Spying on the Homefront
"So many people in America think this does not affect them. They've been convinced that these programs are only targeted at suspected terrorists. I think that's wrong. Our programs are not perfect, and it is inevitable that totally innocent Americans are going to be affected by these programs," former CIA Assistant General Counsel Suzanne Spaulding tells FRONTLINE correspondent Hedrick Smith in Spying on the Home Front. (more »)
CLICK ON A CHAPTER TO START WATCHING
9/11 has indelibly altered America in ways that people are now starting to earnestly question: not only perpetual orange alerts, barricades and body frisks at the airport, but greater government scrutiny of people's records and electronic surveillance of their communications. The watershed, officials tell FRONTLINE, was the government's shift after 9/11 to a strategy of pre-emption at home -- not just prosecuting terrorists for breaking the law, but trying to find and stop them before they strike.
President Bush described his anti-terrorist measures as narrow and targeted, but a FRONTLINE investigation has found that the National Security Agency (NSA) has engaged in wiretapping and sifting Internet communications of millions of Americans; the FBI conducted a data sweep on 250,000 Las Vegas vacationers, and along with more than 50 other agencies, they are mining commercial-sector data banks to an unprecedented degree.
Even government officials with experience since 9/11 are nagged by anxiety about the jeopardy that a war without end against unseen terrorists poses to our way of life, our personal freedoms. "I always said, when I was in my position running counterterrorism operations for the FBI, 'How much security do you want, and how many rights do you want to give up?'" Larry Mefford, former assistant FBI director, tells Smith. "I can give you more security, but I've got to take away some rights. Personally, I want to live in a country where you have a common-sense, fair balance, because I'm worried about people that are untrained, unsupervised, doing things with good intentions but, at the end of the day, harm our liberties."
Although the president told the nation that his NSA eavesdropping program was limited to known Al Qaeda agents or supporters abroad making calls into the U.S., comments of other administration officials and intelligence veterans indicate that the NSA cast its net far more widely. AT&T technician Mark Klein inadvertently discovered that the whole flow of Internet traffic in several AT&T operations centers was being regularly diverted to the NSA, a charge indirectly substantiated by John Yoo, the Justice Department lawyer who wrote the official legal memos legitimizing the president's warrantless wiretapping program. Yoo told FRONTLINE: "The government needs to have access to international communications so that it can try to find communications that are coming into the country where Al Qaeda's trying to send messages to cell members in the country. In order to do that, it does have to have access to communication networks."
Spying on the Home Front also looks at a massive FBI data sweep in December 2003. On a tip that Al Qaeda "might have an interest in Las Vegas" around New Year's 2004, the FBI demanded records from all hotels, airlines, rental car agencies, casinos and other businesses on every person who visited Las Vegas in the run-up to the holiday. Stephen Sprouse and Kristin Douglas of Kansas City, Mo., object to being caught in the FBI dragnet in Las Vegas just because they happened to get married there at the wrong moment. Says Douglas, "I'm sure that the government does a lot of things that I don't know about, and I've always been OK with that -- until I found out that I was included."
A check of all 250,000 Las Vegas visitors against terrorist watch lists turned up no known terrorist suspects or associates of suspects. The FBI told FRONTLINE that the records had been kept for more than two years, but have now all been destroyed.
In the broad reach of NSA eavesdropping, the massive FBI data sweep in Las Vegas, access to records gathered by private database companies that allows government agencies to avoid the limitations provided by the Privacy Act, and nearly 200 other government data-mining programs identified by the Government Accounting Office, experienced national security officials and government attorneys see a troubling and potentially dangerous collision between the strategy of pre-emption and the Fourth Amendment's protections against unreasonable search and seizure.
Peter Swire, a law professor and former White House privacy adviser to President Clinton, tells FRONTLINE that since 9/11 the government has been moving away from the traditional legal standard of investigations based on individual suspicion to generalized suspicion. The new standard, Swire says, is: "Check everybody. Everybody is a suspect." http://www.pbs.org/wgbh/pages/frontline/homefront/view
|Inside the NSA
Created in 1952 by a secret executive order by President Truman, the National Security Agency (NSA) is the largest and most secretive of U.S. intelligence agencies -- so secretive that it is joked that its acronym stands for "No Such Agency" or "Never Say Anything." Its historic mission has been to gather communications intelligence on enemies abroad; a cardinal rule was "hands off Americans at home." However, according to author James Bamford, at several points in its history it has broken that rule. Here, Bamford and two individuals who have worked inside the NSA describe its practices and mind-set.
|Total Information Awareness
After 9/11, the U.S. government began an information stampede to collect any information that might prevent another attack. One of the most ambitious -- and controversial -- plans was a data-mining program known as Total Information Awareness, or TIA. Here, in two Web-exclusive videos, some of the architects behind TIA explain the concept, debate whether it could have worked, and lament the lack of public discussion now that elements of the program are being pursued outside of the public eye.
The FBI's National Security Letters
Since late 2001, the FBI had been using a type of administrative subpoena known as a national security letter (NSL) to acquire reams of financial and communication records to aid investigations. But in the inner-most circles of politics, technology and law, a debate has raged over the power wielded by a few sheets of paper.
|The Federal Government and My
A short explainer of some of the laws protecting privacy and a closer look at federal data-mining efforts, with links to additional readings and advocacy organizations.
|The NSA and the Telecoms
President Bush's domestic surveillance program isn't the first time that the telecom industry has been caught up in allegations that the government was conducting illegal domestic surveillance. Here's background on their historic relationship.
|In Their Own Words
Excerpts from the Bush administration's statements on the president's domestic surveillance program.
Committee Hearings & the FISA Court
A closer look at the famous post-Watergate investigation into domestic spying abuses and how it led to a secret court to authorize surveillance requests.
Author, The Puzzle Palace: Inside the National Security Agency, America's Most Secret Intelligence Organization, and Body of Secrets: Anatomy of the Ultra-Secret National Security Agency
How did the NSA get started? What was its antecedent? What is its history?
The earliest form of the NSA was an organization known as the Black Chamber, which was created around 1920. It was a civilian organization designed to intercept communications and break codes, and it had a secret agreement with telecommunications companies.
From that small start, which was basically a few dozen people, it's grown into the largest intelligence agency in the world. It's a mammoth organization that occupies virtually its own city halfway between Washington and Baltimore. It's an extremely secret organization. For example, there's lots of people from the CIA who have left and written books about the CIA, former directors and all kinds of people. There's never been a single book ever written by a former NSA employee.
It was born in absolute secrecy by a memorandum signed by President Truman, as opposed to the CIA, which came through a public law. ... It was a totally black organization. In other words, virtually nobody outside of a few people in the executive branch was supposed to know about it -- certainly nobody in the public -- and even in Congress there were really only one or two people that had any idea that this agency was created. It was kept that way for about 10 years, and then information began leaking out because of a few defectors that ended up working their way to Moscow. So the secret began getting out.
But still, for most of half a century very few people knew almost anything about NSA. The old joke was it stood for "No Such Agency," and to the people inside, the joke was it stood for "Never Say Anything." I think that's held true through right up until the present, basically. ...
You said it's the largest intelligence agency in the world. How big is it?
NSA is a very interesting agency because it's not only a civilian agency; it's also a military organization, so the director of NSA wears two hats. ... He has his own military basically, his own Army, Navy and Air Force, that are used to actually collect the signals: planes that fly along borders or fly over borders and pick up signals, eavesdrop on communications; ships that sail along coasts and pick up communications. The NSA has people that they put on ships and military listening posts all over the world that are occupied and run a lot of times by the military. So it's a very, very large organization. It was up near 100,000 people during the Vietnam days, counting the military and the civilian. Now it's probably around 30,000.
Biggest intelligence budget? Bigger than the CIA?
In terms of budget it's certainly bigger than the CIA. It's hard to rate its budget because the budget of, I think, the National Reconnaissance Office [NRO] is slightly larger, but that's partly because what they're doing is putting up satellites for NSA. So if you amortize the cost of NSA satellites, it's certainly by far the most expensive intelligence agency in the country.
What is SIGINT? How does the NSA use SIGINT?
SIGINT is one of the big INTs, and INTs are what the intelligence community does. The CIA does HUMINT, which is human intelligence. It's mostly getting people to work for them overseas; getting agents, as they call them, to work for them overseas, to steal documents, pass information. There's another INT, and that's IMINT, imagery intelligence, which is taking pictures of things on the ground and so forth.
So NSA would be bugging the communications of the Soviet Union during the Cold War, listening in on the telemetry of Soviet space shots, that kind of thing?
It did all that, yeah. During the Cold War the Soviet Union mostly communicated, at least through government means, by high-frequency communication, a fairly rudimentary signal being bounced up and down in between the earth and the ionosphere. In order to capture that, the NSA built these huge listening posts all around the Soviet Union with these giant, what they called "elephant cage" antennas. They look like enormous cages for elephants. They were like 100 feet tall and maybe 1,000 feet wide, and they were circular, so the idea would be to capture those signals from any direction and then be able to know exactly what direction those signals came from. ...
Then, after the Cold War, NSA shifted to focusing on a far more difficult task. ... After the Cold War they had to get into the same system that all the rest of the world uses, the regular old telecommunications system. ... So you have millions and millions of communications, and you had to pick out the exact communications you wanted. It was very difficult, because they didn't know where they were coming from, when they were coming or what they would necessarily look like. ...
... What's their method of operation? If they don't know which message is going to be the good one, how do they find it?
One of the things that NSA does is that it hires a lot of people from the telecommunications industry, people who know how the Internet works, know how they built certain systems within the Internet and so forth. For example, they'll hire somebody from Cisco who built various routers, and they'll get them into NSA, and they'll have that person do reverse engineering; in other words, take the router and show them exactly how it was put together, and you start finding the vulnerabilities.
People talk about the NSA having the fastest supercomputers in the world and having the largest concentration of top mathematicians in the world. What is that about?
... You're dealing with fairly sophisticated communications, particularly government communications; a lot of that is encrypted. It's put in the form of a code. These are very sophisticated systems that are developed by computers, and the only way to break those codes or those encryption systems is to have faster and more powerful computers than the computers that put them together in the first place. So NSA has the largest collection of supercomputers in the world. It has one whole building, several floors -- it's called the Tordella Supercomputer Building -- where all they have are supercomputers, the fastest and most powerful computers in the world. Plus, they have parallel processing there, which ties large numbers of computers together and makes them seem like one very giant computer.
So NSA uses all this computer power for a number of reasons. One of them is to try to break these codes. The hardest way is what's known as brute force, which is when you take all that computer power and put it on one problem and use all that force to try to break that system using every possible word/letter/phrase combination you could possibly use, that kind of thing.
What they look for most often are breaks in the system, what they call busts, and that's where somebody does something wrong; somebody makes a mistake; somebody is about to type a password, and they think they're typing it into their secure system, and they accidentally type their password into an open system. That's a backdoor way to get into the system. ...
Does NSA use supercomputers to do data mining?
Yeah. Among the uses for those supercomputers, one is code breaking. The other one is to sift through vast data, vast amounts of data that come in. What they're looking for mostly are numbers. If they actually have a phone number of somebody that was a member of Al Qaeda or whatever, they put the phone number in there, and then anytime that number goes through a system that they're eavesdropping on, whether it's a satellite system or a fiber-optic system or whatever, anytime that number goes through, an alert will go off in an office in NSA. One of the intercept operators will hear an alert, and then they'll start listening to the conversation, or they'll record it or automatically be recorded. That's one way. That's a very specific way. ...
But then there's a lot more general searches, so, for example, the country code for Afghanistan, they may try to do everything within that whole country code. Or they might narrow it down to the country code and the city code; the city code for Kabul, for example. So it's all based on numbers, largely in terms of what they're targeting through this vast flow of international communications.
Although it's not perfect, they do have an ability to look for words in communications, but there's a large error rate when you're looking for words.
You mean in the content, the message?
Yeah, in voice communications, for example. If you're intercepting voice communications and you're trying to pick out individual words, it's a very, very difficult process, because you say "house" one way and I say "house" another way, and computers have a difficult time picking those out unless a computer has been trained into a person's voice. ...
It's much easier, though, if you're going to do a data search on data communications, because if you write "house," you're going to write it the same way I write "house," so it's much easier to pick up those words. ...
Before 9/11 is the NSA doing much inside America?
They're doing almost nothing inside the United States. I interviewed the director ... in January of 2001, and I think he told me that there were about half a dozen people in the U.S. that they were focusing on. ...
NSA was looked at more as the nuclear weapon for eavesdropping, much too powerful to use domestically. It was never set up to use domestically. That's what the FBI was for. It's like you don't use the Army domestically, either. ... NSA was designed to eavesdrop overseas, and that's what it did for most of its existence. It was eavesdropping on international communications and overseas communications. ...
So pre-9/11, the NSA is focused overseas, doing almost nothing domestically, but using supercomputers to sift through enormous volumes of communications to find the ones it wants to focus on.
That's right. You can't get the communications that you want unless you pull it all in, so even though they were only targeting a handful of people in the United States prior to 9/11, they still were actually putting the entire spectrum of communications, satellite communications and so forth, through their filter in order to find those few that they were looking for. They were looking for other communications that they could target that they didn't need to get any warrants for, like Soviet-to-Soviet communications and so forth. ...
What's the historical relationship between the NSA and the telephone companies? Is it close?
Well, it's very close. For almost 100 years NSA and its predecessors have had an extremely close relationship with the telecommunications companies, and during most of that time, there's been illegal agreements between the telecommunications company and NSA, where the companies would actually pass information on to NSA very secretly and largely illegally.
What kind of information?
Well, whatever is going through their system in terms of communications, going back to the '20s, '30s and '40s. So Western Union would pass all its telegrams to NSA very secretly.
You mean telegrams from Americans to Americans? From Americans overseas?
All telegrams. ... During World War I there was censorship during the war. After the war the predecessor to NSA, then known as the Black Chamber, needed to get the information, so the head of the Black Chamber went to the individual telecommunications companies and made secret deals, and he got all the telegrams that would come into the country, go out of the country or go through the country.
On Americans, you're talking about.
Yeah. Whatever they wanted they were given, whether it was Americans or not; the companies didn't care. But this wasn't easy. The companies did not just roll over. They knew this was illegal, so they gave the predecessor to NSA a hard time, but eventually they gave in.
After World War II it was the same thing. The war ended, censorship ended, and all of a sudden the predecessor to NSA at the time didn't have any access to the communications coming in or going out of the country. So once again the director of the agency had to go around secretly to the heads of all the different companies and say: "Will you please cooperate? There will only be a handful of people in your company that will know about it. We will not tell anybody, and I can speak for the attorney general and the president that you won't be prosecuted, at least during this administration." That's basically what they said. ...
And the agreement was?
The way it worked was that the NSA would set up a small little phony television tape-processing company in New York City, and one agent from the NSA would go to each of the companies after midnight and knock on a back door, and the companies would pass to them -- at first they were the hard telegrams. After computers came around they'd pass them the computer-tape journals of all the telegrams. They'd pass it to them through the back door, and he would take it to this phony television tape-processing company, put it through high-speed duplication machines and duplicate all these tape journals of all these telegrams, and then get the original data back to the companies through the back door before the shift went off in the morning.
Then they would take the duplicates and they would transfer them to NSA. They were always afraid of a plane crash, so they would put them with couriers on a train, and then they would take them to NSA headquarters at Fort Meade, [Md.]. Then that day they would take the tapes containing all these telegrams, and they'd run them through these very fast computers. At the time it was known as the harvest computer, and that's exactly what they would do. They would harvest whatever information they were looking for, whether it was an American name or a phrase or a word or an address or whatever they were looking for. ...
It was called Operation Shamrock, and again, it went on from 1945 until it was discovered by Sen. [Frank] Church's investigating committee [the Senate Select Committee to Study Governmental Operations with Respect to Intelligence Activities] in 1975. That's why we have the Foreign Intelligence Surveillance Act [FISA], to prevent this from happening again.
It wasn't just telegrams; it was also telephone calls. There was another operation known as Operation Minaret where they did similar activity with telephone communications within the United States.
So this was done voluntarily by the phone companies, or were there warrants?
No. This was a very, very secret agreement between very high-level people in the government -- secretary of defense, the head of the predecessor of NSA, other people like that. Gen. Eisenhower, before he became president, even got involved. But it was a very, very secret agreement between just maybe three or four people within each company -- the president, the chairman of the board, the general counsel and one or two people who actually passed the stuff out the back door. ...
What was the response? ... Was the NSA badly burned by this whole episode?
Well, this was the most traumatic period in NSA's history by far. Very few people know the extent of the investigation that went on. You have not only the Church Committee that looked into it; you had the Rockefeller Commission [the U.S. President's Commission on CIA Activities Within the United States, headed by Vice President Nelson Rockefeller] that was set up by President Ford to also look into it.
One of the results of that was an investigation by the Justice Department. The Justice Department actually did a criminal investigation of NSA. They actually looked at NSA, the entire agency, as a potential criminal entity, and they went there, and they read the Miranda rights to senior officials. They eventually came up, after about a year, with I think there was around 21 different areas where they could possibly prosecute NSA for doing all this illegal activity. They eventually decided not to take this to court, not to have any prosecution, because any kind of court activity would necessarily involve release of enormous amounts of secret information, and they didn't want to do that. So the bottom line was they basically put this criminal case in a file and locked the door and didn't do anything.
What they did at the end was recommend that, instead of pursuing this criminal case which would involve releasing too many secrets, that Congress look into changing the law to make this illegal. And again, that was another impetus for creation of the Foreign Intelligence Surveillance Act.
... What kind of policies did NSA institute after that to ensure they didn't violate the law again?
... I got the distinct impression, having spent a lot of time at NSA over many years, that they were very compliant with law. ... Those people that I dealt with were there during the Church Committee, and they did not want to go through that again. They did not want to go through the public exposure. They didn't want to go through the potential criminal jeopardy. They didn't want to go through any of that again. So they would tell me that the DEA, for example, the Drug Enforcement Administration, would push them to go close to the edge to get this communications or whatever, and they would always push back, because they didn't want to get to the edge.
So the attitude before 9/11 is: Don't touch Americans. We've got this very narrow group for which you get a warrant.
That's right. They had enough to do with focusing on the rest of the world. They left the U.S. to the FBI. Both for legal reasons and just because of practicality, they wanted to put the bulk of their resources overseas, not domestically.
Consultant, Innovative Analytics and Training; former NSA employee
What was NSA like in the 1980s as a place to work?
Well, it was really a mystique. I remember in those days, the metric that the college recruiters would use is to come to college campuses very, very quietly and actually ask you if you like to do crossword puzzles. That was the way you were supposed to be evaluated in the very first instance on whether you belonged at NSA or not.
It was a very quiet place. It was a place that was steeped in the secrecy of the Cold War. Getting in was seen as very much a badge of honor and something that was very exciting. More importantly, it was very much a time when whatever the work flow was, you were privileged at the time to be exposed to some of the best technology in the world, or, in those days, 10, if not 15 years ahead of anything that was available in the commercial market in the communications arena. ...
What was the mission of NSA when you joined it?
The mission of NSA was twofold: It was to conduct signals intelligence abroad to understand both policy issues, threats, etc., but also a defensive mission that was designed to understand what the threats were to communications, not only within the government, but also more broadly for the nation. It had sort of the offensive and the defensive mission at the same time. ...
What was the ethic or the culture about dealing with the communications of Americans?
You ask a very interesting question, because it is absolutely the cardinal rule that I remember from my earliest days at NSA. It was almost something that was put into your bloodline from the very beginning. In essence, you were taught that it was not part of the NSA mission except under very exceptional and legally approved circumstances to be involved with U.S. communications. So in the day, if you came across, whether by stumbling across or by some other way, what you believed to be a U.S. communication, you immediately had to drop. You had to get away from it. It was something that every analyst knew very much in their bloodline.
You touched the third rail.
It was hot-button.
Get out of there.
Get out of there, and even under those very narrow circumstances where you had approval to do that, there were very special handling measures for the data that were not to be disseminated.
The example I love to tell is that today we would use in an instant a Google search engine, for example, to go in and type in the name of someone. In those days it was strictly forbidden, even under threat perhaps of prosecution, to type in the name of a friend or person you knew was a U.S. citizen. And NSA in those days made sure everyone knew that they were not to do that under any circumstances; that in fact if they did do it, playfully or otherwise, their name could potentially be reported to the Department of Justice for violation of law. It was a very, very, very serious matter. ...
... What are the basic kinds of data gathering and analysis that the NSA did as a routine matter?
Initially you are collecting volumes of data that may be geographically oriented volumes of data. They may have to do with a specific group that you're interested in, and in the process you've got to decide what kinds of analytic attacks that you put that data set through. Obviously some of them are very clear. Encryption would be one, trying to understand how to crack the codes of that data set.
Another one would be the language. Obviously all the data in the world does you no good unless you actually have some ability to understand the language really that you are looking for within that data set. Over time techniques have been developed to understand patterns within the data. You can look at trends within the data; you can look at what had been known in the day and I think is even known today as something called traffic analysis, understanding different kinds of patterns within the data. When you have that kind of a large data set you have to be analytically very, very aggressive.
So patterns means who is communicating with whom, how much volume there is. What does traffic analysis mean?
It could be all of those things. It could be volumes of traffic between parties. It could be kinds of information that pass between parties. It can be different parties that are linked up in communication with one another.
Do computers have the power to spot the information, [who it's] going from and to, or find key words in messages?
It's a combination of computers and human beings. It is really not something that is only done by computers. Computers can help a lot, but at the end of the day, at least with my familiarity with it, it involves somebody who is a human being who had familiarity with different targets, a terrorist group, a specific group that they were interested in, etc. ...
... In a world where pre-emption has become the name of the game, does that make an agency like the National Security Agency, with its computer searching and its capacity for data-sifting analysis, a major player?
It is certainly still a major player, but ... that kind of a national strategy would place a premium on intelligence. ... SIGINT would certainly be key to that. ...
This sounds like a tremendous change. When you joined the NSA in 1982 it's totally focused outward; it's looking at the Soviet Union and proxy wars around the world. Now we are talking about it being very much involved domestically as well as overseas.
I'd put a different nuance on it, which is that, in the early days, NSA's ability to provide information perhaps of a pre-emptive nature against Soviet ICBMs [intercontinental ballistic missiles] was as important as [counterterrorism is to] the world we live in today.
On the other hand, while NSA's mission today remains overwhelmingly foreign in nature, what we are learning as a nation is how it will contribute or not to the domestic intelligence mission. That said, for NSA to do its job effectively it is going to have to be able to look through large amounts of data that transit the globe, whether they are in the United States or outside the United States.
Associate professor of law, University of Texas, El Paso; senior adviser to the National Security Whistleblowers Coalition [NSWBC]; former Army intelligence officer subcontracted to the NSA.
To what degree did data mining become increasingly the method of the NSA in the years of the Cold War and even after the Cold War ended?
It's a function of technology. When you have the computing power, then data mining will arise automatically, and the computing power is staggering at the National Security Agency. The average person doesn't have a concept of the massive capability that is available to the National Security Agency. It's by far ahead of anything that people can imagine. So once you have that kind of technical capacity where there really is no upper limit on data collection and subjecting that data collection to analysis, then you have to do that, almost as an intelligence instrument. It's so inviting it's almost impossible to ignore.
Is that the mind-set of people in the NSA?
It is a tool. They obviously do many other things -- cryptographic work, content analysis, busting certain signals, these sorts of things -- but yes, it is a mind-set, to collect everything.
Collect everything, sift it, sort it, make sense out of it.
Make sense out of it, yes. ...
Can you give us any idea of what the scale of the NSA's supercomputing operation is, what they're capable of handling?
The NSA doesn't measure computers in computing power; it measures them in acres. That's how they talk about their computers: how many acres of computers they have. ... We're talking about millions of processors that can work on a single problem simultaneously. The amount of computing power is phenomenal. It's just staggering. ...
The important point here is that what we're talking about, especially with data mining, is not a distributed computer network, where you have lots of different computers working on things. Data mining would require that there be a database that would be centralized ... [in which data would] probably be collected from lots of other databases. I call this database OBAD: One Big-Ass Database. ... The NSA is really the only facility that could subject that database to the kind of algorithmic massage that would be necessary to come to conclusions about the threat levels, for example, every American represented. ...
Shortly after 9/11, when the president says to [former NSA director] Gen. [Michael] Hayden, "What more could you do to help us prevent the second wave of attacks here in the United States?," what does that mean that NSA can do?
NSA historically has been prohibited from collecting information on U.S. citizens. There's something called United States Signal Intelligence Directive [USSID] 18 which prohibits the interception of U.S. citizens or targeting U.S. citizens by the National Security Agency. I think that's out the window. ... So number one is the field of NSA's targets expanded.
Number two is you have a shift, if you will, from targeting for intelligence purposes to law enforcement purposes, and that's an enormous shift. That's a shift in mentality, culture, the application of resources. That is a huge shift that has occurred. ...
... [If] NSA turns from its traditional function of intelligence gathering and analysis overseas and turns it on the United States, what kind of operation does it do?
First of all, forget about the idea of the guy with the earphones on, listening to something. That's not what happens. Calls are collected; communications are collected in an automated fashion by the millions. ... What it means is they're collecting everything about everybody. It is that simple.
What programs is the NSA doing under this warrantless wiretapping the president has authorized?
You have these two programs. One program is the one that's been acknowledged: They use point-to-point communications of known people, known targets. The second program is this data mining, data-analysis program, which is collecting information about everybody from everywhere and subjecting that information to very complex and sophisticated algorithms that only the NSA can do because of their computing power, and then coming to a conclusion, based on patterns, of whether or not people represent a threat to the United States.
Now, what represents a threat to the United States is something that they decide. An algorithm can be changed. For example, we have 760 or 800 federal district court judges in this country. Is it a threat to the national security that a federal district court judge is engaging in an extramarital affair? Well, it may be, because that may make that federal district court judge, in the eyes of the federal government, subject to blackmail. So all you have to do is tweak the algorithm, and then you look at the 760 or 800 federal district court judges, their buying patterns, what they do, and you find the pattern that says this person might be having an affair. What then? So they're subjecting everybody they can collect data on to these very sophisticated algorithms to develop a pattern of threat, a pattern of activity that would yield information and intelligence that they can use. ...
|In this Web-exclusive video, Robert Popp, TIA's deputy director; Steve Lukasik, a former head of DARPA and a terrorist-tracking team leader on TIA; and David Holtzman, a former NSA data miner and current privacy advocate, explain the concepts behind the program, including the development of privacy protections; debate whether it could work; and lament the lack of public discussion now that elements of the program are being pursued outside of the public eye.||
Here, Popp guides correspondent Hedrick Smith through TIA's unique pattern-based-analysis approach. Unlike traditional, follow-the-lead investigations starting with a particular suspect, pattern-based analysis begins with large populations and narrows down potential suspects based on certain criteria.
In response to the bureau's complaints, Congress passed the first National Security Letter statute as an amendment to the RFPA in 1986. The law change allowed the FBI to demand information from financial institutions using administrative subpoenas -- without court order -- if the agency possessed: "specific and articulable facts giving reason to believe that the customer or entity whose records are sought is a foreign power or an agent of a foreign power."
To keep investigations covert, Congress allowed a gag order provision, prohibiting institutions from disclosing receipt of the NSL. Only senior FBI officials could authorize use of the letters.
As the horrendous reality of the Sept. 11 terrorist attacks began to sink into the American consciousness, Congress rushed to provide security agencies with the necessary tools to protect the country, and passed the Patriot Act only 45 days after the attack. Buried deep inside the bill, a handful of amendments greatly increased the power of NSLs.
One of the catalysts for expanding NSLs' domain was their stealth. "The national security letter is an important tool," former Attorney General John Ashcroft told FRONTLINE. "It's important in substantial measure because you don't want to alert individuals who are involved in certain kinds of activity that you are looking at their activity."
The Patriot Act's architects wanted to maximize the value of the gag order, and thus made two key revisions to the NSL statutes: First, they replaced the necessary requirement of "specific and articulable facts of a foreign power" with a much lesser standard of "relevant to an authorized investigation to protect against international terrorism or clandestine intelligence activities." Second, they expanded NSL issuing authority from FBI headquarters to the supervisors of FBI field offices.
This remodeled NSL authority granted the FBI unprecedented access into Americans' financial and communication records. To combat terror, NSLs could now probe deeper into a larger number of private databases, all in complete secrecy.
In 2000, 8,500 NSLs were issued for records of foreign nationals. Four years later that number exploded to 56,507, with over half pertaining to investigations of U.S. persons. Peter Swire, the privacy counsel to the Clinton White House, said the Patriot Act broadened the use of NSLs, moving from an individual warrant to generalized suspicion. "Instead of getting the suspect's records you get the whole database," he explained.
One database the FBI went after was the central hub of Connecticut's 26 independently operated public libraries. In May 2005 the FBI discovered that information about a potential terrorist threat had been sent from a public computer inside the library system. Investigators produced NSLs and obtained access to every record on every person within the massive Connecticut mainframe.
Four infuriated librarians decided to take action and joined a legal battle between the American Civil Liberties Union (ACLU) and the U.S. government that had begun almost a year before. In the case, an Internet service provider based in New York had received an NSL and approached the ACLU with fears that compliance would jeopardize its clientele's private communications. The ACLU subsequently challenged the NSL and its gag order on the grounds of First and Fourth Amendment violations.
For months it was unclear if the case would ever reach trial, as the simple act of disclosure was a criminal offense for the ISP. But a New York judge ruled the non-disclosure provision unconstitutional in September 2004. In his opinion, U.S. District Court Judge Victor Marrero said, "democracy abhors undue secrecy." As the government filed for appeal, the ACLU incorporated the librarians' complaints into its case, and the ruling has since been upheld. As a result, the Patriot Reauthorization Act of 2005 revised the NSL statutes, allowing recipients to acknowledge receipt when seeking legal advice, and requiring the FBI to certify that disclosure would harm national security. However, the law directed judges to treat the FBI statements "as conclusive unless the court finds that the certification was made in bad faith."
Compelled by the court's rulings, Congress demanded increased oversight and periodic review by the Justice Department. In spring 2007, after investigating the issuance of 293 NSLs, Glenn Fine, the Justice Department's inspector general, discovered 22 possible breaches of governmental policy and 26 additional violations. The 200-page review described a multitude of mistakes across the bureau's entire administrative hierarchy, from improper authorization and requests, to unauthorized record collection. When extrapolated to the nearly 150,000 NSLs issued between 2003 and 2005, Fine believed the small sample's results signaled thousands of potential errors.
Delivering his review before the Senate Judiciary Committee, Inspector Fine equated the bureau's errors to carelessness, confusion, and inadequate training, guidance and oversight. "We did not find that FBI agents sought to intentionally misuse the national security letters," Fine said, "Yet, I do not believe that any of these observations excuse the FBI's widespread and serious misuse of its national security letter authorities."
Many insiders were not surprised. "You want your intelligence agent to go full-bore," Swire told FRONTLINE, "and you want the checks and balances on that so we get energy and we get rule of law."
In response to the Justice Department's report, FBI Director Robert Mueller acknowledged the bureau's errors and vowed to take the necessary steps to stop abuses. "The FBI is acutely aware that we cannot protect against threats at the expense of civil liberties," Mueller said, "We are judged not just by our ability to defend the nation from terrorist attacks but also our commitment to defend the rights and freedoms we all enjoy."
Update: In September 2007, Judge Marrero ruled that despite the 2005 revisions to the Patriot Act, the secrecy provisions surrounding the NSLs violated the First Amendment and the separation of powers guarantee, and declared them unconstitutional. He described the provisions limiting judicial oversight as "the legislative equivalent of breaking and entering, with an ominous free pass to the hijacking of constitutional values." According to The Washington Post, Judge Marrero's ruling will likely "eliminate or sharply curtail" the FBI's use of NSLs; however he delayed enforcement of his ruling for 90 days in order to give the government a chance to appeal.
Fritz Kramer is the production assistant for Spying on the Home Front.
The U.S. Constitution does not explicitly guarantee a right to privacy, but the First, Fourth and Ninth Amendments have formed the legal basis for laws protecting privacy.
First Amendment: Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances.
Fourth Amendment: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Ninth Amendment: The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.
The federal Privacy Act of 1974 was passed in the wake of Watergate, amid public concern over abuses of government surveillance power and the computerization of government records. While its purview was comprehensive, the law is now frequently criticized as inadequate, even by the Justice Department itself in the introduction to the text on its Web site: " the act's imprecise language, limited legislative history, and somewhat outdated regulatory guidelines have rendered it a difficult statute to decipher and apply."
Under the Privacy Act, federal agencies cannot keep secret records on U.S. citizens and must allow citizens to view the records kept about them. Agencies' records cannot describe "how any individual exercises rights guaranteed by the First Amendment unless expressly authorized by statute," must be limited to the information the agency needs to carry out its responsibilities, and should be collected from the individual in question if the information may have a negative effect on that person's "rights, benefits and privileges." The act also places limitations on how agencies can share information to prevent the construction of what Clinton administration chief privacy counselor Peter Swire calls "the one database on all Americans run by the government."
The act also gives citizens the right to correct inaccurate information in their records and to sue the government for civil penalties in the case of a violation. A federal employee who violates the act can face criminal charges.
However, as the DOJ's Web site intimates, the act has significant weaknesses. On its Web page about the act, the Electronic Privacy Information Center points out that the law grants exemptions for vaguely defined "law enforcement purposes" and "routine use," and that definitions for important terms such as "record," "system of record" and "identifying particular" are too narrow to be useful in the changing technological landscape. Characterizing the act's efficacy, Swire told FRONTLINE, " a lot of times today, you'll see the government say 'Well, we complied with the Privacy Act,' and that's like saying 'We have a fence that's six inches tall in place, so you're still protected.'"
The Freedom of Information Act, enacted in 1966, is another useful privacy tool; it requires the government to release any federal records requested by members of the public, unless those records fall under the nine exemptions built into the law to protect privileged information. More information on FOIA is available from the University of Missouri's Freedom of Information Center, including sample letters to obtain information from the government under FOIA or the Privacy Act.
State-level privacy and electronic surveillance regulations vary across the country. The National Conference of State Legislatures provides an online list describing each state's laws, as does the Electronic Privacy Information Center
Much of the technology used in daily communications and financial transactions involves the submission or transmission of personal identifying information, which companies can then compile, store, and often sell to other companies or the government. In his book, Privacy Lost, former Navy cryptographic analyst David H. Holtzman examines how personal information gets transferred in everyday transactions.
Credit card companies record customers' purchases and some use that information to construct customer profiles. Those profiles include buying patterns, which can be used to prevent fraud, as well as predictions of future purchasing patterns, which can be sold to marketers or other companies.
The Federal Communication Commission's 2005 Enhanced 911 (E911) rule requires cell phone providers to be able to locate 911 callers "within 50 to 300 meters in most cases" and to provide that information within six months of a government request. To be compliant, most cell phone carriers have installed global positioning satellite chips into cell phones, which can track a user's position to within the mandated range.
Web sites use "cookies" and other software that can log the IP addresses of visitors' computers and other identifying data exchanged during use of the site. Major search engines keep records of searches along with the IP address or other identifying information of the computer from which the search originated. In 2006 the Justice Department subpoenaed search records from Yahoo, Google, MSN and AOL as part of a Supreme Court case over the Child Online Protection Act. Google was the only company to resist the subpoena, and in March, the company announced measures to make search information anonymous after 24 months.
In September 2001, the FBI Office of General Counsel authorized bureau personnel to begin using commercial databases such as LexisNexis and ChoicePoint in the course of counterintelligence investigations, as permitted under revised guidelines from then-Attorney General John Ashcroft. One document (found on page five of this collection of memos) set the tone for FBI investigators, with the instruction: "you may use ChoicePoint to your heart's content." A more comprehensive set of internal documents from the Office of General Counsel explained the legal justification for the new directive and provided guidelines for the use of databases such as ChoicePoint.
A report issued by the General Accounting Office (GAO) in May 2004 found 199 federal data-mining projects, of which 131 were operational and 68 were planned; 122 used "personal information," such as credit reports, student loan application data, bank account numbers or taxpayer identification numbers; and 14 were counterterrorism related. A little-noticed footnote in the report points out that the survey did not include programs at the National Security Agency or CIA; nor did it mention the Defense Department's controversial Total Information Awareness [TIA] program, which was shut down in 2003, but whose programs have secretly moved on to other agencies.
The report found that 52 of the 128 federal agencies surveyed were using or planning data-mining projects for purposes including:
This interactive map assembled by journalism students and professors at Northwestern University outlines the many data-mining programs being operated by branches of the federal government -- from the FBI and the Department of Defense to the Education Department and the Treasury -- along with their connections to private companies, such as ChoicePoint and LexisNexis. [To access the map, click through the introduction page, then choose "Data Mining Programs" at the bottom of the screen.]
In 2004, veteran AT&T communications technician Mark Klein ran into problems with the Internet circuit he was responsible for maintaining. He believed the problem was emanating from a secret room in the company's San Francisco operations center. So Klein asked for help from the only co-worker cleared to work in the room.
Klein's colleague led him down to the sixth floor to an orange door labeled 641A -- a room within another room -- where he punched a code into a special lock and opened the doors. Klein peered over rows of servers and high-tech equipment; he later went public with his suspicions that the room was operated by the super-secret National Security Agency (NSA) and that AT&T was diverting the whole flow of Internet traffic in several of its operations centers to the NSA.
If the allegations against AT&T are true it wouldn't be the first time: Telecom companies have surreptitiously handed clients' communications over to government agencies since World War II. But those relationships are now being tested in a lawsuit against AT&T challenging the legality of the alleged activities within the secret room Klein saw.
After World War I, NSA's predecessor, a civilian code-breaking agency known as the Black Chamber, working on behalf of the government, would pick up telegrams every day from the telegraph companies in violation of secrecy protections of the 1912 Radio Communications Act. Eventually exposed and shut down, the relationships regenerated after World War II, this time with the NSA, which was formed secretly by an executive order by President Truman in 1952.
As the NSA quietly grew into the world's biggest intelligence agency, the telecoms similarly expanded in strength and breadth with new technologies and increased communications coverage. One NSA operation, code-named "Shamrock," would become known as the largest intercept affair in U.S. history. "For almost 30 years, copies of most international telegrams originating or forwarded through the United States were turned over to the National Security Agency," announced Sen. Frank Church (D-Idaho), who spearheaded the investigations that exposed Shamrock. The program, he said, "certainly appears to violate section 605 of the Communications Act of 1934 as well as the Fourth Amendment of the Constitution."
L. Britt Snider was the then-30-year-old Congressional investigator who uncovered Shamrock. In September 1975, after what he described as a series of fruitless and "sometimes comical" efforts to penetrate the goliath NSA, he won a breakthrough interview with Louis Tordella, who had just retired as NSA's deputy director. Tordella unveiled the essence of Operation Shamrock: NSA had a secret room in New York City, obtained with the help of the CIA, where each day it would copy international telegrams sent through the three major communication providers: ITT World Communications, Western Union International, and RCA Global.
"We thought initially it was only New York," Snider explained, "But it turns out to be San Francisco, San Antonio, Washington, New York -- all ... their offices that sent international telegrams."
When FRONTLINE asked how the NSA got the companies to hand over telegrams during Shamrock, Snider replied, "They asked." The companies agreed to hand over communications without warrants.
The revelation of Shamrock and other abuses by the Church Committee investigations led Congress to enact the Foreign Intelligence Surveillance Act (FISA) in 1978. FISA set up a special secret court and set of procedures to oversee intelligence agencies' domestic surveillance.
"What Congress said is, 'Phone company, don't hand this stuff over to the government unless you have a warrant or other proper authority,'" explains Cindy Cohn, an attorney at the Electronic Frontier Foundation, which in January 2006 filed suit against AT&T for allegedly illegally handing over its clients' communications to the NSA.
For more than 25 years after Shamrock was exposed, no new allegations of domestic spying by the NSA came to light. But on Dec. 15, 2005, The New York Times published an article headlined "Bush Lets U.S. Spy on Callers Without Courts," and a firestorm erupted. According to the article, with the president's authorization, the NSA "monitored the international telephone calls and international e-mail messages of hundreds, perhaps thousands, of people inside the United States without warrants over the past three years." Four days after the story was published, President Bush defended the program at a press conference, maintaining that it was limited to calls between suspected terrorists abroad and individuals inside the U.S.
But when Snider heard the news, he was shocked. "I was surprised that we would ever see this be raised as an issue again, because the FISA had settled that issue," he said.
It is still unclear which telecoms have cooperated with the NSA program. On May 11, 2006, USA Today reported that the NSA was collecting Americans' phone calls into a massive database and was getting the data directly from AT&T, Verizon and BellSouth; BellSouth and Verizon both disputed the report. In February 2006, the online publication CNET asked large telecommunications and Internet companies about their involvement in the NSA. Fifteen denied involvement and 12, including AT&T, chose not to reply.
Only one major company, Qwest, announced its refusal to turn over any communications to NSA. The attorney of then-CEO Joseph N. Nacchio issued a statement. "In the fall of 2001 Qwest was approached to permit the government access to the private telephone records of Qwest customers. Mr. Nacchio made inquiry as to whether a warrant or other legal process had been secured in support of that request. When he learned that no such authority had been granted and that there was a disinclination on the part of the authorities to use any legal process, including the special court which had been established to handle such matters, Mr. Nacchio concluded that these requests violated the privacy requirements of the Telecommications Act. Accordingly, Mr. Nacchio issued instructions to refuse to comply with these requests."
The issue is being brought to a head by the EFF's lawsuit against AT&T, which is the first of its kind. In response to the suit, AT&T issued a statement saying "the law does not permit" comment on the NSA allegations. In July 2006, U.S. District Judge Vaughn Walker denied motions from the government and AT&T to dismiss the case. "AT&T cannot seriously contend that a reasonable entity in its position could have believed that the alleged domestic dragnet was legal," Walker wrote. The case is now on appeal before the 9th Circuit.
Neither AT&T nor the NSA would respond to FRONTLINE's request to talk about their alleged relationship.
In April 2007, the Bush administration announced its proposed revisions to FISA; among the proposals was a measure to protect the telecoms. A Justice Department fact sheet is vague, stating, "The proposed legislation includes needed authority both to protect those carriers when they do comply with lawful requests under FISA, and to enable providers to cooperate with authorized intelligence activities." A May 4, 2007 Washington Post article includes more details, including that the immunity would date to Sept. 11, 2001. According to the Post, "The proposal states that 'no action shall lie in any court, and no penalty shall be imposed against any person' for giving the government information, including customer records, in connection with alleged intelligence activity the attorney general certifies 'is, was, would be or would have been' intended to protect the United States from terrorist attack." The proposal is expected to be filed as an amendment to the fiscal 2008 intelligence authorization bill.
In December 2005, The New York Times broke the story of the secret National Security Agency (NSA) warrantless wiretapping program authorized by the president. President Bush and top officials described a limited, carefully monitored program that only affected international phone calls by or to suspected Al Qaeda affiliates in the U.S. But the language they used was carefully constructed; many suspected the administration wasn't disclosing what other things the NSA might be doing.
Five months later the suspicions proved correct. USA Today revealed the government had gathered information from most of the nation's major telephone service providers and set up a vast database of customers' call records. And former AT&T employee Mark Klein provided details about his discovery of a huge flow of Internet traffic in several AT&T operations centers that was being regularly diverted to the NSA for data mining.
Here's a rundown of how President Bush, former NSA Director Michael Hayden and Attorney General Alberto Gonzalez described the government's activities following the revelations.
From a Dec. 19, 2005 press conference
President Bush: ... Consistent with U.S. law and the Constitution, I authorized the interception of international communications of people with known links to Al Qaeda and related terrorist organizations. This program is carefully reviewed approximately every 45 days to ensure it is being used properly. Leaders in the United States Congress have been briefed more than a dozen times on this program. And it has been effective in disrupting the enemy, while safeguarding our civil liberties.
This program has targeted those with known links to Al Qaeda. I've reauthorized this program more than 30 times since the Sept. 11 attacks, and I intend to do so for so long as our nation is -- for so long as the nation faces the continuing threat of an enemy that wants to kill American citizens. ...
Reporter's question: ... Why did you skip the basic safeguards of asking courts for permission for the intercepts?
President Bush: First of all, I -- right after Sept. 11, I knew we were fighting a different kind of war. And so I asked people in my administration to analyze how best for me and our government to do the job people expect us to do, which is to detect and prevent a possible attack. That's what the American people want. We looked at the possible scenarios. And the people responsible for helping us protect and defend came forth with the current program, because it enables us to move faster and quicker. And that's important. We've got to be fast on our feet, quick to detect and prevent.
We use FISA still -- you're referring to the FISA court in your question -- of course, we use FISAs. But FISA is for long-term monitoring. What is needed in order to protect the American people is the ability to move quickly to detect. ...
Reporter's question: If you believe that present law needs to be faster, more agile concerning the surveillance of conversations from someone in the United States to someone outside the country, why, in the four years since 9/11, has your administration not sought to get changes in the law instead of bypassing it, as some of your critics have said?
President Bush: I appreciate that. First, I want to make clear to the people listening that this program is limited in nature to those that are known Al Qaeda ties and/or affiliates. That's important. So it's a program that's limited, and you brought up something that I want to stress, and that is, is that these calls are not intercepted within the country. They are from outside the country to in the country, or vice versa. So in other words, this is not a -- if you're calling from Houston to L.A., that call is not monitored. And if there was ever any need to monitor, there would be a process to do that. ...
Secondly, an open debate about law would say to the enemy, here is what we're going to do. And this is an enemy which adjusts. We monitor this program carefully. We have consulted with members of the Congress over a dozen times. We are constantly reviewing the program. Those of us who review the program have a duty to uphold the laws of the United States, and we take that duty very seriously. ...
Reporter's question: According to FISA's own records, it's received nearly 19,000 requests for wiretaps or search warrants since 1979, rejected just five of them. It also operates in secret, so security shouldn't be a concern, and it can be applied retroactively. Given such a powerful tool of law enforcement is at your disposal, sir, why did you see fit to sidetrack that process?
President Bush: We used the process to monitor. But also, this is a different -- a different era, a different war. So what we're -- people are changing phone numbers and phone calls, and they're moving quick. And we've got to be able to detect and prevent. I keep saying that, but this is a -- it requires quick action.
And without revealing the operating details of our program, I just want to assure the American people that, one, I've got the authority to do this; two, it is a necessary part of my job to protect you; and, three, we're guarding your civil liberties. And we're guarding the civil liberties by monitoring the program on a regular basis, by having the folks at NSA, the legal team, as well as the inspector general, monitor the program, and we're briefing Congress. This is a part of our effort to protect the American people. The American people expect us to protect them and protect their civil liberties. I'm going to do that. That's my job, and I'm going to continue doing my job. ...
Reporter's question: I wonder if you can tell us today, sir, what, if any, limits you believe there are or should be on the powers of a president during a war, at wartime? And if the global war on terror is going to last for decades, as has been forecast, does that mean that we're going to see, therefore, a more or less permanent expansion of the unchecked power of the executive in American society?
President Bush: First of all, I disagree with your assertion of "unchecked power." ... There is the check of people being sworn to uphold the law, for starters. There is oversight. We're talking to Congress all the time, and on this program, to suggest there's unchecked power is not listening to what I'm telling you. I'm telling you, we have briefed the United States Congress on this program a dozen times.
This is an awesome responsibility to make decisions on behalf of the American people, and I understand that, Peter. And we'll continue to work with the Congress, as well as people within our own administration, to constantly monitor programs such as the one I described to you, to make sure that we're protecting the civil liberties of the United States. To say "unchecked power" basically is ascribing some kind of dictatorial position to the president, which I strongly reject.
Reporter's question: What limits do you --
President Bush: I just described limits on this particular program. And that's what's important for the American people to understand. I am doing what you expect me to do, and at the same time, safeguarding the civil liberties of the country.
From a May 11, 2006 press statement by President Bush following new revelations about blanket eavesdropping
... Today there are new claims about other ways we are tracking down Al Qaeda to prevent attacks on America. I want to make some important points about what the government is doing and what the government is not doing.
First, our intelligence activities strictly target Al Qaeda and their known affiliates. Al Qaeda is our enemy and we want to know their plans.
Second, the government does not listen to domestic phone calls without court approval.
Third, the intelligence activities I authorized are lawful and have been briefed to appropriate members of Congress, both Republican and Democrat.
Fourth, the privacy of ordinary Americans is fiercely protected in all our activities. We're not mining or trolling through the personal lives of millions of innocent Americans. Our efforts are focused on links to Al Qaeda and their known affiliates.
So far, we've been very successful in preventing another attack on our soil. As a general matter, every time sensitive intelligence is leaked, it hurts our ability to defeat this enemy. Our most important job is to protect the American people from another attack, and we will do so within the laws of our country.
From a Jan. 23, 2006 address given at the National Press Club
... So now, we come to one additional piece of NSA authorities. These are the activities whose existence the president confirmed several weeks ago. That authorization was based on an intelligence community assessment of a serious and continuing threat to the homeland. The lawfulness of the actual authorization was reviewed by lawyers at the Department of Justice and the White House and was approved by the attorney general.
... Even though I knew the program had been reviewed by the White House and by DOJ, by the Department of Justice, I asked the three most senior and experienced lawyers in NSA: Our enemy in the global war on terrorism doesn't divide the United States from the rest of the world, the global telecommunications system doesn't make that distinction either, our laws do and should; how did these activities square with these facts?
They reported back to me. They supported the lawfulness of this program. Supported, not acquiesced. This was very important to me. A veteran NSA lawyer, one of the three I asked, told me that a correspondent had suggested to him recently that all of the lawyers connected with this program have been very careful from the outset because they knew there would be a day of reckoning. The NSA lawyer replied to him that that had not been the case. NSA had been so careful, he said -- and I'm using his words now here -- NSA had been so careful because in this very focused, limited program, NSA had to ensure that it dealt with privacy interests in an appropriate manner. ...
In early October 2001, I gathered key members of the NSA workforce in our conference room and I introduced our new operational authority to them. With the historic culture of NSA being what it was and is, I had to do this personally. I told them what we were going to do and why. I also told them that we were going to carry out this program and not go one step further. ...
There are no communications more important to the safety of this country than those affiliated with Al Qaeda with one end in the United States. The president's authorization allows us to track this kind of call more comprehensively and more efficiently. The trigger is quicker and a bit softer than it is for a FISA warrant, but the intrusion into privacy is also limited: only international calls and only those we have a reasonable basis to believe involve Al Qaeda or one of its affiliates. ...
Their work is actively overseen by the most intense oversight regime in the history of the National Security Agency. The agency's conduct of this program is thoroughly reviewed by the NSA's general counsel and inspector general. The program has also been reviewed by the Department of Justice for compliance with the president's authorization. Oversight also includes an aggressive training program to ensure that all activities are consistent with the letter and the intent of the authorization and with the preservation of civil liberties.
Let me talk for a few minutes also about what this program is not. It is not a drift net over Dearborn or Lackawanna or Freemont grabbing conversations that we then sort out by these alleged keyword searches or data-mining tools or other devices that so-called experts keep talking about.
This is targeted and focused. This is not about intercepting conversations between people in the United States. This is hot pursuit of communications entering or leaving America involving someone we believe is associated with Al Qaeda. We bring to bear all the technology we can to ensure that this is so. And if there were ever an anomaly, and we discovered that there had been an inadvertent intercept of a domestic-to-domestic call, that intercept would be destroyed and not reported. But the incident, what we call inadvertent collection, would be recorded and reported. But that's a normal NSA procedure. It's been our procedure for the last quarter century. And as always, as we always do when dealing with U.S. person information, as I said earlier, U.S. identities are expunged when they're not essential to understanding the intelligence value of any report. Again, that's a normal NSA procedure.
So let me make this clear. When you're talking to your daughter at state college, this program cannot intercept your conversations. And when she takes a semester abroad to complete her Arabic studies, this program will not intercept your communications. ...
As the director, I was the one responsible to ensure that this program was limited in its scope and disciplined in its application. ... This isn't a drift net out there where we're soaking up everyone's communications. We are going after very specific communications that our professional judgment tells us we have reason to believe are those associated with people who want to kill Americans. That's what we're doing.
And I realize the challenge that we have. I mentioned earlier the existential issue that NSA has well before this program, that it's got to be powerful if it's going to protect us, and it's also got to be secretive if it's going to protect us. And that creates a tremendous dilemma. I understand that. ...
This is focused. It's targeted. It's very carefully done. You shouldn't worry. ...
NSA is a foreign intelligence agency, and this is about -- what we've talked about here today is about foreign intelligence. ... If we were to be drilled down on a specific individual to the degree that the judgment was we need all comms [communications], we need domestic to domestic, that's the route we go through the FISA court in order to do that.
From his May 18, 2006 confirmation hearing before the Senate Intelligence Committee as Bush's nominee for CIA director
Sen. Carl Levin (D-Mich.): Now, if press reports are true that phone calls of tens of millions of Americans who are not suspected of anything -- but nonetheless the records are maintained in a government database -- would you not agree that if that press report is accurate, that there is at least a privacy concern there whether or not one concludes that security interests outweigh the privacy concerns?
Gen. Hayden: Senator, I mean, from the very beginning we knew that this was a serious issue and that the steps we were taking, although convinced of their lawfulness -- we were taking them in a regime that was different from the regime that existed on 10 September.
I actually told the workforce, not for the special program, but the NSA workforce on the 13th of September ... about free peoples always having to decide to balance their security and their liberties, and that we, for our tradition, have always planted our banner way down here on the end of the spectrum toward security.
And then I told the workforce -- and this has actually been quoted elsewhere -- I told the workforce there are going to be a lot of pressures to push that banner down toward security. And our job at NSA was to keep America free by making Americans feel safe again. So this balance between security and liberty was foremost in our mind.
Sen. Levin: Does that mean your answer to my question is yes?
Gen Hayden: Senator, I understand. There are privacy concerns involved in all of this. There's privacy concerns involved in the routine activities of NSA.
Sen. Levin: Would you say there are privacy concerns involved in this program?
Gen. Hayden: I can certainly understand why someone would be concerned about this.
Sen. Levin: But that's not my question, general. It's a direct question.
Gen. Hayden: Sure.
Sen. Levin: In your judgment, are there privacy...
Gen. Hayden: You want me to say yes or no.
Sen. Levin: I want you to say whatever you believe.
Gen. Hayden: Yes, sir. Here's what I believe. Clearly the privacy of American citizens is a concern, constantly. And it's a concern in this program, it's a concern in everything we've done.
Sen. Levin: That's a little different from the Press Club statement where basically you said the only privacy concern is involved in international phone calls.
Gen. Hayden: No, sir, I don't think it's different. I was very clear in what I said there, I was very careful with my language.
Sen. Levin: Is that the only privacy concern in this program, international phone calls?
Gen. Hayden: Senator, I don't know how to answer your question. I've just answered that there are privacy concerns with everything that we do, of course. We always balance privacy and security, and we do it within the law.
Sen. Levin: The only privacy concerns, though, in this program relates to international phone calls?
Gen. Hayden: Senator, what I was talking about in January at the press club was the program that the president had confirmed. It was the program --
Sen. Levin: That he had confirmed publicly?
Gen. Hayden: Yes, sir, that he confirmed publicly. And I said --
Sen. Levin: Is that the whole program?
Gen. Hayden: Senator, I'm not at liberty to talk about that in open session.
Sen. Levin: I'm not asking you what the program is, I'm just simply saying, is what the president described publicly the whole program?
Gen. Hayden: Senator, all I'm at liberty to say in this session is what I was talking about, and I literally, explicitly said this at the press club, I am talking about the program the president discussed in mid-December.
Sen. Levin: And you're not able to tell us whether what the president described is the whole program?
Gen. Hayden: No, sir, not in open session. I am delighted to go into great detail in closed session.
Sen. Levin: The NSA program that The New York Times on March 14th reported about said that NSA lawyers, while you were the director of the agency, opposed the vice president's efforts to authorize the NSA to, quote, "intercept purely domestic telephone calls." Is that story accurate?
Gen. Hayden: I could recognize a thin vein of my experience inside the story, but I would not characterize how you described the Times story as being accurate. I can give you a few more notes on that, senator.
Sen. Levin: But were there differences between the NSA and the vice president's office about what the desirable scope of this program was?
Gen. Hayden: No, sir. There were discussions about what we could do. Our intent all along, in my discussions, was to do what it is the program does as described, one end of these calls always being foreign.
And as we went forward, we attempted to make it very clear that that's all we were doing and that's all we were authorized to do. ...
Sen. Ron Wyden (D-Ore.): When it comes to values, credibility is at the top of my list. Now, general, having evaluated your words, I now have a difficult time with your credibility. And let me be specific.
On the wiretapping program in 2001, you were told by the president's lawyers that you had authority to listen to Americans' phone calls. But a year later, in 2002, you testified that you had no authority to listen to Americans' phone calls in the United States unless you had enough evidence for a warrant. But you have since admitted you were wiretapping Americans.
Let me give you another example. After you admitted you were wiretapping Americans, you said on six separate occasions the program was limited to domestic-to-international calls. Now the press is reporting that the NSA has amassed this huge database -- that we've been discussing today -- of domestic calls.
So with all due respect, general, I can't tell now if you've simply said one thing and done another, or whether you have just parsed your words like a lawyer to intentionally mislead the public.
What's to say that if you're confirmed to head the CIA we won't go through exactly this kind of drill with you over there?
Gen. Hayden: Well, senator, you're going to have to make a judgment on my character. Let me talk a little bit about the incidents that you brought up.
The first one, I believe, is testimony in front of the combined HPSCI [House Permanent Select Committee on Intelligence] and SSCI [Senate Select Committee on Intelligence], the joint inquiry commission on the attacks of 9/11. And in my prepared remarks, I was trying to be very careful because we were talking not in closed session in front of the whole committee, but in front of the whole committee in totally open session.
I believe -- and I haven't looked at those remarks for a couple of months now -- I believe I began them by saying that I had been forthcoming in closed sessions with the committee.
... If anyone in the U.S. government should be empathetic to the dilemma of someone in the position I was in, it should be members of this committee who have classified knowledge floating around their left and right lobes every time they go out to make a public statement.
You cannot avoid in your responsibilities talking about Iran, or talking about Iraq, or talking about terrorist surveillance. But you have classified knowledge. And your challenge and your responsibility is to give your audience at that moment the fullest, most complete, most honest rendition you can give them, knowing that you are prevented by law from telling them everything you know.
That's what I did while I was speaking in front of the National Press Club. I chose my words very carefully because I knew that some day I would be having this conversations.
I chose my words very carefully because I wanted to be honest with the people I was addressing. And it wasn't that handful of folks downtown. It was looking into the cameras and talking to the American people.
I bounded my remarks by the program that the president has described in his December radio address. It was the program that was being publicly discussed.
And the key points in my remarks -- I pointedly and consciously down-shifted the language I was using.
When I was talking about a drift net over Lackawanna or Fremont or other cities, I switched from the word "communications" to the much more specific and unarguably accurate "conversations."
And I went on in the speech and later in my question-and-answer period to say: We do not use the content of communications to decide which communications we want to study the content of. In other words, when we looked at the content of a communication, everything between "hello" and "goodbye," we had already established a probable cause standard -- to a probable cause standard, that we had reason to believe that that communication, one or both of those communicants were associated with Al Qaeda.
Senator, I was as full and open as I possibly could be. In addition, my natural instincts, which I think all of you have seen, is to be as full and open as law and policy allow when I'm talking to you as well. Anyone who's gotten a briefing on the terrorist surveillance program from me -- and up until yesterday that was everybody who had ever gotten a briefing on the terrorist surveillance program -- I would be shocked if they thought I was hiding anything.
There was only one purpose in my briefing, and that was to make sure that everyone who was getting that briefing fully understood what NSA was doing. ...
Sen. Orrin Hatch (R-Utah): Now, the distinguished senator from Oregon said that you admitted you were wiretapping Americans. That's a pretty broad statement.
Gen. Hayden: Yes, sir.
Sen. Hatch: It certainly isn't true.
Gen. Hayden: Sir, we were intercepting the international calls entering or exiting the United States which we had reason to believe were associated with Al Qaeda, is how I would describe it. ...
Sen. Russell Feingold (D-Wis.): Senator Bond asked you whether, under the warrantless surveillance program, any Americans had been targeted who were not associated with Al Qaeda. And you replied only that you didn't see how that could occur within the NSA's culture.
The question remains: Has it happened?
Gen. Hayden: In each case, when NSA has targeted a number under this program, there has been a probable cause standard met, in the judgment of our analysis and those who oversee them, that there is reason to believe -- a reasonable person with all the facts available to him or her at the time has cause to believe that this communicant is associated with Al Qaeda.
Sen. Feingold: But that's not my question. ... It's whether it's ever happened that any Americans have been targeted who weren't associated with Al Qaeda. As a matter of fact, has it happened, despite the cautions?
Gen. Hayden: Sir, I'll give you a detail in closed session, all right? Clearly, I think logic would dictate that if you're using a probable cause standard as opposed to absolute certitude, sometimes you may not be right.
From a Feb. 6, 2006 hearing before the Senate Judiciary Committee about the warrantless wiretapping program
Attorney General Gonzales: ... Before going any further, I should make clear what I can discuss today. I am here to explain the department's assessment that the president's terrorist surveillance program is consistent with our laws and the Constitution. I am not here to discuss the operational details of that program or any other classified activity. The president has described the terrorist surveillance program in response to certain leaks. And my discussion in this open forum must be limited to those facts the president has publicly confirmed, nothing more. Many operational details of our intelligence activities remain classified and unknown to our enemy, and it is vital that they remain so. ...
While the president approved this program to respond to the new threats against us, he also imposed several important safeguards to protect the privacy and the civil liberties of all Americans. ...
Mr. Chairman, the terrorist surveillance program is lawful in all respects. ...
Sen. Patrick Leahy (D-Vt.): So NSA didn't do this until the president gave them the green light that they could engage in warrantless wiretapping of Americans inside the United States under the circumstances you described in your earlier testimony?
Attorney General Gonzales: Of course. Senator, the NSA has other authorities to engage in electronic surveillance --
Sen. Leahy: I understand that. I am talking about this specific program.
Attorney General Gonzales: And I am told they took advantage of those authorities, but it is my understanding -- and I believe this to be true -- that the NSA did not commence the kind of electronic surveillance which I am discussing here today prior to the president's authorization. ...
Sen. Herb Kohl (D-Wis.): Just to go back to what Sen. Biden and then Sen. Kyl referred to about Al Qaeda to Al Qaeda within the country -- you are saying we do not get involved in those cases. Now, it would --
Attorney General Gonzales: Not under the program on which I am testifying, that is right. ...
Sen. Kohl: Yet the president has said, you know, with great justification, he is going to protect the American people regardless, and if there is some criticism, he will take the criticism. And yet you are saying Al Qaeda to Al Qaeda within the country is beyond the bounds?
Attorney General Gonzales: Senator, it is beyond the bounds of the program which I am testifying about today. ...
Sen. Dianne Feinstein (D-Calif.): Has the president ever invoked this [executive] authority with respect to any activity other than NSA surveillance?
Attorney General Gonzales: Again, senator, I am not sure how to answer that question. The president has exercised his authority to authorize this very targeted surveillance of international communications of the enemy. I am sorry. Your question is?
Sen. Feinstein: Has the president ever invoked this authority with respect to any activity other than the program we are discussing, the NSA surveillance --
Attorney General Gonzales: Senator, I am not comfortable going down the road of saying yes or no as to what the president has or has not authorized. ...
Sen. Leahy: Is there anything to stop you from wiretapping without a warrant somebody inside the United States that you suspect of having Al Qaeda connections?
Attorney General Gonzales: Clearly, senator, that is not what is going on here, first of all. The president has authorized a much more narrow program. We are always, of course, subject to the Fourth Amendment, so the activities of any kind of surveillance within the United States would, of course, be subject to the Fourth Amendment. ...
Sen. Leahy: Let me ask you this: Under your interpretation of this, can you go in and do mail searches? Can you open first-class mail? Can you do black-bag jobs? And under the idea that you do not have much time to go through what you describe as a cumbersome procedure, but most people think it is a pretty easy procedure, to get a FISA warrant, can you go and do that [to] Americans?
Attorney General Gonzales: Sir, I have tried to outline for you and the Committee what the president has authorized, and that is all that he has authorized.
Sen. Leahy: Did it authorize the opening of first-class mail of U.S. citizens? That you can answer yes or no.
Attorney General Gonzales: There is all kinds of wild speculation about what the --
Sen. Leahy: Did it authorize it?
Attorney General Gonzales: There is all kinds of wild speculation out there about what the president has authorized and what we are actually doing. And I am not going to get into a discussion, senator, about --
Sen. Leahy: Mr. Attorney General, you are not answering my question. I am not asking you what the president authorized. Does this law -- you are the chief law enforcement officer of the country -- does this law authorize the opening of first-class mail of U.S. citizens? Yes or no, under your interpretation?
Attorney General Gonzales: Senator, I think that, again, that is not what is going on here. We are only focused on communications, international communications, where one party to the communication is Al Qaeda. That is what this program is all about. ...
Sen. Leahy: Well, if the president has that authority, does he also have the authority to wiretap Americans' domestic calls and e-mails under this -- let me finish -- under this authority, if he feels it involved Al Qaeda activity? I am talking about within this country, under this authority you have talked about, does he have the power to wiretap Americans within the United States if they are involved in Al Qaeda activity?
Attorney General Gonzales: Sir, I have been asked this question several times --
Sen. Leahy: I know, and you have had somewhat of a vague answer, so I am asking it again.
Attorney General Gonzales: And I have said that that presents a different legal question, a possibly tough constitutional question, and I am not comfortable just off the cuff talking about whether or not such activity would, in fact, be constitutional.
I will say that that is not what we are talking about here. ... I cannot give you assurances. That is not what the president has authorized through this program. ...
Sen. Chuck Schumer (D-NY): Let me ask you about some specific reports. It has been reported by multiple news outlets that the former number two man in the Justice Department, the premier terrorism prosecutor, Jim Comey, expressed grave reservations about the NSA program and at least once refused to give it his blessing. Is that true?
Attorney General Gonzales: Senator, here is a response that I feel that I can give with respect to recent speculation or stories about disagreements. There has not been any serious disagreement, including -- and I think this is accurate -- there has not been any serious disagreement about the program that the president has confirmed. There have been disagreements about other matters regarding operations, which I cannot get into. I will also say --
Sen. Schumer: But there was some -- I am sorry to cut you off, but there was some dissent within the administration, and Jim Comey did express at some point -- that is all I asked you -- some reservations.
Attorney General Gonzales: The point I want to make is that, to my knowledge, none of the reservations dealt with the program that we are talking about today. They dealt with operational capabilities that we are not talking about today. ...
Senator, I want to be very careful here. Because of course I am here only testifying about what the president has confirmed. And with respect to what the president has confirmed, I believe -- I do not believe that these DOJ officials that you are identifying had concerns about this program.
From a May 23, 2006 press conference
Reporter's question: Attorney General Gonzales, I was wondering if you could explain why the administration felt that it was necessary to collect the telephone detail records from the phone companies in your anti-terror [efforts] -- the president has addressed this in a limited way, but I wondered if you could.
Attorney General Gonzales: There has been no confirmation about any details relating to the USA Today story. Now, the president has confirmed that with respect to domestic collection, none of that is occurring in the United States without a court order. He has also indicated that we understand we have legal obligations in terms of collection of certain kinds of information. And those legal obligations are being met.
I will say that what was in the USA Today story did relate to business records. As some of you may know the U.S. Supreme Court, I believe in 1979, in Smith v. Maryland held that those kinds of records do not enjoy Fourth Amendment protection. There is no reasonable expectation of privacy in those kinds of records.
There is a statutory right of privacy, but that statute recognizes that with respect to business records there are a multiple number of ways that the government can have access to that information, to business records and, of course, the government such as the FBI can issue national security letters and obtain them through those means. There are a number of legal ways, of course, that the government can have access to business records. http://www.pbs.org/wgbh/pages/frontline/homefront/preemption/ownwords.html
The 1975-76 Church Committee congressional hearings probed widespread intelligence abuses by the FBI, CIA, IRS and NSA. Headed by Senator Frank Church (D-Idaho) in the wake of the Watergate scandal, the committee exposed how under the guise of national security agencies spied on American citizens for political purposes during the Kennedy, Johnson and Nixon administrations.
While the hearings focused on the FBI and CIA, they also catapulted the National Security Agency (NSA) from the shadows of the intelligence underworld to the national stage. The hearings revealed how the NSA set up secret projects code-named "Shamrock" and "Minaret" to collect international and domestic communications. In Project Shamrock, the major communication companies of the day -- Western Union, RCA Global and ITT World Communications -- provided the NSA access to their international message traffic, from which the NSA extracted telegrams containing the names provided to them by the FBI, CIA and other sources. Church said the three-decade long program "certainly appears to violate section 605 of the Communications Act of 1934 as well as the Fourth Amendment of the Constitution."
Church also described how the NSA's program morphed, creeping into dangerous domestic territory over time: "At the outset, the purpose apparently was only to extract international telegrams relating to certain foreign targets. Later the government began to extract the telegrams of certain U.S. citizens." Shamrock spanned three decades, and by the time of the hearings, it was estimated that the NSA was analyzing 150,000 messages per month.
The committee also discovered abuses in Project Minaret, a sister program to Project Shamrock. In Project Minaret, the NSA added Vietnam War protestors to its watch list at the request of the U.S. Army, which was concerned about the heavily attended 1967 "March on the Pentagon" protest. The list scooped up notable protesters including actress Jane Fonda, singer Joan Baez and Dr. Martin Luther King, Jr. Then-NSA Deputy Director Benson Buffham stated, "It appeared to us that we were going to be requested to do far more than we had done before."
The Church Committee's revelation that the NSA had caught American citizens in their dragnets raised a question: Does the Fourth Amendment -- with its protections against "unreasonable searches and seizures" and requirement for "probable cause" -- apply to domestic spying for national security purposes?
Discovery of the various abuses fueled fears of still greater abuses. Sen. Walter Mondale (D-Minn.) worried that the NSA "could be used by President 'A' in the future to spy upon the American people, to chill and interrupt political dissent." To prevent these fears from evolving into a reality, the committee determined that oversight beyond the executive level was necessary.
Congress responded to the committee's findings by passing the Foreign Intelligence Surveillance Act (FISA) of 1978, which created the secret Foreign Intelligence Surveillance Court (FISC) to issue warrants for domestic eavesdropping. In recognition of national security imperatives, Congress allowed the proceedings of the FISA court to be kept secret. Seven judges, from different regions of the country, are appointed by the chief justice of the Supreme Court for seven-year terms.
For decades, the FISA court operated in the shadows. But in December 2005, The New York Times moved it into the limelight. It published an article describing how shortly after 9/11, President Bush had authorized the NSA to eavesdrop without warrants inside the United States, bypassing the FISA court; in a press conference four days after the article was published, the president maintained that the program was limited to calls from a suspected terrorist abroad to an individual inside the U.S. Experts quoted in the Times article questioned whether the president's program violated the FISA law. Some critics have questioned the usefulness of the FISA court itself, labeling it a "rubber stamp for the government." They claim that thousands of warrants are approved by the court every year, and only a handful of requests are rejected.
An exclusive inside look at the FISA court was provided to FRONTLINE correspondent Hedrick Smith by James Baker, the chief Justice Department liaison with the FISA court. In his interview with Smith, Baker describes a court that handles thousands of warrant applications each year, hearing requests for surveillance from the FBI and other agencies around a large table in a simple but highly secure conference room on the sixth floor of the Department of Justice.
Baker disputes two major criticisms of the FISA -- one, that it is a rubber stamp, and two, that it moves too slowly to have satisfied the needs of the NSA after 9/11. He gives a detailed account of the process of considering a warrant in what he calls a "robust back and forth" between judges and Baker's office. Baker says there is a lot more give and take than the public perceives and asserts that approval for a wiretap can be obtained in a matter of minutes, rebutting the criticism that it takes too long to get a warrant for eavesdropping in cases that require immediate action.
Katelyn Epsley-Jones and Christina Frenzel were research assistants on Spying on the Home Front.