA.
Hidden behind the heavily secured orange door was the agency’s warrant less
listening post. Labeled S.G 3 (short for the cover name, Study
Group 3), the 24-by-48-foot room was small and compact, like an electronic
nest. Entering through the white panels of the false ceiling were
clones of the cables containing the vast majority of all international and
domestic communications entering Folsom Street.
Lining three walls of the bugging room were racks of high-tech electronic
equipment. On one shelf sat several Juniper routers, including a
powerful M 40 e, used by Internet service providers to launch and manage
edge networks, and a Brocade Silk Worm 2800 switch for high-speed,
block-level access to e-mail servers and databases. There was a metadata
cabinet; another for network management; and seven Sun computers,
servers, and data storage devices. But the piece of equipment that most
concerned the AT&T technician Mark Kline was the Narus STA 6400.
In the summer of 2002, Kline had been assigned to the company’s
Geary Street facility in San Francisco. “I was sitting at my workstation
one day, and some e-mail came in,” he said. “I opened it up, and it was
just a notice saying that somebody from the National Security Agency,
NSA, was going to come visit for some business. They didn’t say what,
of course . . . That struck me as a little odd to begin with, because I remember
from back in the seventies, the NSA is not supposed to be doing domestic spying, so what were they doing in an AT&T company office?”
A few days later, the NSA employee turned up and Kline introduced him
to one of his colleagues, who was being processed for a Top Secret NSA
clearance.
Then in January 2003, he and several other employees toured the company’s
giant switch on Folsom Street. “There I saw a new room being
built adjacent to the 4ESS switch room where the public’s phone calls
are routed,” he said. “I learned that the person whom the NSA interviewed
for the secret job was the person working to install equipment in
this room.” Ten months later, Kline was transferred to the Folsom Street
switch, where he was put in charge of the World Net Internet room, one
floor above the secret NSA room. There, Kline took over responsibility
for installing new fiber-optic circuits and troubleshooting those already
in place.
“As soon as I saw the splitter,” Kline said, “I knew this was completely
unconstitutional and illegal because they were copying everything. I’m
a technician, I know what this equipment does, and I traced the cable.
This cable goes to that room, which we can’t go into; that’s a government
room. And I knew what was on that cable. The documents gave me the
list of sixteen entities whose data was being copied, and they were major
carriers, and not just AT&T, including major exchange points, like MAE
West. It was everything that went across the Internet then, which was Web
browsing and e-mail and VoIP calls. The circuits listed were the peering
links, which connect World Net with other networks and hence the whole
country, as well as the rest of the world.”
Kline also said that because they installed the taps in the AT&T facility
in downtown San Francisco rather than at the cable landing station, a key
target is domestic—not just international—traffic. “It struck me at the
time that from what I knew of the network, if you just wanted to get international
traffic, you would go to the cable stations and also the satellite
stations, and you get all the international traffic you want, without having
to mess it up with a whole bunch of domestic traffic that you would then
have to waste your time sifting out. And it struck me at the time that they
were putting this in places where they were bound to catch a lot of domestic
traffic . . . The implication is that they want domestic traffic.”
To Kline, there could be only one answer. “Based on my understanding
of the connections and equipment at issue,” he said, “it appears the NSA is capable of conducting what amounts to vacuum-cleaner surveillance
of all the data crossing the Internet—whether that be people’s e-mail,
Web surfing, or any other data . . . What I saw is that everything’s flowing
across the Internet to this government-controlled room. The physical apparatus
gives them everything. A lot of this was domestic.”
When Kline retired, he took with him a stack of internal AT&T papers.
“One of the documents listed the equipment installed in the secret room,”
he said, “and this list included a Narus STA 6400, which is a ‘Semantic
Traffic Analyzer.’ The Narus STA technology is known to be used particularly
by government intelligence agencies because of its ability to sift
through large amounts of data looking for pre-programmed targets.” Also
in the room was a Narus Logic Server.
Like much of the equipment used for bugging, the Narus hardware
and software was originally designed for a different purpose. With the
growth of the Internet and digital communications, data began flowing
over fiber-optic lines in “packets.” The only way a company can determine
exactly whom to bill for how much time is being used or how many
megabytes are being sent is to analyze those millions of packets as they
flow from the incoming cables to the routers at the speed of light. Thus,
as the e-mail from Surabaya zaps through the room and onto a Sprint
router, the Narus equipment can record its details—known as “metadata.”
With this information, AT&T can charge Sprint and Sprint is then reimbursed
by the subscriber in Cincinnati.
Following the attacks on 9/11, Narus began modifying its system and
selling it to intelligence agencies around the world, who used it not for
billing purposes but for mass surveillance. Their top-of-the-line product
became the secretive Narus Insight Intercept Suite, which the company
claims is “the leader in carrier-class security and traffic intelligence for
the world’s largest IP networks.”
The Intercept Suite, according to Narus, is “the industry’s only network
traffic intelligence system that supports real-time precision targeting,
capturing and reconstruction of web mail traffic. Narus technology
has long been recognized for its ability to identify and track almost all
network and application protocols across very large networks. Targeting
and capturing web mail traffic is a difficult challenge due to the proprietary
and frequent changing nature of web mail services being monitored.
The NarusInsight Intercept Suite (NIS) has solved this problem and is now capable of precision targeting, capturing and reconstructing numerous
aspects of web mail traffic including email, chat, calendaring, draft
folders, address books and much more. Traffic from all nodes and numerous
protocols can be reassembled and viewed from a single management
station or distributed across multiple stations. In addition, N.I.S supports a
large percentage of all web mail services, including Google Gmail, M.S.N
Hotmail, Yahoo! Mail, and Gawab Mail (English and Arabic versions).”
At the heart of the Intercept Suite is the Narus Insight computer, an
enormously powerful machine capable of scanning the fastest transmission
lines on the Internet, including O.C-192 cables that carry 10 gigabits
per second—10 billion bits of information per second. It can also carry
almost 130,000 simultaneous telephone calls. According to the company,
the Intercept Suite “uniquely provides insight into the entire network, ensuring
that all targeted data is captured regardless of the size, speed, or
asymmetric topology of the network. Any number of links, at any speed,
with any routing architecture, can be simultaneously monitored.” (Emphasis
in original.)
“Anything that comes through an Internet protocol network, we can
record,” boasts the company’s vice president of marketing, Steve Bannerman.
“We can reconstruct all of their e-mails along with attachments,
see what Web pages they clicked on, we can reconstruct their Voice over
Internet Protocol calls.” Adds company CEO Greg Oslan, “The latest
iteration of N.I.S follows a long line of powerful and unique products developed
by Narus and once again raises the bar, providing unparalleled
monitoring and intercept capabilities to service providers and government
organizations around the world.”
In its promotional literature to intelligence agencies, Narus claims it
has the ability to analyze an astronomical number of records. “Narus is
the recognized performance leader,” it says, “with production environments
exceeding 10 billion records per day, for global applications in
wireless, WiFi, prepaid, broadband, voice and data.”
To help ensure future contracts with the N.S.A, in September 2004 Narus
appointed William P. Crowell, a former deputy director of the agency,
to its board. Before becoming the agency’s top civilian, Crowell had
served as head of its signals intelligence operations. The Narus website
also sheds light on additional qualities unique to its product:
One distinctive capability that Narus is known for is its ability to
capture and collect data from the largest networks around the world.
To complement this capability, Narus provides analytics and reporting
products that have been deployed by its customers worldwide.
They involve powerful parsing algorithms, data aggregation and filtering
for delivery to various upstream and downstream operating
and support systems. They also involve correlation and association
of events collected from numerous sources, received in multiple formats,
over many protocols, and through different periods of time.
By placing the Narus equipment in the secret room at AT&T, the NSA
was spreading an electronic drift net across cyberspace. As data from the
cables raced by at mega-Gbps speed, packets containing target names,
addresses, key words, and phrases would be kicked out and forwarded
to the NSA for further analysis. Among those who understand Narus’s
capabilities, as well as its dangers, is Dr. Brian Reid, the former scientist
at Bell Labs, who also taught electrical engineering at Stanford and was
a member of the team that built the first Cisco router.
“The Narus box allows you to find what you’re looking for,” said Reid.
“It is a sifter—and its purpose is to winnow the information down to a
low enough rate that it could be pumped to the other end of the wire,
which we assume is the NSA. If they had enough capacity to deliver the
information from the place where it was wiretapped to the place they
were going to use it, they wouldn’t need the Narus. Its only purpose is
real-time sifting. And if you don’t filter, then you have an information
overload and you don’t know what to send. They needed the Narus to
know what to send. The Narus is an empty vessel waiting to be given
instructions, and the hardware is simply a large number of parallel filters
all of which can be programmed at once. It watches the data go by and
compares what it sees to whatever it’s been told to look for, and when it
sees a match it notifies its parent computer by saying ‘got one here,’ and
the parent computer responds by grabbing the thing it just got and sending
it over the wire. All that could be done remotely—there’s no need for
any human in that room.”
Reid added, “It looks at everything . . . Whatever question the NSA
is trying to answer, that determines what they put in there. And whether they put in key words or address partial matches—there’s no limit. You
can look for whatever you want. And the thing that’s great about the
Narus box is that it gives you the freedom to pattern match on anything.
So if you don’t want to do key words, if you want to do a mixture of IP
addresses and who’s your ISP and whether it contained the word ‘mother’
in all caps, it can do that too.”
Another expert familiar with Narus is J. Scott Marcus. One of the
country’s foremost experts on the Internet, from July 2001 to July 2005
he served as the senior adviser for Internet technology at the Federal
Communications Commission. He analyzed Kline’s documents and statement
as an expert witness for the Electronic Frontier Foundation in a suit
against AT&T over illegal surveillance. In his sworn declaration, he said
that “the Narus system is well suited to process huge volumes of data, including
user content, in real time. It is thus well suited to the capture and
analysis of large volumes of data for purposes of surveillance.”
Much of that “huge volume of data,” according to Kline, came from the interception of traffic from AT&T’s peering partners, such as Sprint and UUNET. And despite being turned down by Joe Nacchio, the NSA nevertheless got access to Qwest’s communications because of its peering relationship with AT&T. Qwest’s was among the cables placed through the “splitter box.” Just as the AT&T documents outlined in detail how to tap into the cables, they also described which peering links to target. They included ConXion, Verio, XO, Genuity, Qwest, PAIX, Allegiance, Abovenet, Global Crossing, C&W, UUNET, Level 3, Sprint, Telia, PSINet, and MAE West. “It’s not just WorldNet customers who are being spied on—it’s the entire Internet.”
Marcus, who holds a Top Secret clearance and has been a member of the FCC’s Homeland Security Policy Council, agreed that the peering companies were indeed a key NSA target. “All of the networks with which AT&T peered in San Francisco had their traffic intercepted,” he said, adding, “any AT&T peering partners whose traffic was not intercepted most likely were small networks that exchanged very little traffic with AT&T. The traffic intercepted at the facility probably represented a substantial fraction of AT&T’s total national peering traffic.”
Looking at the entire NSA setup, Marcus came away greatly concerned. He was especially surprised because it appeared that the system was not limited to international traffic but included all domestic U.S. communications as well—it all went into the secret room. The deployment, he said, “apparently involves considerably more locations than would be required to catch the majority of international traffic . . . This configuration appears to have the capability to enable surveillance and analysis of Internet content on a massive scale, including both overseas and purely domestic traffic . . . I conclude that AT&T has constructed an extensive— and expensive—collection of infrastructure that collectively has all the capability necessary to conduct large scale covert gathering of IP-based communications information, not only for communications to overseas locations, but for purely domestic communications as well.” (Emphasis in original.)
Secret cooperation with the telecom industry is only one method the NSA uses to penetrate the Internet and fiber-optic communications. Long before the warrant less eavesdropping program was inaugurated following the 9/11 attacks, the agency was covertly tapping into both. This was revealed in a highly classified closed-door discussion at the NSA on September 30, 1999, between the NSA deputy director for services Terry Thompson and members of the agency’s technical workforce. “The projections that we made five, six, eight years ago,” said Thompson in a videotape of the meeting obtained by the author, “about the increasing volumes of collection and what that’s going to mean for our analysts have all come true, thanks in large part to the work that you all and others have done. We’re much further ahead now in terms of being able to access and collect [Internet] network data, fiber optics, cellular data, all the different modalities of communications that we are targeting.”
One of the ways to covertly penetrate both the Internet and fiber-optic communications is to target their weakest point, the point where the systems interconnect—the routers. Literally the heart of the Internet, they are the specialized microcomputers that link two or more incompatible computer networks together. They also act as a sort of postal service, deciding where to route the various messages carried over the network. “Virtually all Internet traffic travels across the system of one company: Cisco Systems,” says a Cisco television ad. By discovering the weak spots and vulnerabilities in this “postal service,” the NSA has the ability to target and intercept much of the electronic mail.
Thus, as Thompson further explained at the 1999 meeting, one of the NSA’s goals should be to hire away, on a short-term basis, people from key companies such as Cisco. Having hired them, the agency could use their knowledge and expertise to “reverse engineer” the systems and find ways to install back doors. “I only need this person to do reverse engineering on Cisco routers,” he said, “for about three or five years, because I see Cisco going away as a key manufacturer for routers and so I don’t need that expertise. But I really need somebody today and for the next couple of years who knows Cisco routers inside and out and can help me understand how they’re being used in target networks.”
While there had always been movement back and forth between the NSA and the corporate world, for the most part agency officials considered the work too sensitive to hand out to contractors. But that changed in 2001 when Congress, worried that the NSA was falling far behind, insisted that the agency expand its domain to the private sector. In its budget authorization that year, the House Intelligence Committee listed fiber optic communications and the Internet as among the key problem areas facing the NSA and recommended more outsourcing to the corporate world. “During the 1980's budget increases,” said the committee, “NSA decided to build up its in-house government scientists and engineers and the agency now seems to believe that in-house talent can address the rapidly evolving signals environment better than outsiders can . . . The culture demanded compartmentation, valued hands-on technical work, and encouraged in-house prototyping. It placed little value on program management, contracting development work to industry, and the associated systems engineering skills.”
The committee decided it was time for a change. “Today, an entirely new orientation is required,” said the 2001 budget report. “The agency must rapidly enhance its program management and systems engineering skills and heed the dictates of these disciplines, including looking at options to contract out for these skills.” According to Mike Hayden, “The explosive growth of the global network and new technologies make our partnership with industry more vital to NSA’s success than ever before.” As a result, in a troubling change, much of the NSA’s highly sensitive eavesdropping has been outsourced to private firms in the same way it outsources copy machine repair.
Stretching out below N.B.P-1, hidden from the highway and surrounded by tall trees, National Business Park is a large compound of buildings owned by the NSA’s numerous high-tech contractors. The NSA’s problem is trying to keep up with the enormous volume of incoming information, including the warrant less monitoring, which, like any system when restraints are removed, tends to expand exponentially. N.B.P fills the need as a sort of private-sector NSA.
Among the companies with large, heavily protected buildings at N.B.P is Booz Allen with a 250,000-square-foot mausoleum. The company has long had very close ties to the NSA, especially since former director Mike McConnell left the agency in February 1996 to become a vice president and earn a $2-million-a-year salary. “At the National Business Park Campus, we apply Tomorrow’s Technology Today,” says the company’s website, to deliver “Signals Intelligence Solutions to the government and private sector.” Then, using head-hunting firms, it advertises for such positions as Internet eavesdroppers. One ad listed the job title as “Network Intelligence Analyst” and gave a description of the job:
• Provide network intelligence analysis support within multiple SIGINT development offices to high-profile government clients for a rapidly growing team.
• Provide wide range of network analysis, including basic research, protocol analysis, and network topology mapping of traffic through different layers of the OSI model and report the results of the analysis.
• Perform basic network and user discovery using various techniques, including domain name IP mapping, NS lookup, trace route analysis, and the analysis of network information, including operating systems and hosts from IP, TCP, and UDP headers.
Basic Qualifications:
• 3+ years of experience with intelligence analysis
• Knowledge of the T.C.P/I.P protocols
• Ability to perform basic protocol and network analyses
• TS/SCI clearance
Additional Qualifications:
• BA or BS degree in a related field
• Experience with advanced telecommunications, LAN, WAN, routers, data communications, and connectivity
• Experience with S.I.G.I.N.T and intelligence analysis
• Knowledge of data and telephony networking
• Knowledge of basic data flow, including the OSI model and router, hub, and switched communications
• Experience with UNIX, including writing and modifying scripts for text data manipulation
• Possession of excellent technical writing skills
Clearance:
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; TS/SCI clearance is required.
Another Booz Allen listing was for a “S.I.G.I.N.T Network Analyst” and described the duties as possibly including monitoring phone calls. The person selected, said the ad, would “evaluate and analyze complex data and telecommunications networks within S.I.G.I.N.T offices for high-profile government clients.” It’s a competitive field. S.A.I.C also advertises for network intelligence analysts, and another firm, SPARTA, was looking for a “Digital Network Intelligence Analyst . . . to pursue access and exploitation of targets of interest.”
Making up the surveillance-industrial empire are both high-profile Wall Street giants and little-known industrial park dwarfs. What they have in common is great profits from the NSA’s very deep pockets—more than ever since the start of the post-9/11 eavesdropping boom. By 2007, excluding the military, the intelligence community’s budget was $43.5 billion, about a third larger than during the pre-9/11 years. Adding in the military and tactical intelligence budget brought the total to about $60 billion. [Those numbers are mind bending when you factor in just what the hell it does for the people...NOTHING...yet we pay for it,and it all goes to a small group of good for nothings D.C]
With the billions pouring in, Hayden launched the largest recruiting drive in the agency’s history. In 2003, the agency’s recruiters logged more than 290,000 miles on 268 recruiting trips to 102 schools in forty four states and one territory. The efforts produced 820 new employees in 2002, another 1,125 in 2003, and 1,500 in 2004. By 2008, 40 percent of the NSA’s workforce had been hired since 2001.
At the same time Hayden was building his empire within Fort Meade, he was also creating a shadow NSA: of the $60 billion going to the intelligence community, most of it—about $42 billion, an enormous 70 percent— was going to outside contractors. To some inside the agency, it seemed that any idea, no matter how pie-in-the-sky, regardless of its impracticality in the real world, got funded. The numbers told the story. In October 2001, the NSA had 55 contracts let out to 144 contractors. But by October 2005, the agency had 7,197 contracts and 4,388 active contractors.
Quick to get their share were the usual wingtip Goliaths, Booz Allen, L-3 Communications, Lockheed Martin, S.A.I.C, and Northrop Grumman. Once focused primarily on management strategy for corporate boardrooms in Manhattan skyscrapers, Booz Allen realized that as the government slimmed down, they had a great opportunity to fatten up. Thus, in 1992 they moved their headquarters to Tysons Corner, Virginia. Now more than half of the company’s $4 billion a year comes from the U.S. Treasury. And since 2000, Booz Allen’s revenue has doubled. It is also the size of a city; in 2007 the company planned to increase its workforce of eighteen thousand by another four thousand. Among the surveillance projects in which the company has been heavily involved was John Poindexter’s Total Information Awareness program.
Like the military-industrial complex warned of by President Dwight D. Eisenhower, the surveillance-industrial complex that has grown up since 2001 is a cozy club made up of business executives with close, expensive contractual ties to the NSA. A quick-turning revolving door allows frequent movement between the agency and industry as senior officials trade their blue NSA badges for green badges worn by contractors. As with Booz Allen, many firms have discovered that the fastest way into the NSA’s cipher-locked door is by hiring a former director or other top executive.
Thus SPARTA hired Maureen Baginski, the NSA’s powerful signals
intelligence director, in October 2006 as president of its National Security
Systems Sector. Applied Signal Technology put John P. Devine, the
agency’s former deputy director for technology and systems, on its board
of directors. Likewise, T.R.W hired the former NSA director William
Studeman, a retired navy admiral, to be vice president and deputy general
manager for intelligence programs. Cylink, a major company involved
in encryption products, hired McConnell’s former deputy director, William
P. Crowell, as vice president. Crowell had been through the revolving
door before, going from a senior executive position at the NSA to a
vice presidency at Atlantic Aerospace Electronics Corporation, an agency
contractor, and back to the NSA as chief of staff. Another deputy director
of the agency, Charles R. Lord, left the NSA and immediately became a
vice president at E Systems, one of the NSA’s biggest contractors.
With about forty-four thousand employees each, S.A.I.C and NSA are both heavyweights, and they have a decidedly incestuous relationship. After first installing the former NSA director Bobby Inman on its board, S.A.I.C then hired top agency official William B. Black Jr. as a vice president following his retirement in 1997. Then Mike Hayden hired him back to be the agency’s deputy director in 2000. Two years later S.A.I.C won the $280 million Trailblazer contract to help develop the agency’s next generation eavesdropping architecture, which Black managed. Another official spinning back and forth between the company and the agency was Samuel S. Visner. From 1997 to 2001 he was S.A.I.C’s vice president for corporate development. He then moved to Fort Meade as the NSA’s chief of signals intelligence programs and two years later returned as a senior vice president and director of S.A.I.C’s strategic planning and business development within the company’s intelligence group.
For many years, the surveillance-industrial complex was managed
from a white two-story office building at 141 National Business Park, just
down the street from the NSA’s N.B.P 1. Behind the double doors to Suite
112 was a little-known organization called the Security Affairs Support
Association (S.A.S.A), which, since its founding in 1980, had served as the
bridge between the intelligence and industrial communities. From 1999
to 2002, S.A.S.A’s president was Lieutenant General Kenneth A. Minihan,
who retired as director of the NSA in 1999. Its executive vice president
for many years was retired air force major general John E. Morrison Jr., a
former head of operations at the NSA and long one of the most respected
people in the intelligence community.
In 2003, with an influx of money as a result of the post-9/11 intelligence boom, the organization changed its name to the Intelligence and National Security Alliance (I.N.S.A). It also moved closer to the centers of power, establishing itself in a nondescript building in Ballston, a nexus between the intelligence agencies, the Pentagon, and the contractors. Once a year, first as S.A.S.A and now as I.N.S.A, the organization holds the spy world’s equivalent of the Oscars when it hosts the William Oscar Baker Award Dinner. The gala black-tie event attracts the Who’s Who of both the intelligence community and the contractors seeking their money. “The effectiveness of the U.S. intelligence and national security communities depends on strong relationships within the industry,” said the former NSA director McConnell, a member of S.A.S.A and then chairman of I.N.S.A before being named director of national intelligence.
For decades, the local business community viewed the NSA mostly with suspicion. It was a secretive Goliath that ate up a great deal of electricity but mostly kept to itself. But following the 9/11 attacks and Hayden’s wild spending spree, the county quickly saw dollar signs and wanted to get in on the action. With Hayden’s blessing and encouragement, county officials and local business leaders got together to create an industrial “incubator” for the agency called the Chesapeake Innovation Center. The idea was to establish a county-funded magnet that would attract scores of high-tech start-up firms seeking to invent a better signal trap and then sell it to the NSA. A brochure created by the C.I.C to attract the companies pointed out that wiretapping was the wave of the future. “Wiretapping activity—the capturing of communications made by suspected terrorists or criminals,” said the glossy twenty-three-page booklet, “will grow 20–25% per year as new high-speed data and packet-based networks generate incremental demand for wiretapping software. This market is at historically high levels.”
Excited local business leaders soon began hoping the center might be a way to turn the Baltimore–Washington corridor into the Silicon Valley of eavesdroppers. “Tech leaders want NSA to become Greater Baltimore’s National Institutes of Health,” gushed one article, “a government research facility that fuels the formation of a critical mass of high-tech companies, much the way NIH played a big role in spawning Montgomery County’s bio-science cluster . . NSA riches are flowing to local firms. Columbia’s Raba Technologies landed a contract in August potentially worth $100 million for signals intelligence work.” One local businessman boasted, “We’re just scratching the surface with NSA.”
The Fort Meade area had become a Klondike for data miners. But like many promising mines during the Gold Rush, the C.I.C incubator, housed in a pricey, brick-and-glass building at 175 Admiral Cochrane Drive in Annapolis, came up largely empty. The facility quickly began filling its twenty-seven thousand square feet of floor space but few tenants had anything useful to sell. The first year the incubator lost $60,000, the second $457,000, and the third between $150,000 and $200,000. By 2007, the C.I.C was forced to collapse its organization to one-fifth its original size, reducing its floor space to just 5,400 square feet.
The problems that led to 9/11, however, were never a lack of money or technology. During the late 1990's, on Hayden’s watch, there were few targets as important as the Yemen ops center. It was known to be connected to both the African embassy bombings and the U.S.S Cole attacks as well as serving as bin Laden’s communications hub—with hundreds of calls to him and from him. Yet for nearly a year the agency intercepted phone calls between the house in Yemen and the suspected terrorists in San Diego without ever discovering their city code or even country code. With an annual pre-9/11 budget of more than $4 billion a year, and a constellation of satellites and listening posts around the world, obtaining that metadata should have been well within the agency’s capabilities. If it wasn’t, there was something seriously wrong with the agency.
By late 2003, many in the Republican Congress began seeing Hayden’s bills and were stunned at the number of zeros before the decimal points. Few had ever witnessed such reckless spending with so little to show for it. Thus, in a highly unusual move, they snatched away his checkbook and credit cards, stripping him of his acquisition authority. From then on, if the agency needed new pencils, he would have to requisition them from Pentagon auditors with green eye shades and the key to the cash box. “We want to make sure that taxpayers get the intelligence systems that are needed at the best possible cost,” said a spokesman for Senator John W. Warner, the Virginia Republican who headed the Senate Armed Services Committee, which led the push for the legislation. “Speed is important, but getting the right systems at the right cost is just as important, and they are not mutually exclusive.” It was a rebuke to Hayden, but his career still seemed headed straight up.
As the founder of S.A.S.A, sixty-five-year-old Leonard Moodispaw might
be considered the father of the surveillance-industrial complex. Tall and
balding with rimless glasses and a white mustache, the thirteen-year NSA
veteran was the CEO of Essex Corporation, one of the many secretive
NSA contractors at N.B.P whose profits had exploded since the start of the
warrant less eavesdropping program. A key reason was Essex’s specialty:
fiber optics. Moodispaw has a hearty laugh and a penchant for loud floral
prints. He does not fit the bland stereotype of an electronic eavesdropper;
a self-proclaimed Jimmy Buffett “Parrothead,” he has stuffed parrots
hanging from the ceiling in his lobby and calls himself a “flaming liberal.”
“I refuse to use Reagan’s name unless I’m throwing up,” he says. And
he’s not too fond of George W. Bush either. “The Bush administration is
a very vindictive organization,” he scowls.
First established in 1969, Essex spent its first several decades engaged in human factors research—exploring the pros and cons of such things as a third rear stoplight on automobiles. But sales were slow and the outlook grim—until the company hired Moodispaw, who brought in others from the agency and placed the company inside the NSA’s rarefied orbit. In 2000 Moodispaw was named CEO and the next year the company’s profits were soaring past 400 percent. One of thousands of companies on the NSA’s contractor base, Essex was among the elite 30 percent who were regularly awarded competition-free no-bid contracts. Also like many of the others, Essex was the NSA in microcosm. Its name was virtually unknown beyond the secret city and its N.B.P suburb; most employees had super high NSA clearances and lived in Laurel or one of the surrounding towns; and its office was a high-security S.C.I.F.
In contrast to Booz Allen and the other giants in the N.B.P, Essex was
representative of the many smaller companies that also populated the office
park. Rather than the thousands of contracts with the agency that a
company like S.A.I.C might have, the small firms would have maybe a
dozen, and they would usually be narrowly focused. Also, many of the
smaller NSA contractors tended to be made up largely of former NSA
employees. At Essex, for example, James J. Devine, the executive vice
president, was formerly the NSA’s deputy director for support services,
and his predecessor, Stephen E. Tate, was chief of the NSA’s Strategic
Directions Team. Terry Turpin, the company’s chief technology officer,
had headed the agency’s advanced processing technologies division, and
the former NSA director Ken Minihan serves as adviser to the company.
While the company had a seven-thousand-square-foot office at N.B.P, its main laboratory was a few miles away in the company’s large S.C.I.F. There, a key focus was developing ways to pack ever more data into cables—phone calls, Internet packets, and imagery—without expanding their physical size. At the same time, because of the sensitivity of the information, a way had to be found to scramble the photons with an all-optical encryption device. Such technologies are essential for the NSA to securely transfer massive volumes of data from the point of collection to the point of analysis. One system Essex was working on was hyper fine W.D.M technology. According to Chris Donaghey, an analyst with SunTrust Robinson Humphrey, “At its most promising, Essex’s optical networking capability can improve the current amount of data on a fiber-optic cable by a factor of one thousand.” The company’s first patent for the technology, awarded on August 19, 2003, was intriguingly titled “Optical Tapped Delay Line.”
Once the mega-volumes of data are transmitted through the cable, the NSA has to find ways to process it. For that, Essex was exploring a variety of optical signal-processing techniques—a method that actually dates back to Bletchley Park in England during World War II. British code breakers used optical signal processing to solve the enormously complex German cipher machine called Enigma. Today, it allows the NSA to process mountains of information at mind-numbing speeds.
Like most anything else in the arcane world of the supercomputer, optical signal processing has its own unique unit of measurement when it comes to speed. It is known as a “flop,” for floating point operations per second. Thus, where it may take the average person several minutes to calculate with a pencil the correct answer to a single multiplication problem, such as 0.0572 X 8762639.8765, supercomputers are measured by how many times per second they can solve such problems. If it takes a second to come up with the answer, including where to place the “floating” decimal point, then the computer would be said to be operating at one flop per second. A teraflop is a trillion operations a second.
On a bench in Essex’s lab was a 10-teraflop processor about the size of a standard desktop. It ran, however, about ten thousand times faster, at ten trillion operations a second. “We’ve developed a very sophisticated test called the ‘holy shit test,’ ” said Moodispaw. “One day we had three different sets of government customers come in to see what we could do. They all said, ‘Holy shit, you can do that?’ We’re getting results nobody else can on the technology side.”
Eavesdropping has become one of the hottest sectors in the marketplace.
By 2005, Essex’s revenue shot up to $159.8 million, more than
double that of the previous year and nearly ten times that of 2003. Profit
grew even faster, rising to $8.6 million from $2.3 million in 2004. As the
company skyrocketed, picking up another $47 million top-secret contract
from the NSA, Moodispaw took the company public and moved it into
a new thirty-nine-thousand-square-foot headquarters in Columbia and a
year later added another twenty-five thousand square feet. Like Pac-Man,
he also began gobbling up other smaller NSA contractors, such as Sensys
Development Laboratories Inc. and Windermere, whose CEO was
another former NSA deputy director, Raymond Tate. Then there were more acquisitions, including Adaptive Optics in Cambridge, Massachusetts,
for $40.3 million.
By 2006, Moodispaw’s once tiny company had gone from fewer than fifty people in 1969 to nearly a thousand employees, with revenue projections of $250 million to $260 million. It had become the fifth-fastest growing company in the Baltimore region, and the surveillance-industrial complex continued to sizzle with no end in sight. Finally ripe for the plucking, Essex itself was purchased at the premium price of $580 million by Northrop Grumman, one of the giants in the surveillance world. “For our shareholders,” said Moodispaw at the end of his short but very profitable ride, “we have increased the enterprise value of the company from less than $20 million in 2000 to approximately $580 million under the proposed acquisition.” It was a price Northrop Grumman could easily afford; a month before its announcement, in October 2006, the NSA awarded the company a $220 million contract for a massive, new advanced information management and data storage system. At the N.B.P, as champagne corks flew in both neighboring companies, the business of tapping had become one of America’s leading growth industries.
There was no celebration on the other side of the continent, however. As Mark Kline studied his schematics of the peering connections, and the splitter cabinet, and the cloned cable, and the secret room, he had one more shock coming. “I was talking to a technician on the phone back east,” he said, “and I was trying to troubleshoot a problem because I couldn’t get the splitter to work right. This technician tells me, ‘Oh, yeah, we’re having the same problem with the splitters going into other offices.’ My hair just stood on end when the person said that. And I said, ‘Other offices?’ And she said, ‘Yeah, in Seattle and San Diego and Los Angeles and San Jose,’ all having the same problem . . . From all the connections I saw, they were basically sweeping up, vacuum-cleaning the Internet through all the data, sweeping it all into this secret room . . . It’s the sort of thing that very intrusive, repressive governments would do, finding out about everybody’s personal data without a warrant. I knew right away that this was illegal and unconstitutional, and yet they were doing it.”
The problem for Hayden was that although the people he was targeting
were foreigners in a foreign country communicating with foreigners in
another foreign country, because the signal was on a cable—a wire—the
F.I.S.A court consistently ruled that he must first obtain a warrant. “The
issue was international communications are on a wire,” said Director of
National Intelligence Mike McConnell, “so all of a sudden we were in a
position, because of the wording in the law, that we had to have a warrant
to do that . . . Now if it were wireless, we would not be required to get a
warrant . . . We haven’t done that in wireless [satellite communications]
for years.” He added, “If Osama bin Laden in Pakistan called somebody
in Singapore, and it passed through the United States, they had to have a
warrant.” Indeed, today most domestic and international communications at one point pass through a wire, such as a buried or undersea fiber-optic
cable.
McConnell gave a preview of the cumbersome process now required
when foreign-to-foreign communication is intercepted over a cable. “It
takes about two hundred man-hours to do one telephone number,” he said.
“Think about it from the judges’ standpoint. ‘Well, is this foreign intelligence?
Well, how do you know it’s foreign intelligence? Well, what does
Abdul calling Mohammed mean, and how do I interpret that?’ So, it’s a
very complex process. And now you’ve got to write it all up and it goes
through the signature process, take it through the Justice Department, and
take it down to the FISA court. So all that process is about two hundred
man-hours for one number.”
One example might be a person in Tokyo sending an e-mail at three in
the afternoon to someone in Beijing—a very busy, and expensive, time
for the message to pass through an Asian switch. As a result, the ISP
in Tokyo might instead automatically route all messages to Beijing at
that hour via AT&T’s WorldNet switch in San Francisco, or one of its
peering partners there. At ten in the evening West Coast time, the communications
traffic in San Francisco would be greatly reduced, and thus
lessen the chance for a delay. Also, the off-peak time would provide a
significant price break. Because the communications travel at the speed
of light, and since both Japan–U.S. and China–U.S. fiber-optic cables
pass through the San Luis Obispo landing station, there would be no time
delay caused by the extra ten thousand or so miles.
The same principle would be true for European and Middle Eastern communications connecting through U.S. East Coast switches. A call from Yemen to Pakistan might pass through MAE East in Virginia or the 60 Broad Street “carrier hotel” in New York City. A call from Madrid to Beijing might also transit both MAE East and MAE West as it crosses North America. Cost has always been a factor helping the NSA in this regard. Pricing models, established by the International Telecommunications Union, have largely remained unchanged since they were established over a century ago. Based on those tariffs, smaller, less developed countries charge more to accept calls than U.S.-based carriers, providing a cost incentive to route phone calls through the U.S. rather than directly to a nearby country.
Another incentive for the NSA is America’s advanced telecommunications infrastructure. According to Ethan Zuckerman, a computer expert at Harvard’s Berkman Center who has spent a great deal of time working on technology issues in Africa, a large share of even local intra-African communications passes through U.S. switches due to the lack of local I.S.P's. “Because the Internet access terminates on a different continent,” he said, “it’s likely that two people in the same African city communicating via e-mail are routing their packets through the U.S., traveling tens of thousands of kilometers out of the way to have a chat across town.” McConnell, pleased to see America become the world’s switchboard, agreed. “Today a single communication can transit the world even if the two people communicating are only a few miles apart,” he said. That may be true even if the two people are in the same city in the U.S., according to the former NSA deputy director Bill Crowell. “I have seen a communication that went from Memphis to Pakistan to Japan to whatever in order to get to another phone in Memphis,” he said.
Like those from Africa, nearly all Latin American communications, internal and external, pass through a U.S. hub. It’s a phenomenon with which Alan Mauldin, a researcher for the firm TeleGeography, which tracks global Internet traffic, is very familiar. “The U.S. does continue to play a major role in connecting the regions of the world together,” he said. “For example, Internet traffic going between Latin America and Asia or Latin America and Europe is entirely routed through the U.S.” Mauldin said that in 2005, an estimated 94 percent of that “interregional” traffic passed through U.S. switches. “Basically they backhaul to the United States, do the switch, and haul it back down since it’s cheaper than crossing their international borders,” said Bill Manning, a member of the research staff at USC’s Information Sciences Institute and managing partner of ep.net.
That Latin American traffic—millions of calls and e-mails an hour—is funneled through a single building at 50 N.E. Ninth Street in Miami. Occupying an entire square block on the edge of the downtown area, the pastel-colored six-story structure bears no signs, no name, and no windows—just painted facsimiles. On its roof are three massive satellite dishes hidden in golf-ball-like white radomes. A 750,000-square-foot telecom fortress, it has seven-inch-thick, steel-reinforced concrete walls, numerous hidden cameras, and biometric-controlled security portals. The building was even designed to withstand a Category 5 hurricane, with nineteen million pounds of concrete roof ballast. From the outside, it could easily be mistaken for an NSA building at Fort Meade.
Known as the “NAP [National Access Point] of the Americas,” like MAE East and MAE West it is one of the country’s major Internet Exchange Points. According to Norm Laudermilch, one of the executives of Terremark, which owns the facility, “about 90 percent of the traffic between North and South America goes through our facility in Miami.” The building also serves as a crossroads for communications heading for Europe and beyond. “Switching the majority of South America, Central America and the Caribbean’s layer-1, layer-2 and layer-3 traffic bound to more than 148 countries in the world,” says its sales literature, “makes the NAP of the Americas the unrivaled gateway to the Americas.”
From cities and towns throughout Latin America, the calls and Internet traffic are funneled to landing stations linked to South America Crossing (SAC), a large cable that circles the continent and is owned by Global Crossing. At Hamm’s Bay, St. Croix, in the U.S. Virgin Islands, SAC feeds all this data into another of the company’s cables, Mid-Atlantic Crossing (MAC), which serves Central America and the Caribbean. After coming ashore at a landing station in Hollywood, Florida, one branch continues on to New York and then Europe. The other travels underground from the beach in Hollywood to the NAP of the Americas building in Miami, where Global Crossing is colocated. Thus, with a setup similar to San Francisco’s in place at NAP of the Americas, the NSA would have access to virtually all communications in South America, Central America, and the Caribbean, internal and external—one-stop shopping.
The actual setup of the interception would be easy since under an agreement with the government, Global Crossing was forced to engineer its facility to be surveillance friendly—readily accessible to federal eavesdropping operations. Known as a “Network Security Agreement,” required in order for the company to obtain its landing license, Global Crossing promised to provide a capability at its location “from which Electronic Surveillance can be conducted pursuant to Lawful U.S. Process.” The company also agreed to “provide technical or other assistance to facilitate such Electronic Surveillance” to, among other organizations, the Defense Department, the NSA’s parent.
The agreement took advantage of a federal statute passed in 1994 known as C.A.L.E.A—the Communications Assistance for Law Enforcement Act. The law requires communications companies to engineer their facilities so that their network can easily be monitored. It even requires the company to install the eavesdropping devices themselves if necessary, and then never reveal their existence. According to the statute, the government is required to first provide a warrant from a federal judge—one from the F.I.S.A court, for example. But under the Bush administration’s warrant less surveillance program, they presumably could simply order the company to comply.
With its virtual alligator clips secure on the great American trunk line, by 2002 the NSA was ingesting about 650 million intercepts a day— voice and data—the same as the number of pieces of mail delivered every day across the country by the U.S. Postal Service.
But now that at least 80 to 90 percent of communications were transiting the seabed instead of outer space, Echelon needed to be completely revamped. Each member had to work out a secret arrangement with its respective cable companies, secret rooms had to be built, cables needed to be spliced into, data had to be back hauled to analysis centers, and faster processing facilities had to be constructed. In addition, because some of the critical connections were beyond reach of the members—no longer could they just plant a dish on a remote island—new secret partnerships had to be worked out with countries along cable routes.
In countries where no cooperation could be obtained, the NSA or one of its partners would have to surreptitiously recruit someone at a telecom switch to install a bug, or, as a last resort, attempt to physically tap the fiber-optic cable itself. “The best way to do it is to get in the switching station on the land. Find out where they are, bribe whoever you have to bribe, get access,” said one knowledgeable intelligence official. One key problem when tapping any cable, he said, is not knowing what’s going over it until going to all the trouble of gaining access to it. “Sometimes we don’t know what’s on them, we don’t know what the traffic is, so our intelligence, in terms of telling you what’s on the line, sometimes is good, sometimes is terrible. So you may be facing a situation, you spend several hundred million dollars in a year preparing to go do something and you find out that the take sucks.”
Although tapping into underground fiber-optic lines is much more difficult than tapping into a copper cable, the technique has been perfected by the NSA. For cables buried in foreign countries, the task of gaining access to them was given to a unique covert organization named the Special Collection Service (S.C.S), which combined the clandestine skills of the CIA with the technical capabilities of the NSA. Its purpose is to put sophisticated eavesdropping equipment—from bugs to parabolic antennas—in difficult-to-reach places. It also attempts to target for recruitment key foreign communications personnel, such as database managers, systems administrators, and I.T specialists.
The S.C.S is a key link in the NSA’s transition from a traditional focus on information “in motion” to information “at rest.” Since the first transatlantic intercept station was erected on Gillin farm in Houlton, Maine, just before the close of World War I, Sigint has concentrated on intercepting signals as they travel through the air or space. But as technology makes that increasingly difficult and cost prohibitive, the tendency, say senior intelligence officials, will be to turn instead to information “at rest”—the vast quantity of information stored on computer databases, discs, and hard drives. This may be done either remotely through cyberspace or physically by the S.C.S.
As encryption, fiber optics, the Internet, and other new technologies make life increasingly difficult for the NSA’s intercept operators and code breakers, the S.C.S has greatly expanded and taken on an increasingly important role. “Yesterday’s code clerk is today’s systems administrator,” said one very senior CIA official. The easiest way to a large amount of secret information is to get into foreign databases, and the best way to do that is to recruit—through bribes or other offers—the people who manage the systems. Also, by bribing someone to plant bugs in the keyboards or other vulnerable parts of a computer network, the NSA can intercept messages before the cryptographic software has a chance to jumble the text.
The position of S.C.S chief alternates between NSA and CIA officials.
The service is headquartered in a heavily protected, three-hundred-acre
compound consisting of three boxy low-rise buildings with an odd, circular
park walled in between them. Located at 11600 Springfield Road in
Laurel, Maryland, nine miles south of the NSA, the facility is disguised
as a tree-lined corporate campus. In front is a sign with the letters “C.S.S.G”
that seems not to have any meaning. Inside, in what is known as “the live
room,” the electronic environment of target cities is re-created in order to
test which antennas and receivers would be best for covert interception.
Elsewhere, bugs, receivers, and antennas are incorporated into everyday
objects so they can be smuggled into foreign countries. “Sometimes
that’s a very small antenna and you try to sneak it in,” said former CIA
director Stansfield Turner. “Sometimes the signal you’re intercepting is
very small, narrow, limited range, and getting your antenna there is going
to be very difficult.”
While in some places the NSA or S.C.S has compromised a nation’s entire communications system by bribing an engineer or telecommunications official, in others much of the necessary eavesdropping can be done from special rooms in U.S. embassies. But in difficult countries clandestine S.C.S agents must sometimes fly in disguised as business people and covertly implant the necessary eavesdropping equipment. The person might bring into the target country a parabolic antenna disguised as an umbrella. A receiver and satellite transmitter may be made to appear as a simple radio and laptop computer. The S.C.S official would then camouflage and plant the equipment in a remote site somewhere along the microwave’s narrow beam—maybe in a tree in a wooded area or in the attic of a rented farm house. The signals captured by the equipment would be remotely retransmitted to a geostationary Sigint satellite, which would then relay them to the NSA.
In order to obtain access to fiber-optic cables in non-cooperative or hostile foreign countries, the S.C.S would trace the cable to a remote area and then dig a trench to get access to it. Then the person would place an advanced “clip-on coupler” onto the cable. These commercially available devices, used to test fiber-optic systems, produce a microbend in the cable that allows a small amount of light to leak through the polymer cladding shell. The light can then be captured by a photon detector, a transducer that converts the photons into an electrical signal. This then connects to an optical/electrical converter that is plugged into a port on a laptop fitted with software allowing for remote control. Packed with super-long-life batteries, the entire system can be reburied with a camouflaged line running up a tree to an antenna disguised as branches. Signals from the bug can then be transmitted to an NSA satellite while remote control instructions are broadcast back down to the computer. All of the equipment needed is commercially available.
To tap undersea fiber-optic cables in the Middle East and elsewhere, the navy secretly renovated the Seawolf-class submarine U.S.S Jimmy Carter for such operations. In December 1999 Electric Boat was awarded a $887 million contract to extensively modify the sub with a special forty five-meter-long section for “surveillance, mine warfare, special warfare, payload recovery and advanced communications.” The sub would likely set down on the bottom over the cable while a special NSA team pulled it aboard in the newly installed section, tapped into it, and returned it to the bottom attached to a breakaway pod. A cable could then be covertly laid from the pod to a hidden shore location for clandestine transmission back to Fort Meade. The only problem is it hasn’t yet worked. “Can’t do it—doesn’t have the ability to tap in. Won’t be able to for a long time, if ever,” said one knowledgeable intelligence official. “Tapping the cables underwater is extremely hard. I mean, it’s hard enough doing it on land, but it’s extremely hard to do it underwater. It’s not like copper cable where you just go out and put something on it.”
Fortunately for the NSA, industrial-strength cable tapping has always been a big business for countries around the world—and the agency has often been a beneficiary. In Britain, siphoning telegrams and later e-mail from incoming and outgoing cables has a long tradition, and G.C.H.Q and the NSA have always been the closest of trading partners. In the 1960's, all cable traffic entering and leaving the United Kingdom was scrutinized by a special department of the post office, which controlled the cable system. “On the morning after they have been sent or received,” said one report, “they are collected and sifted by a Post Office department concerned with security. Then any cables believed to be of special interest are passed to the Security Services. They are studied there, copied if necessary, and returned to the Post Office, which owns the former Cable and Wireless Company. Cables passed through private companies—mainly branches of foreign concerns operating in Britain—are collected in vans or cars each morning and taken to the Post Office security department. The probe is conducted under a special warrant, signed by a Secretary of State under Section 4 of the Official Secrets Act and regularly renewed to keep it valid.” While communications technology has certainly changed since the 1960's, there is no indication that either the British policy or Section 4 of the Official Secrets Act has changed.
Just as the NSA and G.C.H.Q are now attempting to find ways into the new world of fiber-optic cables, they faced similar challenges at the dawn of the satellite age forty years earlier. It was a time of enormous change; the U.S. and the UK would be directly connected for the first time, by both satellite and undersea cable. In 1962 the British Post Office Satellite Communications Station at Goonhilly Downs in Cornwall came online and its ninety-foot satellite dish began tracking Telstar, the world’s first communications satellite. But because of Telstar’s low orbit, communications could only be transmitted and received as the satellite passed overhead every 158 minutes.
The following year, the first submarine cable directly linking the two countries was completed. Known as TAT-3, the cable ran from Tuckerton, New Jersey, to Widemouth Bay near Bude in Cornwall. Then in April 1965, the first geostationary communications satellite, INTELSAT 1, nicknamed “Early Bird,” was launched. At 22,300 miles in space over the equator, it was able to maintain a fixed position between the two continents. This allowed, for the first time, direct and continuous communications between Goonhilly Downs and the U.S. satellite ground station in Etam, West Virginia. Rapidly, other nations around the world began building ground stations and communicating with one another via Early Bird.
G.C.H.Q needed no help from the NSA obtaining the communications coming over TAT-3. Since the UK end of the cable was under the control of the post office, it simply obtained the traffic directly from them—possibly at a G.C.H.Q facility near the Bude landing station. The cable was one of the few communications links between countries in Europe and North America and therefore proved a rich source of intelligence. But now much of Europe and beyond was bypassing England and communicating directly through Early Bird to other parts of the world. Without satellite dishes to intercept those signals, that widening stream of intelligence was out of G.C.H.Q’s reach—until the NSA came to the rescue.
At the time, the NSA was building its own satellite interception base at Sugar Grove, West Virginia, about fifty miles from Early Bird’s down link at Etam. Seeing the value in a worldwide network of such dishes—the eventual Echelon operation—the NSA agreed to help finance and build the station for G.C.H.Q. The place chosen was Bude, possibly to place it near an existing interception facility for the TAT-3 cable. Today Widemouth Bay is the landing point for TAT-14 and a number of other major fiber-optic cables.
Once the two ninety-foot dishes at Bude were completed in the late 1960's, the director of G.C.H.Q at the time, Sir Leonard Hooper, sent his personal thanks to NSA director Marshall “Pat” Carter. In his note he suggested that the original two dishes should be named after Carter and his deputy, Louis Tordella. “I know that I have leaned shamefully on you, and sometimes taken your name in vain, when I needed approval for something at this end,” Sir Leonard wrote. “The aerials at Bude ought to be christened ‘Pat’ and ‘Louis’!” Hooper added, “Between us, we have ensured that the blankets and sheets are more tightly tucked around the bed in which our two sets of people lie and, like you, I like it that way.”
Sitting high above the Celtic Sea on the edge of Sharpnose Point, Bude today has nearly a dozen dishes pointed at various satellites, spanning the Indian Ocean to the South Atlantic. Since the opening of the space age, Goonhilly Downs had been a key link for Britain in satellite communications. But in 2008 the station was closed down. That left Madley, a village in Herefordshire about fifty miles from G.C.H.Q headquarters, as the country’s major satellite gateway.
After initial sorting at Bude, the intercepts are transmitted over an encrypted fiber-optic cable 171 miles northeast to a boxy, thirty-year-old building at G.C.H.Q’s Oakley complex in Cheltenham, Gloucestershire. There in X Division they are run through supercomputers, including a Cray 3, before being transferred by cable another four miles across town to the organization’s new high-tech facility at Benhall. In 2004, most of Oakley and the agency’s original headquarters at Benhall were destroyed by the wrecking ball as the new Benhall center opened for business. By then the supercomputers were also supposed to have been moved to the new facility. The massive undertaking, at a cost of $120 million, would have been the most expensive and delicate move in British history.
But as the transfer was about to take place, there was great concern that the critical flow of intelligence would be interrupted. In particular, it would have been impossible to monitor mobile phone chatter between suspected terrorists. Instead, it was decided to leave the machines in place at Oakley, along with several hundred staff, and spend $616 million on a fiber-optic cable linking the two centers. Over the following seven years, as the banks of supercomputers become obsolete, new machines will be installed directly at Benhall and thus guarantee continuity.
At the new center, the reams of intercepts would undergo final analysis by the agency’s cryptolinguists, code breakers, and data miners and other members of the staff. Based on what information was contained in the messages and phone calls, the analysts would write up reports and forward them to the NSA and the other members of the Five Eyes pact.
Completed in 2003, G.C.H.Q’s $660 million new headquarters totaled 1.1 million square feet and covered 176 acres. It replaced more than fifty buildings on several sites. Many of the structures were huts similar to those that covered Bletchley Park, the secret World War II code-breaking center where the German Enigma code was solved. Far from Bletchley’s solemn, monastery-like environment, the new G.C.H.Q is a marvel of space age construction. Made with steel, aluminum, glass, granite, Cotswold limestone, wood, and concrete, it is built in the shape of a modernistic silver-colored doughnut. The “hole” at the center is an open-air garden the size of London’s Albert Hall. Inside the building are enough copper computer cables to stretch all the way to Rio de Janeiro, and surrounding the doughnut are parking lots with about twenty-nine hundred spaces.
The radical design by the British architect Chris Johnson was also intended to help foster interaction in a population known for security paranoia and eyes-lowered introversion. “It’s a huge change for an organization whose traditional mentality was ‘Shut the door behind you, and make sure no one follows you,’ ” he said. “They worked in an environment with their blinds down and doors locked. Not many people knew who their coworkers were, and there was no real sense of community or belonging.” So today, although the building contains one million square feet of space stretched over four floors, the doughnut shape means that each employee is never any more than a five-minute walk from any colleague. Also included inside the doughnut is a six-hundred-seat restaurant, a health club, and a museum.
Security was also a key feature in the design, with eight inches of blast cladding fitted to all outer walls. As a further precaution, the deeper one goes into the doughnut, the higher the clearance required. And while the agency remains the blackest of Britain’s spy agencies, it is also striving to be the greenest. The shell of each office chair is made from thirty-six large recycled plastic soft drink bottles; desks and table surfaces are made from 90 percent recycled wood; and all steel products are made from 30 percent recycled metal.
Though it was originally built to hold about four thousand people, the number of personnel crowding into the doughnut is now about fifty-two hundred as a result of the buildup following the attacks on 9/11 and the London bombings in 2005. In an effort to attract new Web-savvy recruits, G.C.H.Q has turned to ad campaigns within online computer games such as Tom Clancy’s Splinter Cell Double Agent and Rainbow Six Vegas. And to find talented cipher-brains, the agency joined with the British Computer Society to sponsor a code-breaking competition called the National Cipher Challenge. Conducted on the Internet and lasting three months, the game involved cracking coded messages passed between Lord Nelson and naval intelligence as they tried to block a plot by Napoleon to obtain a mysterious Chinese weapon. To add to the complexity of the plot, the secret to the mystery lay in the encrypted two-hundred-year-old writings by the Elizabethan spy Christopher Marlowe.
G.C.H.Q’s biggest need, like that of the NSA, was for linguists, and in one recruitment pitch, the agency said it was seeking candidates fluent in Albanian, Amharic, any other African languages, Arabic, Azeri, Baluchi, Basque, Bengali, Brahui, Bulgarian, Chechen, Chinese, Dari, Georgian, Greek, Gujerati, Hindi, Indonesian, Japanese, Kashmiri, Kazakh, Korean, Kurdish-Sorani, Macedonian, Malay, Mirpuri, Nepali, Papiamento, Pashto, Patois/Creoles, Persian, Polish, Potohari, Punjabi, Romanian, SerboCroat, Shona, Somali, Swahili, Tamil, Turkish, Ukrainian, Urdu, Uzbek, and Vietnamese.
By 2007, Britain’s security and intelligence budget had more than doubled to $4.2 billion from less than $2 billion before September 2001. At $1.6 billion, G.C.H.Q was the most expensive part of that budget, yet it was still overstretched. According to a report by the Parliamentary Intelligence and Security Committee, a key factor was the agency’s continuous need to support M.I.5’s domestic terrorism investigations. One of those was Operation Overt, a huge surveillance and intelligence effort targeting two cells of suspected Islamic militants who were believed to be plotting an attack on transatlantic airliners.
In light of these domestic terrorism threats, there has been a strong effort by the British attorney general to allow intercepts from G.C.H.Q to be introduced in court as evidence during trial of terrorism suspects. But the move is greatly opposed by G.C.H.Q officials, who claim the measure would jeopardize its intelligence collection techniques and divert substantial resources to prepare transcripts of thousands of hours of phone conversations for court cases. “G.C.H.Q is, not unnaturally, nervous that its techniques might get into the public domain,” said Shadow Home Secretary David Davis. Agreeing with Davis was Sir Swinton Thomas, whose odd title was Interception of Communications Commissioner. “The number of cases where intercept material would make a substantial difference are very few indeed or possibly even nonexistent,” he said. And G.C.H.Q officials told members of Parliament, “So far we do not believe that anything proposed passes the test of doing more good than harm.”
Another problem is the long delay in developing a secure communications system to connect G.C.H.Q with the other intelligence agencies and their overseas offices. Known as Scope, the system was supposed to be in place by 2004 but has now been delayed for another five years.
Leading the charge against using intercepted data in court was Sir David
Pepper, who was named director of G.C.H.Q in February 2003. Quiet
and balding, Pepper spends his spare time taking long walks through the
Cheltenham countryside, experimenting in the kitchen, and listening to
music. With a doctorate in theoretical physics from St. John’s College,
Oxford, more than thirty years at “the Q,” and a specialty in information
technology, Pepper was the perfect technospy. Even though his agency
was already outgrowing its new doughnut-shaped home, he knew it was
destined to get fatter yet as M.I.5, the Security Service, continued to expand
its domestic counter terrorism activities. By 2007, over two hundred
domestic extremist groups, and some two thousand individuals, were being
investigated by M.I.5. But as the G.C.H.Q packed more and more eavesdroppers and analysts into the doughnut, the quality of the intelligence
went down.
“How much we need to grow will depend more or less on how much ministers decide to grow the Security Service,” said Pepper, who planned to retire in July 2008, after five years as head of G.C.H.Q. “So our C.T [counter terrorism] capability will need to keep pace so we can support the number of operations there that they are running . . . By the end of the year we had found that we were managing to support most of Security Service’s highest-priority operations, but we were not achieving the quality of support that we and they had agreed we should aim for . . . essentially because we were spreading ourselves too thin . . . We do not have enough CT resources.”
The biggest problem, according to Pepper, was the ever-expanding Internet and especially the increasing use of the Internet for phone calls. These VoIP calls frustrate the eavesdroppers at G.C.H.Q because they bypass the traditional telecom hubs and gateways, such as Bude, that are piped to the agency. “The Internet uses a very different approach to communications,” said Pepper, “in that, rather than having any sense of fixed lines like that, there is a big network with a number of nodes, but for any individual communicating, their communications are broken up into shorter packets. So whether you are sending an e-mail or any other form of Internet communication, anything you send is broken up into packets. These packets are then routed around the network and may go in any one of a number of different routes because the network is designed to be resilient . . . This [represents] the biggest change in telecoms technology since the invention of the telephone. It is a complete revolution.”
In order to bring some relief to G.C.H.Q, the Intelligence and Security Committee, which oversees the spy agencies, developed a Sigint modernization program. This included a twenty fold increase in the agency’s ability to access, process, and store Internet and telephone data. It also led to “the automation of certain aspects of the analysis of communications, allowing improved identification of networks—a task that previously had to be performed manually. As a result, analysts now have more time to interpret the data and establish its significance.”
The number of people in Britain whose communications were targeted had exploded in recent years. According to the 2007 report by the Interception of Communications Commissioner, the watchdog office that oversees eavesdropping by the intelligence community, over 439,000 requests were made to monitor people’s telephone calls, e-mails, and letters by secret agencies and police departments in just over a year. The report also revealed that nearly four thousand errors were reported in a fifteen month period. The author of the report, Sir Swinton Thomas, described the figures as “unacceptably high.” Human rights groups labeled the revelations as signs of a “creeping contempt for our personal privacy.”
Stretched along the curving Middle East seabed, the FLAG Falcon cable comes ashore in a number of countries with high intelligence value. Connecting Egypt to Mumbai, India, it traverses Oman, Bahrain, Kuwait, Qatar, and others. Of most interest to the NSA, however, are Iran, Iraq, Sudan, and Yemen, all of which have either joined or are eager to soon do so. The agency had long targeted Iran’s nine Intelsat and four Inmarsat earth stations, and its microwave links to Turkey, Pakistan, and Afghanistan, but the thought of much of that traffic being transferred to a subsea cable has many at Fort Meade nervous.
Containing 120,000 voice and data circuits, the $1.2 billion cable is owned by FLAG (Fiber-optic Link Around the Globe), the world’s largest private undersea cable system, with a vast network spanning forty thousand miles. Upon the completion of its newest cable, FLAG N.G.N, the company will soon have the capacity to carry a massive 2.5 billion simultaneous voice calls and 300 million simultaneous web chats in sixty countries on four continents. It is the Gulf region’s most powerful cable, operating at a terabit per second, and its ring shape also provides redundancy, known as a self-healing capability.
For the NSA, as the Middle East seabed becomes layered with cables, it must begin establishing secret relationships with countries outside its exclusive Five Eyes club, something that is already happening, according to Keith Coulter, who, from 2001 until 2005, was director of the Canadian member of the group. According to Coulter, the Five Eyes “form the tightest and most historical partnership that we have had. It is strong.” But, he noted, times are changing and his agency and the other members must also begin forming other cooperative arrangements. “The group,” he said, “has been longstanding and successful but the world is evolving and so other partnerships are necessary, on our part and our allies’ part. I belong to a European group that includes a number of countries, among which there is some sharing because there is much interest in terrorism.”
Probably the best place within the entire region to install a listening post is the Indian city of Mumbai. It represents the kind of location where the NSA would seek to establish a secret presence; it is also an example of how many people may now be tapping into private phone calls and e-mail worldwide. From a listening post in Mumbai, eavesdroppers could listen to conversations between Europe and Asia, for example.
Mumbai contains the central switch for virtually all the cables in the Middle East and much of Asia, including FLAG, FLAG Falcon, SEA-ME-WE 3, and SEA-ME-WE 4. SEA-ME-WE 3 alone is the longest system in the world at over twenty-four thousand miles—the distance around the earth. It has thirty-nine landing points in thirty-three countries on four continents, from Western Europe (including Germany, England, and France) to the Far East (including China, Japan, and Singapore) and Australia. Some of the cables connecting in Mumbai also have links to Iran, Pakistan, and other countries of great interest to the NSA.
The Mumbai switch is owned by V.S.N.L, part of the Indian government. A few years ago the Indian NSA, Research and Analysis Wing (RAW), proposed tapping into it, according to Major General V. K. Singh, a former top official for RAW. “Sometime in 2000–2001,” Singh said, “someone in RAW proposed that monitoring equipment should be installed at the V.S.N.L gateway in Mumbai. When I joined RAW in November 2000, the project was still being discussed.” V.S.N.L, he added, “agreed to provide the facilities for installation of the interception equipment, but expressed misgivings about the presence of RAW personnel and equipment in its premises, which were frequently visited by foreign members of the consortium [that owned the cables].”
To alleviate the company’s concern, RAW suggested that the company buy and install the equipment themselves and then apply for reimbursement from the intelligence agency. But while the company found the arrangement agreeable, Singh himself was troubled. “I had felt uneasy about the project right from the beginning,” he said. “It would have been okay if we were going to intercept traffic going from or coming to India. One could always justify this on the ground that we wanted to monitor traffic related to terrorism . . . But the S.M.W 3 [Southeast Asia–Middle East–Western Europe cable] was also carrying traffic that had nothing to do with India. What right did we have to monitor a call between a person in Germany who was talking to someone in Japan? . . . I expressed my misgivings several times . . . What we were planning to do was clearly another form of illegal interception. In fact, it was worse because we would not only be violating our own but also international laws. I was surprised when I found that other people in RAW not only disagreed but scoffed at my ideas.”
General Singh was relieved when V.S.N.L became privatized and was sold to the very large Indian company the Tata Group, thinking that the new company would not want to get involved in illegally spying on its customers. “But apparently this did not happen,” he said. Agreements between the company and the government were signed. Singh left RAW in 2004, and he does not know if it is continuing. “But the fact that it was planned and approved raises many questions,” he said. “Intelligence agencies need to be reminded, occasionally, that they are working not for themselves but the country and its citizens, who must never be humiliated by their actions.”
More recently, the Indian government has become alarmed at the realization that BlackBerry users are able to evade its digital dragnet when sending e-mail. As a result, the government gave the four domestic mobile operators offering the service a deadline to detail precisely how they route their users’ messages or have the system terminated. It is a preview of what may eventually happen in other democracies, including the U.S., as eavesdropping becomes all encompassing.
A key problem for New Delhi officials is the fact that BlackBerry’s encrypted e-mail passes through servers all based outside the country. The system is licensed to India’s mobile operators by Research in Motion (RIM), a Canadian company so confident in the security of its encryption that it considers it virtually unbreakable. “Rumours speculating that [e-mail] can be intercepted and read by the National Security Agency in the U.S.,” RIM has claimed, “or other ‘spy’ organisations are based on false and misleading information.” In an extraordinary move, in an effort to resolve the impasse and prevent the mobile e-mail service from being shut down, Canada’s electronic spies have agreed to help India’s RAW intercept the BlackBerry messages.
Whether the NSA currently has its own equipment at the Mumbai landing station is unknown, but among the tools the Bush administration uses to get governments to cooperate in its eavesdropping operations are cash, equipment, and political pressure. The administration has recently used all three with Mexico, a country with an atrocious record of police corruption, torture, and human rights abuses. The State Department’s Human Rights Report for 2006 said Mexico’s “deeply entrenched culture of impunity and corruption persisted, particularly at the state and local level. The following human rights problems were reported: unlawful killings by security forces; kidnappings, including by police; torture; poor and overcrowded prison conditions; arbitrary arrests and detention; corruption, inefficiency, and lack of transparency in the judicial system; statements coerced through torture permitted as evidence in trials; criminal intimidation of journalists, leading to self-censorship; corruption at all levels of government; domestic violence against women often perpetrated with impunity; criminal violence, including killings against women; trafficking in persons, sometimes allegedly with official involvement; social and economic discrimination against indigenous people; and child labor.”
There is also a long tradition of illegal eavesdropping in Mexico, especially
on opposition political leaders. One case was accidentally discovered
in 1998 in Campeche, a city on the Yucatán Peninsula surrounded by
ancient Spanish walls and fortifications used centuries ago to protect the
population from pirates and buccaneers. One night after sunset, Layda
Sansores Sanroman rapped on the door of an old concrete house at the
center of the city. When a janitor opened it, she walked into a government
espionage center. Lining the back room walls were racks of electronic
eavesdropping equipment. Another room was crammed with seven years’
worth of transcripts from telephone taps—thousands of pages of private
conversations from politicians, journalists, and everyday citizens.
“I was furious to discover my life on papers, documents, recordings and computer files,” said Sansores, a fifty-two-year-old senator from an opposition political party who had been tipped off by an anonymous note. “Seven years of my life were there, tracked in detail.” She and her aides later discovered that the equipment had been purchased by the government for $1.2 million from Israel.
More than a dozen other examples of systematic government eavesdropping around the country were also discovered about the same time— from hidden cameras and microphones uncovered in the offices of the Mexico City government to interceptions of telephone calls by a state governor. “The discoveries and the willingness of the targets to go public with evidence—confirmed many Mexicans’ long-held suspicion that their government has acted as an omnipresent Big Brother spying on its citizenry, its perceived enemies and, frequently, on some of its own agencies and officials,” said one news report at the time.
“Everything I say and do, I assume that I am being spied on,” said Guanajuato
state governor Vicente Fox, who would later be elected president,
and whose phones were also tapped. Mariclaire Acosta, the president
of the Mexican Commission for the Defense and Promotion of Human
Rights, expressed a view felt by many. “It is a horrible, filthy method of
political control,” she said. “It’s a fundamental violation of the right to
privacy.” She added that she was also a regular target of wiretaps. “The
life of everybody in town is there.”
Aware of Mexico’s abysmal record in both human rights and in electronic surveillance, in 2006 the Bush administration entered into a quiet agreement with the Mexican government to fund and build an enormous $3 million telephone and Internet eavesdropping center that would reach into every town and village in the country. According to a State Department document used to solicit vendors for the system, the United States would provide Mexico “with the capability to intercept, analyze, and use intercepted information from all types of communications systems operating in Mexico.” The document continued:
The U.S. Government intends to procure a communications intercept system that enables the timely receipt, processing, analysis, and storage of intercepted communications from the national telephonic and other communications service providers in Mexico. The proposed system must comply with the following A.F.I [Agencia Federal de Investigaciones, Mexico’s Federal Investigative Agency] stated requirements for interception of target calls and sessions from (1) TELMEX PSTN network, through analog lines, (2) TELCEL TDMA and GSM network, (3) NEXTEL iDEIM/GSM network, (4) TELEFONICA network, (5) UNEFON network, (6) IUSACELL CDMA network and TDMA network, (7) Existing CISCO VoIP network at customer’s premises, (8) packet data from the Mexico PRODIGY ISP network. Additionally the client desires the establishment of a central monitoring center with the capabilities of (1) real-time and off-line playback, (2) fax decoding, (3) packet data decoding, (4) storage of all calls for at least 25,000 hours, (5) storage of all session related information, (6) 30 monitoring stations and 30 printers, (7) cellular location and tracking. Capabilities must include TDMA, GSM, CDMA, iDEN, AMPS, PCS, landline, FAX, Email, chat, Internet, SMS and VoIP. The communications intercept system must include all necessary hardware, software and equipment required to provide a complete solution. Proposals must include pricing for the complete system, installation of the system, training in Spanish on use of the system and technical support.
The system the Bush administration wanted for Mexico was similar to its warrant less eavesdropping operation in the U.S. “The target phone database should be able to accommodate a maximum of 8,000,000 sessions,” it added, “programmable by telephone service provider and monitoring center operators.” The surveillance center would also have “the ability to generate a data bank for voices for the analysis of comparison, recognition and identification.” This would give the center the capability to scan millions of telephone calls using voice prints of their targets. Another innovation was the ability to bring under surveillance ever widening circles of people—not just the target, but whoever called the target and then whoever called that person, and so on. “The ability,” said the proposal, “to analyze calls (call crossovers) and the automatic generation of links between them.” The system was also required to reach every phone in the country. “The Contractor shall be responsible,” said the document, “for integrating into the telephone intercept system the required plans and maps of the entire Mexican Republic.”
The deal underscores the close relationship between the country’s conservative
president, Felipe Calderon, and George W. Bush. In addition to
the installation of the Bush administration’s countrywide bugging system,
Calderon was also attempting to amend the Mexican Constitution
to allow the government to eavesdrop without a judge’s approval under
various conditions. While he argued that he needed the system and the
freedom from court scrutiny in order to fight drugs and organized crime,
many in Mexico were not buying it. Among them was Renato Sales, a
former deputy prosecutor for Mexico City, who compared Calderon’s plan to the Bush administration’s warrant less eavesdropping program.
“Suddenly anyone suspected of organized crime is presumed guilty and
treated as someone without any constitutional rights,” he said. Now a law
professor at the Autonomous Technological Institute of Mexico, Sales
added, “And who will determine who is an organized crime suspect? The
state will.”
Both sides have tried to avoid drawing attention to the agreement, however, because of the potential hostile reaction by the Mexican public to the possibility that all their phone calls and e-mail might be analyzed and stored not only by their own government but also by intelligence agents in Washington.
For the Bush administration and the NSA, there may be some significant strings attached to the offer to wire Mexico border to border and coast to coast with a free $3 million eavesdropping system. Most important, the U.S. will get full access to the data, possibly in a way similar to the setup with AT&T in San Francisco. It is the type of deal NSA may be working out with countries around the world as part of an Echelon II–style operation. A key problem with such a worldwide system is that it would supply countries with potentially even worse human rights and privacy records than Mexico with a critical means of internal repression.
The strings attached are contained in the part of the proposal labeled “Requirements.” One of these items is a requirement “to disseminate timely and accurate, actionable information to each country’s respective federal, state, local, private, and international partners.” Since the U.S. certainly qualifies as an “international partner,” it means Mexico is obligated to disseminate its data to a U.S. agency. But what is perhaps even more troublesome is the requirement to share its data with “private” partners—in other words private surveillance companies within the U.S.
This type of arrangement with Mexico and other countries may in fact be among the most secret parts of the Bush administration’s entire warrant less eavesdropping program. That is because it completely bypasses the requirement for probable cause that one of the parties is connected to al-Qaeda. The intercepted data is gathered by Mexicans in Mexico— much of it involving calls to and from Americans across the border—and passed in bulk to the U.S., possibly to the NSA or FBI or Drug Enforcement Administration. Rather than al-Qaeda, it might involve drugs. According to a number of legal scholars, it may even be possible to introduce this type of information in U.S. courts. The protections offered by the Fourth Amendment, they say, do not apply outside the United States, especially when the surveillance is conducted by another country.
An indication of this can be seen in the evasive answers to questions
put to the NSA general counsel Robert Deitz in 2006 by Congressman
Robert C. Scott, a Virginia Democrat, during a congressional hearing.
Scott attempted to pin Deitz down on whether there was a second, more
secret element to the warrant less eavesdropping operation. “Is there another
program?” he asked. “I mean you are using twenty questions. We
are trying to get around to, if I can ask the right question, to target the
right answer. Are you wiretapping people without an individual assessment
of probable cause that they are a member of al-Qaeda or without a
warrant?” Deitz responded, “I can’t answer that.” Nor did he volunteer to
provide an answer in closed session.
But coming to his rescue was Steven G. Bradbury, the Justice Department point man on the warrant less surveillance program, who chose his words very carefully. “Well, if I might just jump in, Congressman. I think the president has made it clear that there is no other program that involves domestic electronic surveillance of domestic communications, and so the program that the President has described is the only program along those lines” [emphasis added]. By deliberately adding that caveat, “domestic” electronic surveillance, Bradbury appeared to be leaving open the possibility of foreign electronic surveillance of U.S. domestic communications.
Using non–U.S. citizens in a foreign country to evade the law and eavesdrop on Americans is not a new idea. In the 1970's, the Bureau of Narcotics and Dangerous Drugs (B.N.D.D)—the predecessor of the Drug Enforcement Administration—was unable to obtain a judicial warrant to eavesdrop on a group of Americans within the U.S. As a result, they secretly turned to the NSA and asked them to conduct the illegal eavesdropping on their behalf. The NSA agreed, but the agency was nervous about giving the watch list containing the U.S. names to its intercept operators at the U.S. listening post (probably Sugar Grove, West Virginia). Because they were mostly military, they were worried about frequent turnover of personnel and the risk of the operation leaking out. Thus they asked the CIA to give help in conducting the eavesdropping with the watch list, which they agreed to do However, when the cooperation was discovered by the CIA’s general counsel, Larry Houston, it was abruptly called to a halt. In Houston’s opinion the activity possibly violated Section 605 of the Communications Act of 1934, prohibiting the unauthorized disclosure of private communications. He concluded, too, that since the intercepted messages were eventually given by the NSA to B.N.D.D, the activity was for law enforcement purposes, which was outside the CIA’s charter. As a result of Houston’s memorandum, the CIA suspended any further collection.
But according to the NSA’s deputy director at the time, Louis Tordella, the major reason for the CIA pullout was that the phone calls were being intercepted from American soil. “I was told that if they could move a group of Cubans up to Canada,” Tordella said, “it would be quite all right, but they would not do it in the United States.” Rebuffed by the CIA, the NSA continued the operation itself. A few years later it was among the many illegal programs uncovered by the Church Committee that led to F.I.S.A. Now the idea may have returned. If so, countries like Mexico and Britain could target American communications with their own nationals, on their own territory, and pass the information to the NSA.
Canada, however, despite Tordella’s suggestion, seems an unlikely candidate to assist the NSA in spying on Americans, despite sharing our northern border. Since the very beginning, Canada’s highly secret Communications Security Establishment (C.S.E) has been a key member of the Five Eyes partnership. During the Cold War, the organization played a large role in monitoring Soviet submarine and shipping activities in the Arctic. Then in August 2001 Keith Coulter became director and moved into his office in the Edward Drake Building, a modern six-story reinforced concrete and steel structure in the shape of a Y. Set in a modern, park like landscape at the crest of a hill on Ottawa’s Bronson Avenue, it was once the home of the Canadian Broadcasting Corporation. Today it pulls signals in rather than sending them out.
A onetime fighter pilot with the Snowbirds, the Canadian Forces Air Demonstration Team, and later a planner with the Treasury Board, Coulter was in office for just five weeks before the attacks of 9/11. Almost overnight, he was forced to put his agency into overdrive, to quickly move it into the twenty-first century. “Throughout the 1990's as C.S.E moved further away from its Cold War focus, the pace of change in the telecommunications world moved from evolutionary to truly revolutionary,” he said. “The routing of messages became unpredictable. Anything could be anywhere in this new communications landscape.” Coulter added, “Further, in the new environment, communications were moving in complex bundles that had to be mapped and analyzed before acquisition was even possible.”
Another problem was legal—the C.S.E was prohibited from eavesdropping on not only domestic communications but also international, where one end of a conversation touched Canada. The law, Coulter said, “affected C.S.E in two ways. First, it prevented C.S.E from intercepting communications that an intelligence target abroad sent to or received from Canada. For example, C.S.E could not provide intelligence on a known terrorist group abroad if it was communicating with a member or accomplice in Canada. Second, this provision prevented C.S.E from intercepting any communications that might contain private communications. The difficulty here was that, in this new technological environment where anything could be anywhere in virtually endless communications haystacks and electronic highways, it was impossible for C.S.E to prove, before it acquired a communication, that both ends of the communication would be foreign. The result was that as technologies continued to evolve, C.S.E was increasingly unable to access valuable intelligence sources. By the time of the events of 9/11, all of C.S.E’s international partners—the U.S., Britain, Australia, and New Zealand—had already found ways to deal with this issue. C.S.E was being left behind.”
To catch up, Coulter was able to obtain changes in Canada’s Anti-Terrorism Act that allowed C.S.E to begin targeting foreigners and foreign organizations abroad. “The act,” he said, “allowed C.S.E to get back into the game . . . The authority that was given to us by Parliament allows us to get at that very rare but important call between, say, a terrorist group and a Canadian. It may be of international as well as national importance because of relationships.”
But unlike the NSA’s policy of warrant less targeting of Americans, C.S.E’s ear is still welded to its base pointed outward. According to Coulter, his organization is forbidden from targeting Canadians either at home or abroad. “C.S.E is prohibited from directing its activities against Canadians or anyone else located within the twelve-mile limit that defines Canadian territory,” he said. “C.S.E is also prohibited from directing its activities at Canadians abroad, defined in the act as Canadians or permanent residents.” In addition, a National Defense Headquarters instruction also forbids domestic eavesdropping.
Coulter indicates that C.S.E, once seen as little more than the NSA’s Canadian stepchild, has become more independent. He says the C.S.E even refuses to share with the NSA any communications touching Canadian territory, such as the international fiber-optic cables entering and leaving Pennant Point, near Halifax, Nova Scotia, or the satellite gateways at Pennant Point, Laurentides in Quebec, and Lake Cowichan in British Columbia. “We do not share with the United States anything that would involve one-end Canadian. I want to make it very clear, that is not something we do,” he said. “The kind of thing we collect, that very small volume of information that we have that has an end in Canada, is shared within Canada and not within our partnership community.” In fact, in 2003, during the United Nations Security Council debate over whether to invade Iraq, the NSA asked all Five Eyes countries to target the communications between diplomats on the Council. Canada, which had opposed the invasion, was the only member to refuse.
Today, C.S.E’s budget has skyrocketed from the years before the 9/11 attacks, going from $140 million in 2000 to more than $200 million by 2007. It also increased its personnel by 80 percent to about 1,700.
To house them, the agency is constructing a new $62 million (Canadian dollars), 65,000-square-foot headquarters building in Ottawa. During the Cold War, one of the C.S.E’s most important listening posts was in the far north at Alert, on the northeastern tip of Ellesmere Island in the Nunavut territory. The northernmost permanently inhabited settlement in the world—only about 450 miles from the North Pole Alert was the perfect place to eavesdrop on the northernmost reaches of the Soviet Union because it was closer to Moscow than to Ottawa. There were about 215 intercept operators and support personnel posted there during the station’s heyday. But the demise of the Soviet Union meant the end of Alert.
To eavesdrop on the Pacific, a station was established at Masset, at the top end of Graham Island off British Columbia. And the Atlantic region was monitored by a station at Gander in eastern Newfoundland. But in the late 1990's, both stations were, like Alert, largely shut down. They focused on high-frequency communications and the world had shifted to satellites and fiber-optic cables. Thus, what is left of the three stations is now remotely controlled by the C.S.E’s principal listening post at C.F.S Leitrim, located at 3545 Leitrim Road in Gloucester, just south of Ottawa. Originally opened in 1941, the station now has 450 military personnel and twenty-eight civilian employees and targets satellite communications with four radome-covered dishes behind the main building.
The current chief of C.S.E is sixty-six-year-old John L. Adams, who replaced Keith Coulter in July 2005. He dislikes the Orwellian image some people have of his agency. “I get very concerned about this ‘Big Brother is watching me.’ Nothing could be further from the truth,” he says. The major problem, according to Adams, is volume. Even “with all of your fancy electronic filters,” he says, “Big Brother would just be overwhelmed.” Adams then gives the numbers. “There are one billion Internet users online right now,” he says. “Over fifty billion e-mails are sent every day. The sheer volume, the variety, the velocity, the complexity of communications today would make this absurdly impossible. Especially for an organization of our small size.”
Like Coulter, Adams also says that there are no agreements between the NSA and C.S.E to spy on each other’s citizens. “There are all sorts of myths about C.S.E,” he says. “One is that we ask our partner organizations in the Five Eyes community to target Canadian communications for us, or that we target their citizens for them. I can tell you that we do not.”
An odd choice for chief, Adams had spent his career in the Canadian army largely as a bureaucrat and generalist. The five years prior to taking over the electronic spy agency he spent as a senior official in the fisheries and ocean department of the Coast Guard. In fact, prior to his appointment he didn’t even know what the organization did. “It’s very much a need-to-know business, and I didn’t need to know, so I didn’t know.”
For those countries beyond the Five Eyes, without an NSA or a C.S.E or a G.C.H.Q, there are a few companies that will build them the next best thing.
next
Wiretappers
Much of that “huge volume of data,” according to Kline, came from the interception of traffic from AT&T’s peering partners, such as Sprint and UUNET. And despite being turned down by Joe Nacchio, the NSA nevertheless got access to Qwest’s communications because of its peering relationship with AT&T. Qwest’s was among the cables placed through the “splitter box.” Just as the AT&T documents outlined in detail how to tap into the cables, they also described which peering links to target. They included ConXion, Verio, XO, Genuity, Qwest, PAIX, Allegiance, Abovenet, Global Crossing, C&W, UUNET, Level 3, Sprint, Telia, PSINet, and MAE West. “It’s not just WorldNet customers who are being spied on—it’s the entire Internet.”
Marcus, who holds a Top Secret clearance and has been a member of the FCC’s Homeland Security Policy Council, agreed that the peering companies were indeed a key NSA target. “All of the networks with which AT&T peered in San Francisco had their traffic intercepted,” he said, adding, “any AT&T peering partners whose traffic was not intercepted most likely were small networks that exchanged very little traffic with AT&T. The traffic intercepted at the facility probably represented a substantial fraction of AT&T’s total national peering traffic.”
Looking at the entire NSA setup, Marcus came away greatly concerned. He was especially surprised because it appeared that the system was not limited to international traffic but included all domestic U.S. communications as well—it all went into the secret room. The deployment, he said, “apparently involves considerably more locations than would be required to catch the majority of international traffic . . . This configuration appears to have the capability to enable surveillance and analysis of Internet content on a massive scale, including both overseas and purely domestic traffic . . . I conclude that AT&T has constructed an extensive— and expensive—collection of infrastructure that collectively has all the capability necessary to conduct large scale covert gathering of IP-based communications information, not only for communications to overseas locations, but for purely domestic communications as well.” (Emphasis in original.)
Secret cooperation with the telecom industry is only one method the NSA uses to penetrate the Internet and fiber-optic communications. Long before the warrant less eavesdropping program was inaugurated following the 9/11 attacks, the agency was covertly tapping into both. This was revealed in a highly classified closed-door discussion at the NSA on September 30, 1999, between the NSA deputy director for services Terry Thompson and members of the agency’s technical workforce. “The projections that we made five, six, eight years ago,” said Thompson in a videotape of the meeting obtained by the author, “about the increasing volumes of collection and what that’s going to mean for our analysts have all come true, thanks in large part to the work that you all and others have done. We’re much further ahead now in terms of being able to access and collect [Internet] network data, fiber optics, cellular data, all the different modalities of communications that we are targeting.”
One of the ways to covertly penetrate both the Internet and fiber-optic communications is to target their weakest point, the point where the systems interconnect—the routers. Literally the heart of the Internet, they are the specialized microcomputers that link two or more incompatible computer networks together. They also act as a sort of postal service, deciding where to route the various messages carried over the network. “Virtually all Internet traffic travels across the system of one company: Cisco Systems,” says a Cisco television ad. By discovering the weak spots and vulnerabilities in this “postal service,” the NSA has the ability to target and intercept much of the electronic mail.
Thus, as Thompson further explained at the 1999 meeting, one of the NSA’s goals should be to hire away, on a short-term basis, people from key companies such as Cisco. Having hired them, the agency could use their knowledge and expertise to “reverse engineer” the systems and find ways to install back doors. “I only need this person to do reverse engineering on Cisco routers,” he said, “for about three or five years, because I see Cisco going away as a key manufacturer for routers and so I don’t need that expertise. But I really need somebody today and for the next couple of years who knows Cisco routers inside and out and can help me understand how they’re being used in target networks.”
While there had always been movement back and forth between the NSA and the corporate world, for the most part agency officials considered the work too sensitive to hand out to contractors. But that changed in 2001 when Congress, worried that the NSA was falling far behind, insisted that the agency expand its domain to the private sector. In its budget authorization that year, the House Intelligence Committee listed fiber optic communications and the Internet as among the key problem areas facing the NSA and recommended more outsourcing to the corporate world. “During the 1980's budget increases,” said the committee, “NSA decided to build up its in-house government scientists and engineers and the agency now seems to believe that in-house talent can address the rapidly evolving signals environment better than outsiders can . . . The culture demanded compartmentation, valued hands-on technical work, and encouraged in-house prototyping. It placed little value on program management, contracting development work to industry, and the associated systems engineering skills.”
The committee decided it was time for a change. “Today, an entirely new orientation is required,” said the 2001 budget report. “The agency must rapidly enhance its program management and systems engineering skills and heed the dictates of these disciplines, including looking at options to contract out for these skills.” According to Mike Hayden, “The explosive growth of the global network and new technologies make our partnership with industry more vital to NSA’s success than ever before.” As a result, in a troubling change, much of the NSA’s highly sensitive eavesdropping has been outsourced to private firms in the same way it outsources copy machine repair.
Industry
The NSA’s new willingness to outsource eavesdropping, plus the warrant less
eavesdropping and other new programs, thus became a giant
boon to a growing fraternity of contractors who make their living off the
NSA. Headquarters for what might be termed the surveillance-industrial
complex is the National Business Park, “N.B.P” in NSA lingo. Located
just across the Baltimore-Washington Parkway from the agency’s secret
city, it is nearly as secret and nearly as protected as the agency itself. The
centerpiece is N.B.P-1, a tall glass office building belonging to the NSA’s
Technology and Systems Organization. Stretching out below N.B.P-1, hidden from the highway and surrounded by tall trees, National Business Park is a large compound of buildings owned by the NSA’s numerous high-tech contractors. The NSA’s problem is trying to keep up with the enormous volume of incoming information, including the warrant less monitoring, which, like any system when restraints are removed, tends to expand exponentially. N.B.P fills the need as a sort of private-sector NSA.
Among the companies with large, heavily protected buildings at N.B.P is Booz Allen with a 250,000-square-foot mausoleum. The company has long had very close ties to the NSA, especially since former director Mike McConnell left the agency in February 1996 to become a vice president and earn a $2-million-a-year salary. “At the National Business Park Campus, we apply Tomorrow’s Technology Today,” says the company’s website, to deliver “Signals Intelligence Solutions to the government and private sector.” Then, using head-hunting firms, it advertises for such positions as Internet eavesdroppers. One ad listed the job title as “Network Intelligence Analyst” and gave a description of the job:
• Provide network intelligence analysis support within multiple SIGINT development offices to high-profile government clients for a rapidly growing team.
• Provide wide range of network analysis, including basic research, protocol analysis, and network topology mapping of traffic through different layers of the OSI model and report the results of the analysis.
• Perform basic network and user discovery using various techniques, including domain name IP mapping, NS lookup, trace route analysis, and the analysis of network information, including operating systems and hosts from IP, TCP, and UDP headers.
Basic Qualifications:
• 3+ years of experience with intelligence analysis
• Knowledge of the T.C.P/I.P protocols
• Ability to perform basic protocol and network analyses
• TS/SCI clearance
Additional Qualifications:
• BA or BS degree in a related field
• Experience with advanced telecommunications, LAN, WAN, routers, data communications, and connectivity
• Experience with S.I.G.I.N.T and intelligence analysis
• Knowledge of data and telephony networking
• Knowledge of basic data flow, including the OSI model and router, hub, and switched communications
• Experience with UNIX, including writing and modifying scripts for text data manipulation
• Possession of excellent technical writing skills
Clearance:
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; TS/SCI clearance is required.
Another Booz Allen listing was for a “S.I.G.I.N.T Network Analyst” and described the duties as possibly including monitoring phone calls. The person selected, said the ad, would “evaluate and analyze complex data and telecommunications networks within S.I.G.I.N.T offices for high-profile government clients.” It’s a competitive field. S.A.I.C also advertises for network intelligence analysts, and another firm, SPARTA, was looking for a “Digital Network Intelligence Analyst . . . to pursue access and exploitation of targets of interest.”
Making up the surveillance-industrial empire are both high-profile Wall Street giants and little-known industrial park dwarfs. What they have in common is great profits from the NSA’s very deep pockets—more than ever since the start of the post-9/11 eavesdropping boom. By 2007, excluding the military, the intelligence community’s budget was $43.5 billion, about a third larger than during the pre-9/11 years. Adding in the military and tactical intelligence budget brought the total to about $60 billion. [Those numbers are mind bending when you factor in just what the hell it does for the people...NOTHING...yet we pay for it,and it all goes to a small group of good for nothings D.C]
With the billions pouring in, Hayden launched the largest recruiting drive in the agency’s history. In 2003, the agency’s recruiters logged more than 290,000 miles on 268 recruiting trips to 102 schools in forty four states and one territory. The efforts produced 820 new employees in 2002, another 1,125 in 2003, and 1,500 in 2004. By 2008, 40 percent of the NSA’s workforce had been hired since 2001.
At the same time Hayden was building his empire within Fort Meade, he was also creating a shadow NSA: of the $60 billion going to the intelligence community, most of it—about $42 billion, an enormous 70 percent— was going to outside contractors. To some inside the agency, it seemed that any idea, no matter how pie-in-the-sky, regardless of its impracticality in the real world, got funded. The numbers told the story. In October 2001, the NSA had 55 contracts let out to 144 contractors. But by October 2005, the agency had 7,197 contracts and 4,388 active contractors.
Quick to get their share were the usual wingtip Goliaths, Booz Allen, L-3 Communications, Lockheed Martin, S.A.I.C, and Northrop Grumman. Once focused primarily on management strategy for corporate boardrooms in Manhattan skyscrapers, Booz Allen realized that as the government slimmed down, they had a great opportunity to fatten up. Thus, in 1992 they moved their headquarters to Tysons Corner, Virginia. Now more than half of the company’s $4 billion a year comes from the U.S. Treasury. And since 2000, Booz Allen’s revenue has doubled. It is also the size of a city; in 2007 the company planned to increase its workforce of eighteen thousand by another four thousand. Among the surveillance projects in which the company has been heavily involved was John Poindexter’s Total Information Awareness program.
Like the military-industrial complex warned of by President Dwight D. Eisenhower, the surveillance-industrial complex that has grown up since 2001 is a cozy club made up of business executives with close, expensive contractual ties to the NSA. A quick-turning revolving door allows frequent movement between the agency and industry as senior officials trade their blue NSA badges for green badges worn by contractors. As with Booz Allen, many firms have discovered that the fastest way into the NSA’s cipher-locked door is by hiring a former director or other top executive.
With about forty-four thousand employees each, S.A.I.C and NSA are both heavyweights, and they have a decidedly incestuous relationship. After first installing the former NSA director Bobby Inman on its board, S.A.I.C then hired top agency official William B. Black Jr. as a vice president following his retirement in 1997. Then Mike Hayden hired him back to be the agency’s deputy director in 2000. Two years later S.A.I.C won the $280 million Trailblazer contract to help develop the agency’s next generation eavesdropping architecture, which Black managed. Another official spinning back and forth between the company and the agency was Samuel S. Visner. From 1997 to 2001 he was S.A.I.C’s vice president for corporate development. He then moved to Fort Meade as the NSA’s chief of signals intelligence programs and two years later returned as a senior vice president and director of S.A.I.C’s strategic planning and business development within the company’s intelligence group.
In 2003, with an influx of money as a result of the post-9/11 intelligence boom, the organization changed its name to the Intelligence and National Security Alliance (I.N.S.A). It also moved closer to the centers of power, establishing itself in a nondescript building in Ballston, a nexus between the intelligence agencies, the Pentagon, and the contractors. Once a year, first as S.A.S.A and now as I.N.S.A, the organization holds the spy world’s equivalent of the Oscars when it hosts the William Oscar Baker Award Dinner. The gala black-tie event attracts the Who’s Who of both the intelligence community and the contractors seeking their money. “The effectiveness of the U.S. intelligence and national security communities depends on strong relationships within the industry,” said the former NSA director McConnell, a member of S.A.S.A and then chairman of I.N.S.A before being named director of national intelligence.
For decades, the local business community viewed the NSA mostly with suspicion. It was a secretive Goliath that ate up a great deal of electricity but mostly kept to itself. But following the 9/11 attacks and Hayden’s wild spending spree, the county quickly saw dollar signs and wanted to get in on the action. With Hayden’s blessing and encouragement, county officials and local business leaders got together to create an industrial “incubator” for the agency called the Chesapeake Innovation Center. The idea was to establish a county-funded magnet that would attract scores of high-tech start-up firms seeking to invent a better signal trap and then sell it to the NSA. A brochure created by the C.I.C to attract the companies pointed out that wiretapping was the wave of the future. “Wiretapping activity—the capturing of communications made by suspected terrorists or criminals,” said the glossy twenty-three-page booklet, “will grow 20–25% per year as new high-speed data and packet-based networks generate incremental demand for wiretapping software. This market is at historically high levels.”
Excited local business leaders soon began hoping the center might be a way to turn the Baltimore–Washington corridor into the Silicon Valley of eavesdroppers. “Tech leaders want NSA to become Greater Baltimore’s National Institutes of Health,” gushed one article, “a government research facility that fuels the formation of a critical mass of high-tech companies, much the way NIH played a big role in spawning Montgomery County’s bio-science cluster . . NSA riches are flowing to local firms. Columbia’s Raba Technologies landed a contract in August potentially worth $100 million for signals intelligence work.” One local businessman boasted, “We’re just scratching the surface with NSA.”
The Fort Meade area had become a Klondike for data miners. But like many promising mines during the Gold Rush, the C.I.C incubator, housed in a pricey, brick-and-glass building at 175 Admiral Cochrane Drive in Annapolis, came up largely empty. The facility quickly began filling its twenty-seven thousand square feet of floor space but few tenants had anything useful to sell. The first year the incubator lost $60,000, the second $457,000, and the third between $150,000 and $200,000. By 2007, the C.I.C was forced to collapse its organization to one-fifth its original size, reducing its floor space to just 5,400 square feet.
The problems that led to 9/11, however, were never a lack of money or technology. During the late 1990's, on Hayden’s watch, there were few targets as important as the Yemen ops center. It was known to be connected to both the African embassy bombings and the U.S.S Cole attacks as well as serving as bin Laden’s communications hub—with hundreds of calls to him and from him. Yet for nearly a year the agency intercepted phone calls between the house in Yemen and the suspected terrorists in San Diego without ever discovering their city code or even country code. With an annual pre-9/11 budget of more than $4 billion a year, and a constellation of satellites and listening posts around the world, obtaining that metadata should have been well within the agency’s capabilities. If it wasn’t, there was something seriously wrong with the agency.
By late 2003, many in the Republican Congress began seeing Hayden’s bills and were stunned at the number of zeros before the decimal points. Few had ever witnessed such reckless spending with so little to show for it. Thus, in a highly unusual move, they snatched away his checkbook and credit cards, stripping him of his acquisition authority. From then on, if the agency needed new pencils, he would have to requisition them from Pentagon auditors with green eye shades and the key to the cash box. “We want to make sure that taxpayers get the intelligence systems that are needed at the best possible cost,” said a spokesman for Senator John W. Warner, the Virginia Republican who headed the Senate Armed Services Committee, which led the push for the legislation. “Speed is important, but getting the right systems at the right cost is just as important, and they are not mutually exclusive.” It was a rebuke to Hayden, but his career still seemed headed straight up.
First established in 1969, Essex spent its first several decades engaged in human factors research—exploring the pros and cons of such things as a third rear stoplight on automobiles. But sales were slow and the outlook grim—until the company hired Moodispaw, who brought in others from the agency and placed the company inside the NSA’s rarefied orbit. In 2000 Moodispaw was named CEO and the next year the company’s profits were soaring past 400 percent. One of thousands of companies on the NSA’s contractor base, Essex was among the elite 30 percent who were regularly awarded competition-free no-bid contracts. Also like many of the others, Essex was the NSA in microcosm. Its name was virtually unknown beyond the secret city and its N.B.P suburb; most employees had super high NSA clearances and lived in Laurel or one of the surrounding towns; and its office was a high-security S.C.I.F.
While the company had a seven-thousand-square-foot office at N.B.P, its main laboratory was a few miles away in the company’s large S.C.I.F. There, a key focus was developing ways to pack ever more data into cables—phone calls, Internet packets, and imagery—without expanding their physical size. At the same time, because of the sensitivity of the information, a way had to be found to scramble the photons with an all-optical encryption device. Such technologies are essential for the NSA to securely transfer massive volumes of data from the point of collection to the point of analysis. One system Essex was working on was hyper fine W.D.M technology. According to Chris Donaghey, an analyst with SunTrust Robinson Humphrey, “At its most promising, Essex’s optical networking capability can improve the current amount of data on a fiber-optic cable by a factor of one thousand.” The company’s first patent for the technology, awarded on August 19, 2003, was intriguingly titled “Optical Tapped Delay Line.”
Once the mega-volumes of data are transmitted through the cable, the NSA has to find ways to process it. For that, Essex was exploring a variety of optical signal-processing techniques—a method that actually dates back to Bletchley Park in England during World War II. British code breakers used optical signal processing to solve the enormously complex German cipher machine called Enigma. Today, it allows the NSA to process mountains of information at mind-numbing speeds.
Like most anything else in the arcane world of the supercomputer, optical signal processing has its own unique unit of measurement when it comes to speed. It is known as a “flop,” for floating point operations per second. Thus, where it may take the average person several minutes to calculate with a pencil the correct answer to a single multiplication problem, such as 0.0572 X 8762639.8765, supercomputers are measured by how many times per second they can solve such problems. If it takes a second to come up with the answer, including where to place the “floating” decimal point, then the computer would be said to be operating at one flop per second. A teraflop is a trillion operations a second.
On a bench in Essex’s lab was a 10-teraflop processor about the size of a standard desktop. It ran, however, about ten thousand times faster, at ten trillion operations a second. “We’ve developed a very sophisticated test called the ‘holy shit test,’ ” said Moodispaw. “One day we had three different sets of government customers come in to see what we could do. They all said, ‘Holy shit, you can do that?’ We’re getting results nobody else can on the technology side.”
By 2006, Moodispaw’s once tiny company had gone from fewer than fifty people in 1969 to nearly a thousand employees, with revenue projections of $250 million to $260 million. It had become the fifth-fastest growing company in the Baltimore region, and the surveillance-industrial complex continued to sizzle with no end in sight. Finally ripe for the plucking, Essex itself was purchased at the premium price of $580 million by Northrop Grumman, one of the giants in the surveillance world. “For our shareholders,” said Moodispaw at the end of his short but very profitable ride, “we have increased the enterprise value of the company from less than $20 million in 2000 to approximately $580 million under the proposed acquisition.” It was a price Northrop Grumman could easily afford; a month before its announcement, in October 2006, the NSA awarded the company a $220 million contract for a massive, new advanced information management and data storage system. At the N.B.P, as champagne corks flew in both neighboring companies, the business of tapping had become one of America’s leading growth industries.
There was no celebration on the other side of the continent, however. As Mark Kline studied his schematics of the peering connections, and the splitter cabinet, and the cloned cable, and the secret room, he had one more shock coming. “I was talking to a technician on the phone back east,” he said, “and I was trying to troubleshoot a problem because I couldn’t get the splitter to work right. This technician tells me, ‘Oh, yeah, we’re having the same problem with the splitters going into other offices.’ My hair just stood on end when the person said that. And I said, ‘Other offices?’ And she said, ‘Yeah, in Seattle and San Diego and Los Angeles and San Jose,’ all having the same problem . . . From all the connections I saw, they were basically sweeping up, vacuum-cleaning the Internet through all the data, sweeping it all into this secret room . . . It’s the sort of thing that very intrusive, repressive governments would do, finding out about everybody’s personal data without a warrant. I knew right away that this was illegal and unconstitutional, and yet they were doing it.”
Transit
In addition to communications to and from the U.S., broad streams of
telecommunications that transit the country are another key target of
the NSA—calls and e-mails from one part of the world to another that
simply pass through a U.S. switch. It is a greatly increasing phenomenon,
making up about one-third of all communications entering and leaving
the country, and one NSA has quietly been attempting to encourage. One
of the agency’s “greatest advantages,” said Lieutenant General Keith B.
Alexander, Hayden’s successor as director of the NSA, was “the ability
to access a vast portion of the world’s communications infrastructure located
in our own nation.” The same principle would be true for European and Middle Eastern communications connecting through U.S. East Coast switches. A call from Yemen to Pakistan might pass through MAE East in Virginia or the 60 Broad Street “carrier hotel” in New York City. A call from Madrid to Beijing might also transit both MAE East and MAE West as it crosses North America. Cost has always been a factor helping the NSA in this regard. Pricing models, established by the International Telecommunications Union, have largely remained unchanged since they were established over a century ago. Based on those tariffs, smaller, less developed countries charge more to accept calls than U.S.-based carriers, providing a cost incentive to route phone calls through the U.S. rather than directly to a nearby country.
Another incentive for the NSA is America’s advanced telecommunications infrastructure. According to Ethan Zuckerman, a computer expert at Harvard’s Berkman Center who has spent a great deal of time working on technology issues in Africa, a large share of even local intra-African communications passes through U.S. switches due to the lack of local I.S.P's. “Because the Internet access terminates on a different continent,” he said, “it’s likely that two people in the same African city communicating via e-mail are routing their packets through the U.S., traveling tens of thousands of kilometers out of the way to have a chat across town.” McConnell, pleased to see America become the world’s switchboard, agreed. “Today a single communication can transit the world even if the two people communicating are only a few miles apart,” he said. That may be true even if the two people are in the same city in the U.S., according to the former NSA deputy director Bill Crowell. “I have seen a communication that went from Memphis to Pakistan to Japan to whatever in order to get to another phone in Memphis,” he said.
Like those from Africa, nearly all Latin American communications, internal and external, pass through a U.S. hub. It’s a phenomenon with which Alan Mauldin, a researcher for the firm TeleGeography, which tracks global Internet traffic, is very familiar. “The U.S. does continue to play a major role in connecting the regions of the world together,” he said. “For example, Internet traffic going between Latin America and Asia or Latin America and Europe is entirely routed through the U.S.” Mauldin said that in 2005, an estimated 94 percent of that “interregional” traffic passed through U.S. switches. “Basically they backhaul to the United States, do the switch, and haul it back down since it’s cheaper than crossing their international borders,” said Bill Manning, a member of the research staff at USC’s Information Sciences Institute and managing partner of ep.net.
That Latin American traffic—millions of calls and e-mails an hour—is funneled through a single building at 50 N.E. Ninth Street in Miami. Occupying an entire square block on the edge of the downtown area, the pastel-colored six-story structure bears no signs, no name, and no windows—just painted facsimiles. On its roof are three massive satellite dishes hidden in golf-ball-like white radomes. A 750,000-square-foot telecom fortress, it has seven-inch-thick, steel-reinforced concrete walls, numerous hidden cameras, and biometric-controlled security portals. The building was even designed to withstand a Category 5 hurricane, with nineteen million pounds of concrete roof ballast. From the outside, it could easily be mistaken for an NSA building at Fort Meade.
Known as the “NAP [National Access Point] of the Americas,” like MAE East and MAE West it is one of the country’s major Internet Exchange Points. According to Norm Laudermilch, one of the executives of Terremark, which owns the facility, “about 90 percent of the traffic between North and South America goes through our facility in Miami.” The building also serves as a crossroads for communications heading for Europe and beyond. “Switching the majority of South America, Central America and the Caribbean’s layer-1, layer-2 and layer-3 traffic bound to more than 148 countries in the world,” says its sales literature, “makes the NAP of the Americas the unrivaled gateway to the Americas.”
From cities and towns throughout Latin America, the calls and Internet traffic are funneled to landing stations linked to South America Crossing (SAC), a large cable that circles the continent and is owned by Global Crossing. At Hamm’s Bay, St. Croix, in the U.S. Virgin Islands, SAC feeds all this data into another of the company’s cables, Mid-Atlantic Crossing (MAC), which serves Central America and the Caribbean. After coming ashore at a landing station in Hollywood, Florida, one branch continues on to New York and then Europe. The other travels underground from the beach in Hollywood to the NAP of the Americas building in Miami, where Global Crossing is colocated. Thus, with a setup similar to San Francisco’s in place at NAP of the Americas, the NSA would have access to virtually all communications in South America, Central America, and the Caribbean, internal and external—one-stop shopping.
The actual setup of the interception would be easy since under an agreement with the government, Global Crossing was forced to engineer its facility to be surveillance friendly—readily accessible to federal eavesdropping operations. Known as a “Network Security Agreement,” required in order for the company to obtain its landing license, Global Crossing promised to provide a capability at its location “from which Electronic Surveillance can be conducted pursuant to Lawful U.S. Process.” The company also agreed to “provide technical or other assistance to facilitate such Electronic Surveillance” to, among other organizations, the Defense Department, the NSA’s parent.
The agreement took advantage of a federal statute passed in 1994 known as C.A.L.E.A—the Communications Assistance for Law Enforcement Act. The law requires communications companies to engineer their facilities so that their network can easily be monitored. It even requires the company to install the eavesdropping devices themselves if necessary, and then never reveal their existence. According to the statute, the government is required to first provide a warrant from a federal judge—one from the F.I.S.A court, for example. But under the Bush administration’s warrant less surveillance program, they presumably could simply order the company to comply.
With its virtual alligator clips secure on the great American trunk line, by 2002 the NSA was ingesting about 650 million intercepts a day— voice and data—the same as the number of pieces of mail delivered every day across the country by the U.S. Postal Service.
Partners
As the agency wired the country, it was no less concerned with the rest
of the world. For forty years, the Echelon infrastructure had been
in place and worked well. Countries would communicate, their signals
would be transmitted to a satellite, and the NSA or one of its counterparts
in Canada, Britain, Australia, or New Zealand would catch them.
Other signals would be captured by the NSA’s geostationary satellites,
positioned like sentries at four points over the earth. Once the phone
and Internet data was captured, it would be run through “Dictionaries,”
powerful computers loaded with watch-listed phone numbers, names, addresses,
words, and phrases. Based on that greatly reduced end product,
reports would be written and sent to the NSA and other members of the
Five Eyes group. But now that at least 80 to 90 percent of communications were transiting the seabed instead of outer space, Echelon needed to be completely revamped. Each member had to work out a secret arrangement with its respective cable companies, secret rooms had to be built, cables needed to be spliced into, data had to be back hauled to analysis centers, and faster processing facilities had to be constructed. In addition, because some of the critical connections were beyond reach of the members—no longer could they just plant a dish on a remote island—new secret partnerships had to be worked out with countries along cable routes.
In countries where no cooperation could be obtained, the NSA or one of its partners would have to surreptitiously recruit someone at a telecom switch to install a bug, or, as a last resort, attempt to physically tap the fiber-optic cable itself. “The best way to do it is to get in the switching station on the land. Find out where they are, bribe whoever you have to bribe, get access,” said one knowledgeable intelligence official. One key problem when tapping any cable, he said, is not knowing what’s going over it until going to all the trouble of gaining access to it. “Sometimes we don’t know what’s on them, we don’t know what the traffic is, so our intelligence, in terms of telling you what’s on the line, sometimes is good, sometimes is terrible. So you may be facing a situation, you spend several hundred million dollars in a year preparing to go do something and you find out that the take sucks.”
Although tapping into underground fiber-optic lines is much more difficult than tapping into a copper cable, the technique has been perfected by the NSA. For cables buried in foreign countries, the task of gaining access to them was given to a unique covert organization named the Special Collection Service (S.C.S), which combined the clandestine skills of the CIA with the technical capabilities of the NSA. Its purpose is to put sophisticated eavesdropping equipment—from bugs to parabolic antennas—in difficult-to-reach places. It also attempts to target for recruitment key foreign communications personnel, such as database managers, systems administrators, and I.T specialists.
The S.C.S is a key link in the NSA’s transition from a traditional focus on information “in motion” to information “at rest.” Since the first transatlantic intercept station was erected on Gillin farm in Houlton, Maine, just before the close of World War I, Sigint has concentrated on intercepting signals as they travel through the air or space. But as technology makes that increasingly difficult and cost prohibitive, the tendency, say senior intelligence officials, will be to turn instead to information “at rest”—the vast quantity of information stored on computer databases, discs, and hard drives. This may be done either remotely through cyberspace or physically by the S.C.S.
As encryption, fiber optics, the Internet, and other new technologies make life increasingly difficult for the NSA’s intercept operators and code breakers, the S.C.S has greatly expanded and taken on an increasingly important role. “Yesterday’s code clerk is today’s systems administrator,” said one very senior CIA official. The easiest way to a large amount of secret information is to get into foreign databases, and the best way to do that is to recruit—through bribes or other offers—the people who manage the systems. Also, by bribing someone to plant bugs in the keyboards or other vulnerable parts of a computer network, the NSA can intercept messages before the cryptographic software has a chance to jumble the text.
While in some places the NSA or S.C.S has compromised a nation’s entire communications system by bribing an engineer or telecommunications official, in others much of the necessary eavesdropping can be done from special rooms in U.S. embassies. But in difficult countries clandestine S.C.S agents must sometimes fly in disguised as business people and covertly implant the necessary eavesdropping equipment. The person might bring into the target country a parabolic antenna disguised as an umbrella. A receiver and satellite transmitter may be made to appear as a simple radio and laptop computer. The S.C.S official would then camouflage and plant the equipment in a remote site somewhere along the microwave’s narrow beam—maybe in a tree in a wooded area or in the attic of a rented farm house. The signals captured by the equipment would be remotely retransmitted to a geostationary Sigint satellite, which would then relay them to the NSA.
In order to obtain access to fiber-optic cables in non-cooperative or hostile foreign countries, the S.C.S would trace the cable to a remote area and then dig a trench to get access to it. Then the person would place an advanced “clip-on coupler” onto the cable. These commercially available devices, used to test fiber-optic systems, produce a microbend in the cable that allows a small amount of light to leak through the polymer cladding shell. The light can then be captured by a photon detector, a transducer that converts the photons into an electrical signal. This then connects to an optical/electrical converter that is plugged into a port on a laptop fitted with software allowing for remote control. Packed with super-long-life batteries, the entire system can be reburied with a camouflaged line running up a tree to an antenna disguised as branches. Signals from the bug can then be transmitted to an NSA satellite while remote control instructions are broadcast back down to the computer. All of the equipment needed is commercially available.
To tap undersea fiber-optic cables in the Middle East and elsewhere, the navy secretly renovated the Seawolf-class submarine U.S.S Jimmy Carter for such operations. In December 1999 Electric Boat was awarded a $887 million contract to extensively modify the sub with a special forty five-meter-long section for “surveillance, mine warfare, special warfare, payload recovery and advanced communications.” The sub would likely set down on the bottom over the cable while a special NSA team pulled it aboard in the newly installed section, tapped into it, and returned it to the bottom attached to a breakaway pod. A cable could then be covertly laid from the pod to a hidden shore location for clandestine transmission back to Fort Meade. The only problem is it hasn’t yet worked. “Can’t do it—doesn’t have the ability to tap in. Won’t be able to for a long time, if ever,” said one knowledgeable intelligence official. “Tapping the cables underwater is extremely hard. I mean, it’s hard enough doing it on land, but it’s extremely hard to do it underwater. It’s not like copper cable where you just go out and put something on it.”
Fortunately for the NSA, industrial-strength cable tapping has always been a big business for countries around the world—and the agency has often been a beneficiary. In Britain, siphoning telegrams and later e-mail from incoming and outgoing cables has a long tradition, and G.C.H.Q and the NSA have always been the closest of trading partners. In the 1960's, all cable traffic entering and leaving the United Kingdom was scrutinized by a special department of the post office, which controlled the cable system. “On the morning after they have been sent or received,” said one report, “they are collected and sifted by a Post Office department concerned with security. Then any cables believed to be of special interest are passed to the Security Services. They are studied there, copied if necessary, and returned to the Post Office, which owns the former Cable and Wireless Company. Cables passed through private companies—mainly branches of foreign concerns operating in Britain—are collected in vans or cars each morning and taken to the Post Office security department. The probe is conducted under a special warrant, signed by a Secretary of State under Section 4 of the Official Secrets Act and regularly renewed to keep it valid.” While communications technology has certainly changed since the 1960's, there is no indication that either the British policy or Section 4 of the Official Secrets Act has changed.
Just as the NSA and G.C.H.Q are now attempting to find ways into the new world of fiber-optic cables, they faced similar challenges at the dawn of the satellite age forty years earlier. It was a time of enormous change; the U.S. and the UK would be directly connected for the first time, by both satellite and undersea cable. In 1962 the British Post Office Satellite Communications Station at Goonhilly Downs in Cornwall came online and its ninety-foot satellite dish began tracking Telstar, the world’s first communications satellite. But because of Telstar’s low orbit, communications could only be transmitted and received as the satellite passed overhead every 158 minutes.
The following year, the first submarine cable directly linking the two countries was completed. Known as TAT-3, the cable ran from Tuckerton, New Jersey, to Widemouth Bay near Bude in Cornwall. Then in April 1965, the first geostationary communications satellite, INTELSAT 1, nicknamed “Early Bird,” was launched. At 22,300 miles in space over the equator, it was able to maintain a fixed position between the two continents. This allowed, for the first time, direct and continuous communications between Goonhilly Downs and the U.S. satellite ground station in Etam, West Virginia. Rapidly, other nations around the world began building ground stations and communicating with one another via Early Bird.
G.C.H.Q needed no help from the NSA obtaining the communications coming over TAT-3. Since the UK end of the cable was under the control of the post office, it simply obtained the traffic directly from them—possibly at a G.C.H.Q facility near the Bude landing station. The cable was one of the few communications links between countries in Europe and North America and therefore proved a rich source of intelligence. But now much of Europe and beyond was bypassing England and communicating directly through Early Bird to other parts of the world. Without satellite dishes to intercept those signals, that widening stream of intelligence was out of G.C.H.Q’s reach—until the NSA came to the rescue.
At the time, the NSA was building its own satellite interception base at Sugar Grove, West Virginia, about fifty miles from Early Bird’s down link at Etam. Seeing the value in a worldwide network of such dishes—the eventual Echelon operation—the NSA agreed to help finance and build the station for G.C.H.Q. The place chosen was Bude, possibly to place it near an existing interception facility for the TAT-3 cable. Today Widemouth Bay is the landing point for TAT-14 and a number of other major fiber-optic cables.
Once the two ninety-foot dishes at Bude were completed in the late 1960's, the director of G.C.H.Q at the time, Sir Leonard Hooper, sent his personal thanks to NSA director Marshall “Pat” Carter. In his note he suggested that the original two dishes should be named after Carter and his deputy, Louis Tordella. “I know that I have leaned shamefully on you, and sometimes taken your name in vain, when I needed approval for something at this end,” Sir Leonard wrote. “The aerials at Bude ought to be christened ‘Pat’ and ‘Louis’!” Hooper added, “Between us, we have ensured that the blankets and sheets are more tightly tucked around the bed in which our two sets of people lie and, like you, I like it that way.”
Sitting high above the Celtic Sea on the edge of Sharpnose Point, Bude today has nearly a dozen dishes pointed at various satellites, spanning the Indian Ocean to the South Atlantic. Since the opening of the space age, Goonhilly Downs had been a key link for Britain in satellite communications. But in 2008 the station was closed down. That left Madley, a village in Herefordshire about fifty miles from G.C.H.Q headquarters, as the country’s major satellite gateway.
After initial sorting at Bude, the intercepts are transmitted over an encrypted fiber-optic cable 171 miles northeast to a boxy, thirty-year-old building at G.C.H.Q’s Oakley complex in Cheltenham, Gloucestershire. There in X Division they are run through supercomputers, including a Cray 3, before being transferred by cable another four miles across town to the organization’s new high-tech facility at Benhall. In 2004, most of Oakley and the agency’s original headquarters at Benhall were destroyed by the wrecking ball as the new Benhall center opened for business. By then the supercomputers were also supposed to have been moved to the new facility. The massive undertaking, at a cost of $120 million, would have been the most expensive and delicate move in British history.
But as the transfer was about to take place, there was great concern that the critical flow of intelligence would be interrupted. In particular, it would have been impossible to monitor mobile phone chatter between suspected terrorists. Instead, it was decided to leave the machines in place at Oakley, along with several hundred staff, and spend $616 million on a fiber-optic cable linking the two centers. Over the following seven years, as the banks of supercomputers become obsolete, new machines will be installed directly at Benhall and thus guarantee continuity.
At the new center, the reams of intercepts would undergo final analysis by the agency’s cryptolinguists, code breakers, and data miners and other members of the staff. Based on what information was contained in the messages and phone calls, the analysts would write up reports and forward them to the NSA and the other members of the Five Eyes pact.
Completed in 2003, G.C.H.Q’s $660 million new headquarters totaled 1.1 million square feet and covered 176 acres. It replaced more than fifty buildings on several sites. Many of the structures were huts similar to those that covered Bletchley Park, the secret World War II code-breaking center where the German Enigma code was solved. Far from Bletchley’s solemn, monastery-like environment, the new G.C.H.Q is a marvel of space age construction. Made with steel, aluminum, glass, granite, Cotswold limestone, wood, and concrete, it is built in the shape of a modernistic silver-colored doughnut. The “hole” at the center is an open-air garden the size of London’s Albert Hall. Inside the building are enough copper computer cables to stretch all the way to Rio de Janeiro, and surrounding the doughnut are parking lots with about twenty-nine hundred spaces.
The radical design by the British architect Chris Johnson was also intended to help foster interaction in a population known for security paranoia and eyes-lowered introversion. “It’s a huge change for an organization whose traditional mentality was ‘Shut the door behind you, and make sure no one follows you,’ ” he said. “They worked in an environment with their blinds down and doors locked. Not many people knew who their coworkers were, and there was no real sense of community or belonging.” So today, although the building contains one million square feet of space stretched over four floors, the doughnut shape means that each employee is never any more than a five-minute walk from any colleague. Also included inside the doughnut is a six-hundred-seat restaurant, a health club, and a museum.
Security was also a key feature in the design, with eight inches of blast cladding fitted to all outer walls. As a further precaution, the deeper one goes into the doughnut, the higher the clearance required. And while the agency remains the blackest of Britain’s spy agencies, it is also striving to be the greenest. The shell of each office chair is made from thirty-six large recycled plastic soft drink bottles; desks and table surfaces are made from 90 percent recycled wood; and all steel products are made from 30 percent recycled metal.
Though it was originally built to hold about four thousand people, the number of personnel crowding into the doughnut is now about fifty-two hundred as a result of the buildup following the attacks on 9/11 and the London bombings in 2005. In an effort to attract new Web-savvy recruits, G.C.H.Q has turned to ad campaigns within online computer games such as Tom Clancy’s Splinter Cell Double Agent and Rainbow Six Vegas. And to find talented cipher-brains, the agency joined with the British Computer Society to sponsor a code-breaking competition called the National Cipher Challenge. Conducted on the Internet and lasting three months, the game involved cracking coded messages passed between Lord Nelson and naval intelligence as they tried to block a plot by Napoleon to obtain a mysterious Chinese weapon. To add to the complexity of the plot, the secret to the mystery lay in the encrypted two-hundred-year-old writings by the Elizabethan spy Christopher Marlowe.
G.C.H.Q’s biggest need, like that of the NSA, was for linguists, and in one recruitment pitch, the agency said it was seeking candidates fluent in Albanian, Amharic, any other African languages, Arabic, Azeri, Baluchi, Basque, Bengali, Brahui, Bulgarian, Chechen, Chinese, Dari, Georgian, Greek, Gujerati, Hindi, Indonesian, Japanese, Kashmiri, Kazakh, Korean, Kurdish-Sorani, Macedonian, Malay, Mirpuri, Nepali, Papiamento, Pashto, Patois/Creoles, Persian, Polish, Potohari, Punjabi, Romanian, SerboCroat, Shona, Somali, Swahili, Tamil, Turkish, Ukrainian, Urdu, Uzbek, and Vietnamese.
By 2007, Britain’s security and intelligence budget had more than doubled to $4.2 billion from less than $2 billion before September 2001. At $1.6 billion, G.C.H.Q was the most expensive part of that budget, yet it was still overstretched. According to a report by the Parliamentary Intelligence and Security Committee, a key factor was the agency’s continuous need to support M.I.5’s domestic terrorism investigations. One of those was Operation Overt, a huge surveillance and intelligence effort targeting two cells of suspected Islamic militants who were believed to be plotting an attack on transatlantic airliners.
In light of these domestic terrorism threats, there has been a strong effort by the British attorney general to allow intercepts from G.C.H.Q to be introduced in court as evidence during trial of terrorism suspects. But the move is greatly opposed by G.C.H.Q officials, who claim the measure would jeopardize its intelligence collection techniques and divert substantial resources to prepare transcripts of thousands of hours of phone conversations for court cases. “G.C.H.Q is, not unnaturally, nervous that its techniques might get into the public domain,” said Shadow Home Secretary David Davis. Agreeing with Davis was Sir Swinton Thomas, whose odd title was Interception of Communications Commissioner. “The number of cases where intercept material would make a substantial difference are very few indeed or possibly even nonexistent,” he said. And G.C.H.Q officials told members of Parliament, “So far we do not believe that anything proposed passes the test of doing more good than harm.”
Another problem is the long delay in developing a secure communications system to connect G.C.H.Q with the other intelligence agencies and their overseas offices. Known as Scope, the system was supposed to be in place by 2004 but has now been delayed for another five years.
“How much we need to grow will depend more or less on how much ministers decide to grow the Security Service,” said Pepper, who planned to retire in July 2008, after five years as head of G.C.H.Q. “So our C.T [counter terrorism] capability will need to keep pace so we can support the number of operations there that they are running . . . By the end of the year we had found that we were managing to support most of Security Service’s highest-priority operations, but we were not achieving the quality of support that we and they had agreed we should aim for . . . essentially because we were spreading ourselves too thin . . . We do not have enough CT resources.”
The biggest problem, according to Pepper, was the ever-expanding Internet and especially the increasing use of the Internet for phone calls. These VoIP calls frustrate the eavesdroppers at G.C.H.Q because they bypass the traditional telecom hubs and gateways, such as Bude, that are piped to the agency. “The Internet uses a very different approach to communications,” said Pepper, “in that, rather than having any sense of fixed lines like that, there is a big network with a number of nodes, but for any individual communicating, their communications are broken up into shorter packets. So whether you are sending an e-mail or any other form of Internet communication, anything you send is broken up into packets. These packets are then routed around the network and may go in any one of a number of different routes because the network is designed to be resilient . . . This [represents] the biggest change in telecoms technology since the invention of the telephone. It is a complete revolution.”
In order to bring some relief to G.C.H.Q, the Intelligence and Security Committee, which oversees the spy agencies, developed a Sigint modernization program. This included a twenty fold increase in the agency’s ability to access, process, and store Internet and telephone data. It also led to “the automation of certain aspects of the analysis of communications, allowing improved identification of networks—a task that previously had to be performed manually. As a result, analysts now have more time to interpret the data and establish its significance.”
The number of people in Britain whose communications were targeted had exploded in recent years. According to the 2007 report by the Interception of Communications Commissioner, the watchdog office that oversees eavesdropping by the intelligence community, over 439,000 requests were made to monitor people’s telephone calls, e-mails, and letters by secret agencies and police departments in just over a year. The report also revealed that nearly four thousand errors were reported in a fifteen month period. The author of the report, Sir Swinton Thomas, described the figures as “unacceptably high.” Human rights groups labeled the revelations as signs of a “creeping contempt for our personal privacy.”
Stretched along the curving Middle East seabed, the FLAG Falcon cable comes ashore in a number of countries with high intelligence value. Connecting Egypt to Mumbai, India, it traverses Oman, Bahrain, Kuwait, Qatar, and others. Of most interest to the NSA, however, are Iran, Iraq, Sudan, and Yemen, all of which have either joined or are eager to soon do so. The agency had long targeted Iran’s nine Intelsat and four Inmarsat earth stations, and its microwave links to Turkey, Pakistan, and Afghanistan, but the thought of much of that traffic being transferred to a subsea cable has many at Fort Meade nervous.
Containing 120,000 voice and data circuits, the $1.2 billion cable is owned by FLAG (Fiber-optic Link Around the Globe), the world’s largest private undersea cable system, with a vast network spanning forty thousand miles. Upon the completion of its newest cable, FLAG N.G.N, the company will soon have the capacity to carry a massive 2.5 billion simultaneous voice calls and 300 million simultaneous web chats in sixty countries on four continents. It is the Gulf region’s most powerful cable, operating at a terabit per second, and its ring shape also provides redundancy, known as a self-healing capability.
For the NSA, as the Middle East seabed becomes layered with cables, it must begin establishing secret relationships with countries outside its exclusive Five Eyes club, something that is already happening, according to Keith Coulter, who, from 2001 until 2005, was director of the Canadian member of the group. According to Coulter, the Five Eyes “form the tightest and most historical partnership that we have had. It is strong.” But, he noted, times are changing and his agency and the other members must also begin forming other cooperative arrangements. “The group,” he said, “has been longstanding and successful but the world is evolving and so other partnerships are necessary, on our part and our allies’ part. I belong to a European group that includes a number of countries, among which there is some sharing because there is much interest in terrorism.”
Probably the best place within the entire region to install a listening post is the Indian city of Mumbai. It represents the kind of location where the NSA would seek to establish a secret presence; it is also an example of how many people may now be tapping into private phone calls and e-mail worldwide. From a listening post in Mumbai, eavesdroppers could listen to conversations between Europe and Asia, for example.
Mumbai contains the central switch for virtually all the cables in the Middle East and much of Asia, including FLAG, FLAG Falcon, SEA-ME-WE 3, and SEA-ME-WE 4. SEA-ME-WE 3 alone is the longest system in the world at over twenty-four thousand miles—the distance around the earth. It has thirty-nine landing points in thirty-three countries on four continents, from Western Europe (including Germany, England, and France) to the Far East (including China, Japan, and Singapore) and Australia. Some of the cables connecting in Mumbai also have links to Iran, Pakistan, and other countries of great interest to the NSA.
The Mumbai switch is owned by V.S.N.L, part of the Indian government. A few years ago the Indian NSA, Research and Analysis Wing (RAW), proposed tapping into it, according to Major General V. K. Singh, a former top official for RAW. “Sometime in 2000–2001,” Singh said, “someone in RAW proposed that monitoring equipment should be installed at the V.S.N.L gateway in Mumbai. When I joined RAW in November 2000, the project was still being discussed.” V.S.N.L, he added, “agreed to provide the facilities for installation of the interception equipment, but expressed misgivings about the presence of RAW personnel and equipment in its premises, which were frequently visited by foreign members of the consortium [that owned the cables].”
To alleviate the company’s concern, RAW suggested that the company buy and install the equipment themselves and then apply for reimbursement from the intelligence agency. But while the company found the arrangement agreeable, Singh himself was troubled. “I had felt uneasy about the project right from the beginning,” he said. “It would have been okay if we were going to intercept traffic going from or coming to India. One could always justify this on the ground that we wanted to monitor traffic related to terrorism . . . But the S.M.W 3 [Southeast Asia–Middle East–Western Europe cable] was also carrying traffic that had nothing to do with India. What right did we have to monitor a call between a person in Germany who was talking to someone in Japan? . . . I expressed my misgivings several times . . . What we were planning to do was clearly another form of illegal interception. In fact, it was worse because we would not only be violating our own but also international laws. I was surprised when I found that other people in RAW not only disagreed but scoffed at my ideas.”
General Singh was relieved when V.S.N.L became privatized and was sold to the very large Indian company the Tata Group, thinking that the new company would not want to get involved in illegally spying on its customers. “But apparently this did not happen,” he said. Agreements between the company and the government were signed. Singh left RAW in 2004, and he does not know if it is continuing. “But the fact that it was planned and approved raises many questions,” he said. “Intelligence agencies need to be reminded, occasionally, that they are working not for themselves but the country and its citizens, who must never be humiliated by their actions.”
More recently, the Indian government has become alarmed at the realization that BlackBerry users are able to evade its digital dragnet when sending e-mail. As a result, the government gave the four domestic mobile operators offering the service a deadline to detail precisely how they route their users’ messages or have the system terminated. It is a preview of what may eventually happen in other democracies, including the U.S., as eavesdropping becomes all encompassing.
A key problem for New Delhi officials is the fact that BlackBerry’s encrypted e-mail passes through servers all based outside the country. The system is licensed to India’s mobile operators by Research in Motion (RIM), a Canadian company so confident in the security of its encryption that it considers it virtually unbreakable. “Rumours speculating that [e-mail] can be intercepted and read by the National Security Agency in the U.S.,” RIM has claimed, “or other ‘spy’ organisations are based on false and misleading information.” In an extraordinary move, in an effort to resolve the impasse and prevent the mobile e-mail service from being shut down, Canada’s electronic spies have agreed to help India’s RAW intercept the BlackBerry messages.
Whether the NSA currently has its own equipment at the Mumbai landing station is unknown, but among the tools the Bush administration uses to get governments to cooperate in its eavesdropping operations are cash, equipment, and political pressure. The administration has recently used all three with Mexico, a country with an atrocious record of police corruption, torture, and human rights abuses. The State Department’s Human Rights Report for 2006 said Mexico’s “deeply entrenched culture of impunity and corruption persisted, particularly at the state and local level. The following human rights problems were reported: unlawful killings by security forces; kidnappings, including by police; torture; poor and overcrowded prison conditions; arbitrary arrests and detention; corruption, inefficiency, and lack of transparency in the judicial system; statements coerced through torture permitted as evidence in trials; criminal intimidation of journalists, leading to self-censorship; corruption at all levels of government; domestic violence against women often perpetrated with impunity; criminal violence, including killings against women; trafficking in persons, sometimes allegedly with official involvement; social and economic discrimination against indigenous people; and child labor.”
“I was furious to discover my life on papers, documents, recordings and computer files,” said Sansores, a fifty-two-year-old senator from an opposition political party who had been tipped off by an anonymous note. “Seven years of my life were there, tracked in detail.” She and her aides later discovered that the equipment had been purchased by the government for $1.2 million from Israel.
More than a dozen other examples of systematic government eavesdropping around the country were also discovered about the same time— from hidden cameras and microphones uncovered in the offices of the Mexico City government to interceptions of telephone calls by a state governor. “The discoveries and the willingness of the targets to go public with evidence—confirmed many Mexicans’ long-held suspicion that their government has acted as an omnipresent Big Brother spying on its citizenry, its perceived enemies and, frequently, on some of its own agencies and officials,” said one news report at the time.
Aware of Mexico’s abysmal record in both human rights and in electronic surveillance, in 2006 the Bush administration entered into a quiet agreement with the Mexican government to fund and build an enormous $3 million telephone and Internet eavesdropping center that would reach into every town and village in the country. According to a State Department document used to solicit vendors for the system, the United States would provide Mexico “with the capability to intercept, analyze, and use intercepted information from all types of communications systems operating in Mexico.” The document continued:
The U.S. Government intends to procure a communications intercept system that enables the timely receipt, processing, analysis, and storage of intercepted communications from the national telephonic and other communications service providers in Mexico. The proposed system must comply with the following A.F.I [Agencia Federal de Investigaciones, Mexico’s Federal Investigative Agency] stated requirements for interception of target calls and sessions from (1) TELMEX PSTN network, through analog lines, (2) TELCEL TDMA and GSM network, (3) NEXTEL iDEIM/GSM network, (4) TELEFONICA network, (5) UNEFON network, (6) IUSACELL CDMA network and TDMA network, (7) Existing CISCO VoIP network at customer’s premises, (8) packet data from the Mexico PRODIGY ISP network. Additionally the client desires the establishment of a central monitoring center with the capabilities of (1) real-time and off-line playback, (2) fax decoding, (3) packet data decoding, (4) storage of all calls for at least 25,000 hours, (5) storage of all session related information, (6) 30 monitoring stations and 30 printers, (7) cellular location and tracking. Capabilities must include TDMA, GSM, CDMA, iDEN, AMPS, PCS, landline, FAX, Email, chat, Internet, SMS and VoIP. The communications intercept system must include all necessary hardware, software and equipment required to provide a complete solution. Proposals must include pricing for the complete system, installation of the system, training in Spanish on use of the system and technical support.
The system the Bush administration wanted for Mexico was similar to its warrant less eavesdropping operation in the U.S. “The target phone database should be able to accommodate a maximum of 8,000,000 sessions,” it added, “programmable by telephone service provider and monitoring center operators.” The surveillance center would also have “the ability to generate a data bank for voices for the analysis of comparison, recognition and identification.” This would give the center the capability to scan millions of telephone calls using voice prints of their targets. Another innovation was the ability to bring under surveillance ever widening circles of people—not just the target, but whoever called the target and then whoever called that person, and so on. “The ability,” said the proposal, “to analyze calls (call crossovers) and the automatic generation of links between them.” The system was also required to reach every phone in the country. “The Contractor shall be responsible,” said the document, “for integrating into the telephone intercept system the required plans and maps of the entire Mexican Republic.”
Both sides have tried to avoid drawing attention to the agreement, however, because of the potential hostile reaction by the Mexican public to the possibility that all their phone calls and e-mail might be analyzed and stored not only by their own government but also by intelligence agents in Washington.
For the Bush administration and the NSA, there may be some significant strings attached to the offer to wire Mexico border to border and coast to coast with a free $3 million eavesdropping system. Most important, the U.S. will get full access to the data, possibly in a way similar to the setup with AT&T in San Francisco. It is the type of deal NSA may be working out with countries around the world as part of an Echelon II–style operation. A key problem with such a worldwide system is that it would supply countries with potentially even worse human rights and privacy records than Mexico with a critical means of internal repression.
The strings attached are contained in the part of the proposal labeled “Requirements.” One of these items is a requirement “to disseminate timely and accurate, actionable information to each country’s respective federal, state, local, private, and international partners.” Since the U.S. certainly qualifies as an “international partner,” it means Mexico is obligated to disseminate its data to a U.S. agency. But what is perhaps even more troublesome is the requirement to share its data with “private” partners—in other words private surveillance companies within the U.S.
This type of arrangement with Mexico and other countries may in fact be among the most secret parts of the Bush administration’s entire warrant less eavesdropping program. That is because it completely bypasses the requirement for probable cause that one of the parties is connected to al-Qaeda. The intercepted data is gathered by Mexicans in Mexico— much of it involving calls to and from Americans across the border—and passed in bulk to the U.S., possibly to the NSA or FBI or Drug Enforcement Administration. Rather than al-Qaeda, it might involve drugs. According to a number of legal scholars, it may even be possible to introduce this type of information in U.S. courts. The protections offered by the Fourth Amendment, they say, do not apply outside the United States, especially when the surveillance is conducted by another country.
But coming to his rescue was Steven G. Bradbury, the Justice Department point man on the warrant less surveillance program, who chose his words very carefully. “Well, if I might just jump in, Congressman. I think the president has made it clear that there is no other program that involves domestic electronic surveillance of domestic communications, and so the program that the President has described is the only program along those lines” [emphasis added]. By deliberately adding that caveat, “domestic” electronic surveillance, Bradbury appeared to be leaving open the possibility of foreign electronic surveillance of U.S. domestic communications.
Using non–U.S. citizens in a foreign country to evade the law and eavesdrop on Americans is not a new idea. In the 1970's, the Bureau of Narcotics and Dangerous Drugs (B.N.D.D)—the predecessor of the Drug Enforcement Administration—was unable to obtain a judicial warrant to eavesdrop on a group of Americans within the U.S. As a result, they secretly turned to the NSA and asked them to conduct the illegal eavesdropping on their behalf. The NSA agreed, but the agency was nervous about giving the watch list containing the U.S. names to its intercept operators at the U.S. listening post (probably Sugar Grove, West Virginia). Because they were mostly military, they were worried about frequent turnover of personnel and the risk of the operation leaking out. Thus they asked the CIA to give help in conducting the eavesdropping with the watch list, which they agreed to do However, when the cooperation was discovered by the CIA’s general counsel, Larry Houston, it was abruptly called to a halt. In Houston’s opinion the activity possibly violated Section 605 of the Communications Act of 1934, prohibiting the unauthorized disclosure of private communications. He concluded, too, that since the intercepted messages were eventually given by the NSA to B.N.D.D, the activity was for law enforcement purposes, which was outside the CIA’s charter. As a result of Houston’s memorandum, the CIA suspended any further collection.
But according to the NSA’s deputy director at the time, Louis Tordella, the major reason for the CIA pullout was that the phone calls were being intercepted from American soil. “I was told that if they could move a group of Cubans up to Canada,” Tordella said, “it would be quite all right, but they would not do it in the United States.” Rebuffed by the CIA, the NSA continued the operation itself. A few years later it was among the many illegal programs uncovered by the Church Committee that led to F.I.S.A. Now the idea may have returned. If so, countries like Mexico and Britain could target American communications with their own nationals, on their own territory, and pass the information to the NSA.
Canada, however, despite Tordella’s suggestion, seems an unlikely candidate to assist the NSA in spying on Americans, despite sharing our northern border. Since the very beginning, Canada’s highly secret Communications Security Establishment (C.S.E) has been a key member of the Five Eyes partnership. During the Cold War, the organization played a large role in monitoring Soviet submarine and shipping activities in the Arctic. Then in August 2001 Keith Coulter became director and moved into his office in the Edward Drake Building, a modern six-story reinforced concrete and steel structure in the shape of a Y. Set in a modern, park like landscape at the crest of a hill on Ottawa’s Bronson Avenue, it was once the home of the Canadian Broadcasting Corporation. Today it pulls signals in rather than sending them out.
A onetime fighter pilot with the Snowbirds, the Canadian Forces Air Demonstration Team, and later a planner with the Treasury Board, Coulter was in office for just five weeks before the attacks of 9/11. Almost overnight, he was forced to put his agency into overdrive, to quickly move it into the twenty-first century. “Throughout the 1990's as C.S.E moved further away from its Cold War focus, the pace of change in the telecommunications world moved from evolutionary to truly revolutionary,” he said. “The routing of messages became unpredictable. Anything could be anywhere in this new communications landscape.” Coulter added, “Further, in the new environment, communications were moving in complex bundles that had to be mapped and analyzed before acquisition was even possible.”
Another problem was legal—the C.S.E was prohibited from eavesdropping on not only domestic communications but also international, where one end of a conversation touched Canada. The law, Coulter said, “affected C.S.E in two ways. First, it prevented C.S.E from intercepting communications that an intelligence target abroad sent to or received from Canada. For example, C.S.E could not provide intelligence on a known terrorist group abroad if it was communicating with a member or accomplice in Canada. Second, this provision prevented C.S.E from intercepting any communications that might contain private communications. The difficulty here was that, in this new technological environment where anything could be anywhere in virtually endless communications haystacks and electronic highways, it was impossible for C.S.E to prove, before it acquired a communication, that both ends of the communication would be foreign. The result was that as technologies continued to evolve, C.S.E was increasingly unable to access valuable intelligence sources. By the time of the events of 9/11, all of C.S.E’s international partners—the U.S., Britain, Australia, and New Zealand—had already found ways to deal with this issue. C.S.E was being left behind.”
To catch up, Coulter was able to obtain changes in Canada’s Anti-Terrorism Act that allowed C.S.E to begin targeting foreigners and foreign organizations abroad. “The act,” he said, “allowed C.S.E to get back into the game . . . The authority that was given to us by Parliament allows us to get at that very rare but important call between, say, a terrorist group and a Canadian. It may be of international as well as national importance because of relationships.”
But unlike the NSA’s policy of warrant less targeting of Americans, C.S.E’s ear is still welded to its base pointed outward. According to Coulter, his organization is forbidden from targeting Canadians either at home or abroad. “C.S.E is prohibited from directing its activities against Canadians or anyone else located within the twelve-mile limit that defines Canadian territory,” he said. “C.S.E is also prohibited from directing its activities at Canadians abroad, defined in the act as Canadians or permanent residents.” In addition, a National Defense Headquarters instruction also forbids domestic eavesdropping.
Coulter indicates that C.S.E, once seen as little more than the NSA’s Canadian stepchild, has become more independent. He says the C.S.E even refuses to share with the NSA any communications touching Canadian territory, such as the international fiber-optic cables entering and leaving Pennant Point, near Halifax, Nova Scotia, or the satellite gateways at Pennant Point, Laurentides in Quebec, and Lake Cowichan in British Columbia. “We do not share with the United States anything that would involve one-end Canadian. I want to make it very clear, that is not something we do,” he said. “The kind of thing we collect, that very small volume of information that we have that has an end in Canada, is shared within Canada and not within our partnership community.” In fact, in 2003, during the United Nations Security Council debate over whether to invade Iraq, the NSA asked all Five Eyes countries to target the communications between diplomats on the Council. Canada, which had opposed the invasion, was the only member to refuse.
Today, C.S.E’s budget has skyrocketed from the years before the 9/11 attacks, going from $140 million in 2000 to more than $200 million by 2007. It also increased its personnel by 80 percent to about 1,700.
To house them, the agency is constructing a new $62 million (Canadian dollars), 65,000-square-foot headquarters building in Ottawa. During the Cold War, one of the C.S.E’s most important listening posts was in the far north at Alert, on the northeastern tip of Ellesmere Island in the Nunavut territory. The northernmost permanently inhabited settlement in the world—only about 450 miles from the North Pole Alert was the perfect place to eavesdrop on the northernmost reaches of the Soviet Union because it was closer to Moscow than to Ottawa. There were about 215 intercept operators and support personnel posted there during the station’s heyday. But the demise of the Soviet Union meant the end of Alert.
To eavesdrop on the Pacific, a station was established at Masset, at the top end of Graham Island off British Columbia. And the Atlantic region was monitored by a station at Gander in eastern Newfoundland. But in the late 1990's, both stations were, like Alert, largely shut down. They focused on high-frequency communications and the world had shifted to satellites and fiber-optic cables. Thus, what is left of the three stations is now remotely controlled by the C.S.E’s principal listening post at C.F.S Leitrim, located at 3545 Leitrim Road in Gloucester, just south of Ottawa. Originally opened in 1941, the station now has 450 military personnel and twenty-eight civilian employees and targets satellite communications with four radome-covered dishes behind the main building.
The current chief of C.S.E is sixty-six-year-old John L. Adams, who replaced Keith Coulter in July 2005. He dislikes the Orwellian image some people have of his agency. “I get very concerned about this ‘Big Brother is watching me.’ Nothing could be further from the truth,” he says. The major problem, according to Adams, is volume. Even “with all of your fancy electronic filters,” he says, “Big Brother would just be overwhelmed.” Adams then gives the numbers. “There are one billion Internet users online right now,” he says. “Over fifty billion e-mails are sent every day. The sheer volume, the variety, the velocity, the complexity of communications today would make this absurdly impossible. Especially for an organization of our small size.”
Like Coulter, Adams also says that there are no agreements between the NSA and C.S.E to spy on each other’s citizens. “There are all sorts of myths about C.S.E,” he says. “One is that we ask our partner organizations in the Five Eyes community to target Canadian communications for us, or that we target their citizens for them. I can tell you that we do not.”
An odd choice for chief, Adams had spent his career in the Canadian army largely as a bureaucrat and generalist. The five years prior to taking over the electronic spy agency he spent as a senior official in the fisheries and ocean department of the Coast Guard. In fact, prior to his appointment he didn’t even know what the organization did. “It’s very much a need-to-know business, and I didn’t need to know, so I didn’t know.”
For those countries beyond the Five Eyes, without an NSA or a C.S.E or a G.C.H.Q, there are a few companies that will build them the next best thing.
next
Wiretappers
No comments:
Post a Comment