This is an excerpt from Deep State: Inside the Government Secrecy Industry, by Marc Ambinder and D.B. Grady. Over the next few weeks, we'll be running a series of NSA-related excerpts from the book here on The Compass.
**
A dozen years after 9/11, former NSA director Michael Hayden, now retired, remains accessible. He answers questions sent to his AOL email address. "Can the UK task the U.S. with listening to British citizens? Can the U.S. task the Brits with collecting on U.S. citizens?"
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
SUBSCRIBE & SAVE
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
"Absolutely not," he replies.
"Does the NSA maintain a database of potential political undesirables in the event of martial law in the U.S.?"
"An urban legend," he says.
Did the NSA illegally eavesdrop on American citizens?
Though the intelligence community esteems Hayden — indeed, it's hard to find someone he has worked with who will speak ill of him even in private — in public he becomes quite defensive about the special programs. Of course, he cannot be too defensive, because he can't present a defense. The program, discontinued and then revived under the FISA Amendments Act of 2008, is ongoing and has expanded beyond what even he envisioned for it. It remains Top Secret and compartmentalized as SI, or "Special Intelligence." If that wasn't enough, the program is stovepiped into a special compartment whose name itself is classified.
The basic reasoning behind such draconian secrecy measures is that if Bill the Plumber knows roughly how the NSA intercepts communications originating within the United States, then Michelle the Terrorist will likely also know this and change her communication methods accordingly. The United States, collectively, will then find it harder to figure out where the bad gals and guys are. So far as national security arguments go, this one is fairly basic. Still, it's not inherently persuasive, being predicated on a condition that there are terrorists who assume the U.S. government doesn't have a method of listening to telephone calls or reading emails.
That said, when the New York Times printed details of the NSA surveillance program in 2005 — whatever one's feelings about the special programs and their legality — there is evidence that the bad guys weren't making these assumptions. The Times bowed to White House pressure to sit on the story for a year but reversed course shortly before the publication of a book by one of the story's lead reporters. Though the Times story itself did not contain any details that intelligence officials could later tie to any American lives placed in jeopardy — and indeed, the NSA thanked the Times in private for its discretion, while publicly flailing it — the percussive effect led to a disclosure that made it harder for the NSA to perform basic functions: that American companies were cooperating with the NSA, mostly by providing them with reams of data about foreign communications that happened to touch (or "transit through") an American wire. "This, by far, was the worst disclosure," Hayden said in an interview. "It actively stopped collection that no one anywhere had any problem with."
Ironically, the first public confirmation that President Bush had authorized the acquisition of information from these domestic junctions came courtesy of Bob Graham of Florida, chairman of the Senate Select Committee on Intelligence, who mentioned it to the Washington Post after the Times first reported the domestic terminal portion of the story. Graham had been told about the cooperative arrangement between the government and the telecoms in October 2002. Not long after that the NSA and the telecoms had figured out how to sift through reams of metadata in real time. Earlier that summer, the NSA had started to set up splitters at key telecom network nodes across the country, including one in San Francisco that was exposed by a whistleblower.
The special programs (of which the Terrorist Surveillance Program is a part) reside at the intersection of two very complicated and overlapping bodies of law, each with its own language and legislative history. Laws circumscribing the practice of domestic law enforcement and statutes proscribing the country's flexibility to respond to existential military threats are not always reconcilable — nor were they designed to be. Where laws governing domestic law enforcement tend to minimize powers and focus on the traditional balance of self-government and security, the larger body of national security laws often justifies its own existence with the need to give the executive branch a normative foundation for extraordinary actions.
The NSA operates collection platforms in more than 50 countries and uses airplanes and submarines, ships and satellites, specially modified trucks, and cleverly disguised antennas. It has managed to break the cryptographic systems of most of its targets and prides itself on sending first-rate product to the president of the United States.
Inside the United States, the NSA's collection is regulated by FISA, passed in 1978 to provide a legal framework for intercepting communications related to foreign intelligence or terrorism where one party is inside the United States and might be considered a "U.S. person."
Three bits of terminology: The NSA "collects on" someone, with the preposition indicating the broad scope of the verb. Think of a rake pushing leaves into a bin. The NSA intercepts a very small percentage of the communications it collects. At NSA, to "intercept" is to introduce to the collection process an analyst, who examines a leaf that has appeared in his or her computer bin. (An analyst could use computer software to assist here, but the basic distinction the NSA makes is that the actual interception requires intent and specificity on behalf of the interceptor.) A "U.S. person" refers to a U.S. citizen, a legal resident of the United States, or a corporation or business legally chartered inside the United States.
Before the Terrorist Surveillance Program went live, the system was designed to work something like this: When the FBI or CIA developed information about foreign espionage or terrorist plots that tied legitimately bad people to U.S. persons (citizens, corporations, charities), the government, through the Justice Department's Office of Intelligence Policy and Review, applied for a FISA warrant. This allowed the NSA to collect all electronic communications that directly emanated from, or were directed to, that specific U.S. person — so long as one side of the conversation was known to be overseas.
In practice, the process went like this: If an NSA analyst decided that one party of a conversation she was about to monitor (or had just intercepted) might be inside the United States, she would have to convince her superior that there was probable cause to believe that the person inside the United States was connected to the foreign intelligence purpose that the analyst was tasked with collecting on. The superior would go the NSA general counsel, who could veto the request. If the general counsel approved, however, a packet of materials would be created for the Justice Department to review. Again, Justice could say no, but if they said yes, they (that is, Justice) would have to draft a document demonstrating probable cause for the duty judge on the FISC. This process could be done quickly, but often was not, and certainly couldn't be scaled sufficiently so that potentially urgent situations could be approved. Even accepting that FISA allowed for orderless interceptions in emergencies, the bottleneck of processing applications would be significant. The government was required to have probable cause to believe that the person overseas was a member of, or significantly associated with, a foreign government or terrorist entity. Also, intention mattered. The primary purpose of surveillance had to be to gather foreign intelligence.
What the special programs did, from a 30,000-foot level, was remove the multiple layers of lawyers. Analysts could decide for themselves whether probable cause existed to intercept a communication. Their work was subject to regular review by the inspector general of the NSA, who would sample target folders to see if the analyst's operational standard of probable cause met hers. The special programs allowed the NSA to determine much more quickly whether a flashing dot somewhere in the world was worth paying attention to or could be safely ignored. It allowed the NSA to directly acquire a raw feed from telecoms — AT&T, BellSouth, and Verizon — and merge it with data collected from a number of other sources (email servers, most of which were based in U.S. credit bureaus; credit card companies; passport records) — to identify the U.S.-based target of a foreign communicator with ties to terrorism, or, in some cases, to identify the foreign-based communicator based on a live intercept. The telecoms provided bulk data in the form of CDRs — Call Detail Records, which included the destination number, the duration of the call, and the location of the call (a home switch, a cell tower, an IP address). The NSA and the telecoms widened secure data channels already constructed for the purpose of allowing law enforcement to monitor to-and-from telephone information in real time — a requirement of the Communications Assistance for Law Enforcement Act.
There was quite a bit the agency could monitor in real time. Based on a scrap of paper collected somewhere overseas with a U.S. phone number on it, the NSA could figure out what other numbers that number called and even determine whether any of those domestic-terminal numbers were in contact with numbers associated with others on the watch list. (This form of analysis is called Community of Interest collection.) To be clear, at this stage of the process the NSA is not actively intercepting communications. It is collecting and analyzing metadata to determine whose communications to intercept. The equipment the NSA reportedly used at the telecom switches (the places where internet traffic gets routed from one company's system to another) allowed them, in theory, to query email traffic for content. The NSA insists that performing such semantic analysis on content was not done until the target was established.
Coming next: Why did the NSA refuse to use a cheaper program that could have better protected civil liberties?
More Deep State excerpts:
Why are lawmakers ringing the alarms about New Jersey's mysterious drones?
10 upcoming albums to stream in the frosty winter
David Sacks: the conservative investor who will be Trump's crypto and AI czar
The recycling crisis
The L.A. teachers strike, explained
The NSA knew about cellphone surveillance around the White House 6 years ago
America's homelessness crisis
The truth about America's illegal immigrants
Chicago in crisis
The bad news about ISIS's defeat in Ramadi
America can still destroy the world
