@War: The Rise of the Military-Internet Complex (7 page)

But almost as soon as the NSA started spying on new targets, Hayden and his staff discovered what they thought were significant limitations on the agency's ability to cast a wider surveillance net and ensure it was doing all it could to prevent another attack. The White House wanted to know what more the NSA could do. So, Hayden asked his senior managers and the NSA's signals intelligence experts, what would they put on their wish list?

For starters, they said, there was a huge so-called international gap. The NSA was monitoring foreign threats. The FBI handled domestic ones. But no agency was following the foreign threats as they came into the United States. In part that was to prevent US intelligence agencies from spying on Americans. But that sensible prohibition, enshrined in more than two decades of law and regulation, now seemed like a suicide pact.

The NSA also wanted to tweak the existing rules so they could intercept communications that transited the United States as they traveled from one foreign country to another. Under current law, if the agency wanted to capture a foreign terrorist's e-mail, it might have to get a warrant if that e-mail was stored on a server located in the United States. This was obviously foreign intelligence, it just happened to move over a fiber-optic cable or end up in a corporate database on US soil. NSA staffers argued that the agency should be allowed to grab that without asking for permission from a court, just as it could legally do if the message were stored on a server in a foreign country.

But the NSA also wanted to analyze more domestic communications. The staff proposed an idea first conceived in 1999, in preparation for the threat of terrorist attacks during millennium celebrations. The agency wanted to conduct “contact chaining” on US phone numbers. This was a painstaking process of figuring out who someone had called, who those people had called, who
they
had called, and so on, all based on analyzing phone records. The NSA wouldn't see the names associated with those phone numbers, but they believed the contact chain would help identify people of interest in a possible terrorist network. The Justice Department had ruled at the time that even monitoring this so-called metadata required a warrant, because the data was associated with people presumed to be Americans or legal residents. Now the NSA wanted to start contact chaining on phone numbers in the United States to see who was in contact with terrorists—whether they were abroad or already here. Hayden himself pointed out to administration officials that metadata wasn't considered “content” under US law, and therefore wasn't subject to the Fourth Amendment's prohibition on warrantless surveillance. Indeed, the US Supreme Court had ruled in 1979 that the government didn't need a warrant to capture a phone number, because a person voluntarily gave up the privacy of that information the moment he dialed the number and it was recorded by the phone company.

For all the items on the wish list, the NSA believed that current surveillance law was insufficient because it hadn't kept up with technological change. When the legislation governing intelligence operations against Americans, the Foreign Intelligence Surveillance Act, was signed into law in 1978, there was no data-mining software to allow contact chaining. There was no global communications network using US soil as a transit point. And there was no threat of international terrorism inside the United States. Now the obvious next move for the administration was asking Congress to change the law, to allow the NSA to do many of the things that Hayden and his staff were certain needed to be done.

President Bush's advisers, however, were in no mood to seek Congress's permission for intelligence activities that they believed were within his discretion. Vice President Cheney, in particular, was loath to allow lawmakers to start directing NSA operations against al-Qaeda. The White House was also concerned that a public debate about changes in surveillance law would tip off terrorists to what the NSA was doing to track them.

Cheney took Hayden's list of ideas and, working with the NSA director and other White House staff, came up with a plan to give the agency broad new authorities under executive order. The task of writing up the order itself fell to David Addington, Cheney's legal counsel and his right-hand man in the White House. The NSA would now be allowed to monitor communications inside the United States, so long as one end of that communication was outside the country and the communication was reasonably believed to be associated with terrorism. The NSA would not have to seek permission from a court to monitor individual phone numbers or e-mails, a legal process that historically had taken four to six weeks. Now it could engage in hot pursuit of as many communications as it pleased, so long as they fit within the boundaries of the executive order—and the NSA's computer systems could process them all.

Bush signed the order on October 4, 2001.

 

The NSA was going to war, and it set to work right away on its new campaign. A twenty-four-hour watch center was set up, called the Metadata Analysis Center, or MAC.
It was situated in the Signals Intelligence Directorate, the part of the NSA that steals or intercepts digital communications. A group of experienced NSA analysts and engineers were put on the new team; they all had to sign nondisclosure agreements. They were given office space. And the program was given a code name, or “security compartment”: Starburst. A new name, Stellar Wind, would come a few weeks later, on October 31, 2001. The program also got a hefty dose of new hardware: fifty computer servers to store and process all the new data Starburst collected. The agency didn't want a record of it suddenly buying a lot of new equipment. So officials asked a server vendor to divert a shipment intended for another recipient to the NSA instead, and to tell no one. The servers arrived at Fort Meade under police escort on October 13.

Hayden told the new Starburst team members during meetings on October 6 and 7 that the emergency, warrantless collection of communications involving people in the United States was temporary. But that was belied by the program's $25 million budget, a large amount of money to spend on a program that was only supposed to last thirty days.

Nearly ninety NSA employees were cleared for access within the first week of the program's operations. Two staffers in the NSA's Office of General Counsel reviewed the program—after Bush signed the order—and determined that it was legal. The office didn't document its opinions or legal rationale.

By October 7, three days after Bush had signed the order, the MAC was running twenty-four hours a day, seven days a week, crunching metadata sucked up by NSA's electronic filters. Twenty analysts and software developers worked in three shifts. Many of the MAC employees had manually built call chains of Russian intelligence targets during the Cold War. Now this process was being automated and applied to al-Qaeda and its affiliates, its financial and political supporters, and would-be recruits.

The contact chain of an individual target could stretch into the millions of people if an analyst wanted to look at every single person in that target's contact list, along with all
their
contacts. The analysts called each link in the chain a “hop.” Following one hop to the next, to see who might be connected to the original target, was reminiscent of the game Six Degrees of Kevin Bacon, in which players try to connect the prolific actor to some other actor who appeared in one of his films or TV shows. Hayden got a briefing from the MAC once a week, and his deputy got one every night, a measure of its supreme importance in the new intelligence war on terrorism.

The MAC had other partners at the NSA and outside the secret confines of Fort Meade. The spy agency set up a counterterrorism “product line” to send specific tasks to the MAC and conduct analysis of what was found in the contact chains. The FBI and the CIA got involved, providing leads to the MAC, which conducted contact chaining inside the United States. Telephone and Internet companies also started sending the NSA content—the recorded words of a phone call or the written text of an e-mail or Internet communication. The task of collecting this data, which was in the hands of corporations, was managed by the NSA's Special Source Operations group, its primary liaison and conduit to the telecommunications companies, Internet service and communications providers, and other companies that moved and stored the information that the NSA wanted. The agency set up equipment at the companies' physical facilities and installed surveillance devices on computers and networks that they controlled. One crucial participant, AT&T, which managed huge swaths of the telecom network, had a secure facility not far from the NSA's Fort Meade headquarters where it had historically provided mostly foreign communications for the intelligence agency. The company also allowed the government to install monitoring equipment at an office in San Francisco as part of the new domestic collection regime.

The companies were not powerless to resist—one major firm, Qwest Communications, rebuffed the agency's requests for telephone metadata because the government lacked a warrant. But most companies complied with the administration's requests, owing largely to assurances that the president had authorized the collection, which, officials argued, made it legal. The companies became indispensable partners in a new global surveillance system. Only a handful of executives within each firm even knew that the NSA had spy portals inside their facilities. Corporate employees were cleared into the program on a strictly need-to-know basis, meant to limit the risk of exposure of the NSA's clandestine mission. NSA employees were handpicked to work on the program. The product line grew rapidly. Thirty days after Bush had signed the emergency order, the new surveillance program was fully up and running. The military-Internet complex was born.

 

As significant as the NSA's new authorities to listen in on phone calls and read e-mails were, it was the bulk collection of phone and Internet metadata that put the most power in Stellar Wind's sails. A human analyst would never have enough time to listen to all those calls and read so many messages, and presumably the terrorists would mostly be communicating in code and not explicitly stating where they planned to attack and when. But contact chaining could illuminate the network based on how targets were connected to one another.

Metadata was pouring into the agency's computers and databases, faster than it could be analyzed in real time. Eventually, the agency would start to run out of storage space to keep its intelligence haul and electricity to power the computers that churned the information into intelligible graphs. And
intelligible
was a debatable term. NSA analysts created bigger contact chains than ever before. They fed the metadata into a massive graphing system that displayed connections as a bewildering array of hundreds of overlapping lines. Analysts called it the BAG, for “big ass graph.”

The FBI and the CIA also used the metadata NSA obtained. These agencies either sent the NSA a specific request for information about a particular phone number or e-mail address—what the NSA called a “selector”—or they asked more broadly for information about a target's contacts. These were known internally at the NSA as “leads.” The FBI and the CIA could submit leads in order to discover more leads, and then investigate those people. The NSA sent back reports, known as “tippers,” which contained the contact-chaining analysis that related to terrorism or potential terrorist links.

The intelligence cycle didn't always run smoothly. FBI agents complained that many of the leads the NSA supplied were dead ends—particularly the telephone numbers of suspected terrorists whom the agency believed were in the United States or had contacts there. But this team spying was a primitive model for the fusion center that was set up in Iraq six years later. Contact chaining was also the same method of analysis that the soldier-spy team at Balad used to hunt down Iraqi insurgents and terrorists. The system was even used on targets in Iraq before the first US boots hit the ground. In 2003, prior to the United States–led invasion, Bush authorized the NSA to spy on members of the Iraqi Intelligence Service whom the CIA had determined were engaged in terrorist activity that threatened the United States. (The same claim was later used to help publicly justify the United States' case for war, along with the CIA's conclusion that Iraq had been manufacturing and stockpiling chemical weapons. Both claims were later proven false. The NSA stopped spying on the Iraqi Intelligence Service under the Stellar Wind program in March 2004.)

As the months passed, NSA's contact chaining became more automated. Analysts developed tools that would send alerts about new people in the chain that they might want to examine. Anyone who had direct contact with an individual already on the NSA's list could be reported to the FBI or the CIA. Usually, the analysts would move out two hops from a target. It was up to them to determine whether the information was reportable—that is, whether the names of people they were finding in their digital nets could be included in intelligence reports and sent around the government. This was a crucial step. If an analyst discovered that an e-mail or a phone number was connected to a US citizen or a legal resident, the law usually demanded that he stop the analysis and obtain a warrant before going any further. If a communication of one of these so-called US persons was referred to even tangentially in an intelligence report, the NSA was supposed to use an anonymous designation: “US Person 1,” for instance. This process, called minimization, was meant to keep innocent Americans' names from ending up in covert intelligence reports and being associated with terrorists or spies. It was also meant to prevent the NSA from building dossiers on Americans.

But it wasn't data on Americans that the NSA was most curious about. What Hayden called “the real gold of the program” was the entirely foreign communications that the NSA intercepted as they passed through telecommunications lines and equipment in the United States. The agency could spy on the world without leaving home.