From the Introduction
The headline for the lead story in the New York Times on December 16, 2005, was stunning in its starkness and simplicity: “Bush Lets U.S. Spy on Callers without Courts.”
Underneath the column-spanning banner was a massive 3,300- word story, written by veteran reporters James Risen and Eric Lichtblau, describing in detail a decision by President George W. Bush to authorize the National Security Agency (NSA) to listen to the conversations of American citizens and others inside the United States without first seeking court permission to do so. According to the Times story, “under a presidential order signed in 2002, the intelligence agency has monitored the international telephone calls and international e-mail messages of hundreds, perhaps thousands, of people inside the United States without warrants over the past three years in an effort to track possible ‘dirty numbers’ linked to Al Qaeda.”
Following the 9/11 attacks, the NSA intensified its tracking of calls and e-mails to and from known Al Qaeda figures, aided in large part by Central Intelligence Agency seizure of terrorists’ cell phones and computers in the Middle East. With President Bush’s executive order in hand, the NSA for the first time began also tracking domestic phone calls and e-mails of people, including U.S. citizens, suspected of having links to Al Qaeda, regardless of how remote those links might be.
Based on interviews with unnamed former and current members of the administration, the Times reported that at any given moment, the NSA was monitoring the communications of up to five hundred Americans. Since the names on the NSA surveillance list shifted over time, however, the Times said that the total number of Americans targeted since the domestic eavesdropping program was launched “may have reached into the thousands.”
Ten days later, after the Bush administration admitted that the NSA had conducted warrantless surveillance of “several hundred” Americans, the Los Angeles Times published a story, under the headline “U.S. Spying Is Much Wider, Some Suspect,” in which various security experts suggested that the NSA was actually conducting wholesale, “look-at-everything” surveillance. As the Los Angeles Times itself conceded, the article and its conclusions were largely speculative, since none of the surveillance experts interviewed had any specific evidence regarding the full extent of the NSA’s domestic spying program.
But the quintessential “black” agency was about to get a little bit grayer. It turned out that the NSA was in fact “looking at everything,” or at least had the opportunity to do so.
The Room that Wasn’t There
Information about the secretive National Security Agency has been notoriously difficult to obtain since the agency was quietly established by President Truman in 1952. The existence of the agency itself didn’t actually remain a secret for all that long: the following summer, the New York Times reported that the Defense Department was launching a $30 million construction project to build a new home for the agency at Fort Meade in Maryland. But little information was available about what the agency would do in its new home.
“The National Security Agency,” the Times said, “which functions under the Defense Department, runs a super-communications network, monitoring and translating broadcasts from all parts of the world. Its services are used not only by the Defense Department, but also by the State Department, the C.I.A., the White House and other Government units.”
The specific nature of the services provided by the NSA to other branches of the government was classified at the time and remains so today. Nonetheless, the veil that has long shrouded the agency has thinned somewhat, particularly during the last couple of decades. The NSA received its largest (unwelcome) publicity boost in 2000, when a committee of the European Parliament issued a report outlining a global program of signals intelligence, code-named ECHELON, that is reportedly operated by the NSA on behalf of the United States, the United Kingdom, Australia, Canada, and New Zealand. Using a combination of satellite, telephone, and microwave intercepts, the ECHELON program enables the NSA to review the contents of millions of phone calls, faxes, e-mails, and text messages sent to and from devices around the world. The European Parliament cautioned, however, that “the analysis carried out in the report has revealed that the technical capabilities of the system are probably not nearly as extensive as some sections of the media had assumed.”
When President Bush freed the NSA from its warrant requirements under federal law, the NSA decided to take a more straightforward approach: directly intercepting the data transmissions flowing through the nation’s largest and busiest telecommunications companies. In January 2003, an AT&T communications technician named Marty Klein noticed that a new room was being built next to AT&T’s 4ESS switching equipment in the San Francisco office in which he worked. The switching equipment, Klein later told Wired magazine’s Ryan Singel, handles all long-distance and international calls. Klein subsequently learned that the person setting up the equipment in the new room had been recruited the previous fall by the NSA.
Not long after the NSA’s arrival at AT&T, Klein was assigned to connect the company’s massive Internet circuits to a so-called “splitting cabinet,” which contained a beam splitter that divided the Internet traffic into two identical streams, one of which flowed into the NSA’s secret room. The diverted data stream was not limited to just AT&T’s customers; thanks to peer sharing agreements among the various companies operating Internet backbones, NSA’s secret room captured data carried on AT&T’s network from other telecommunications companies. Klein said that similar setups were installed in other AT&T switching offices, “including Seattle, San Jose, Los Angeles and San Diego.”
Among other things, Klein reported, the secret room was equipped with a Narus STA 6400, a supercomputer that is part of the NarusInsight Intercept Suite (NIS). In a product description on the Narus Web site, the company says that the NIS “provides service providers and government organizations unmatched flexibility to intercept IP [Internet protocol] communications content and/or identifying information, enabling law enforcement and government organizations around the world to effectively gather evidence of illegal activity in the multi-faceted world of IP communications.” In simpler terms, the NIS is designed to collect huge amounts of data from various types of data networks and apply so-called “semantic traffic analysis” to determine whether any of the traffic contains information of interest to the organization collecting the data. Since 2004, the Narus board of directors has included William P. Crowell, an “independent security consultant” whose prior positions include deputy director of operations and deputy director of the National Security Agency.
While the Narus Web page for the NIS stresses the importance of capturing “all targeted data but nothing else,” it leaves unanswered the thornier question of what constraints exist, if any, for determining whose data should be targeted. It was no accident that the European Parliament opened its report on the NSA ECHELON program by quoting the first-century Roman poet Juvenal: “Sed quis custodiet ipsos custodies?” (But who will guard the guardians?)