International and Domestic Surveillance in the New Millennium
Justin Carlson Introduction
As the world ushers in the new millennium with the information age, a pervasive system of monitoring has been developed which will have profound implications going forward for everyone in every country around the world. The breadth of this system is difficult to comprehend. It ingests every detail about every person it encounters no matter who they are or where they came from. It knows their most intimate details, regardless of the threat they pose to society: a great one, none at all, even friends — the details of all of them are collected and catalogued. The threat that the surveillance state poses is great, potentially more dangerous than even the targets it is intended to combat.
The surveillance state is secret. Its inner workings are not well understood, even by those whose job it is to oversee it. It collects and catalogues indiscriminately. Because of this indiscriminate collection and cataloguing by the surveillance state and a lack of auditing capability, the system can easily be turned on any target — even its own government. Because of the lack of auditing capability, the risks involved for someone who wishes to abuse the system in this way are minimal. The risks are too great for a surveillance state with this much power to continue to exist. It must be replaced. This report explains how it came to be, the extreme danger it poses, and the alternative already available that must replace it.
September 11th and the NSA
On September 11th, 2001, the United States was attacked. Three towers were leveled to the ground in downtown Manhattan, followed by the Pentagon and the crashing of an airline in the heart of Pennsylvania. On that day, approximately 3,000 people died. Shocked, many people looked to the government to make sure that an event like September 11th would never happen again. How the government went about doing that was by granting its agencies enormous power through unlimited funding and turning a blind eye to illegality — even going so far as to violate the Constitution of the United States itself.
One of these challenges the unlimited funding was originally intended to solve had to do with what is called Big Data. What is Big Data? It’s the product of the technological revolution. As
CARLSON 1� computers and other technological devices have become networked through the Internet, the total information exchanged between them has grown at a geometric rate. (The Young Turks). At the same time, the networks have been made to communicate faster and faster with each new generation of computers and technological devices. These two features of Big Data, volume and velocity, make analyzing data moving through the networks extremely difficult. How do you find the bit of information relevant to a terrorist attack? Doing so would be like trying to find a needle in a million stacks of hay while the stacks are being shuffled around simultaneously. Gathering intelligence would be extremely difficult in this new technological world. Fortunately, the United States government had already begun to tackle the problem inside its choice agency, the National Security Agency (NSA).
The NSA historically gathered intelligence by wiretapping phone line conversations, listening to radio transmissions and intercepting mail. In many cases, the communiqués were encoded. It was the NSA’s job to intercept those communications and decode them in order to combat the Soviet Union. Now, in the age of the Internet, the agency was tasked with solving the Big Data problem. How do you find the proverbial needle, and how do you find it without violating the rights of American citizens? After all, the prime directive at the NSA was, “never spy on Americans without a warrant.” (NSA)
Many felt that September 11th could have been prevented — if only we had the tools. That is only partly true. The NSA already had the tools to handle Big Data. The problem was, the NSA hadn’t deployed those tools. According to a former executive at NSA, Thomas Drake, the agency had been tasked by Congress to implement a program that had already been developed (NSA). The program was called ThinThread. It was a powerful tool that could find patterns in large data sets. It could be fed transactional data, flight data, communications data, any type of data you could imagine and find connections between all of those disparate domains (The Program). ThinThread could find the needle in the millions of proverbial haystacks — and it could accomplish this while ensuring the NSA would not be able to violate the 4th amendment. All data that ThinThread would collect would be heavily encrypted prior to analyses (The Young Turks). This would have the effect of limiting NSA’s ability to go after anybody they wanted without cause, narrowing the focus of the agency, forcing it to focus on legitimate targets. If the agency wanted to go after a target, it would have to get a warrant to get past the encryption of
CARLSON 2� ThinThread. “Never spy on Americans without a warrant,” would remain the prime directive of NSA.
The new program had a lot of potential. It would have been able to satisfy the needs of an agency struggling to handle high volume/high velocity information. It was cheap, costing the agency only $3 million and developed entirely in-house (The Young Turks). However, less than a month before September 11th, NSA shut down ThinThread. The news that the program would be shut down was given to William Binney and Edward Loomis, the creators of the project, in a private meeting on August 20th, 2001 — 3 weeks before 9/11 (Drake, Thomas A., Edward Loomis, and J. Kirk Wiebe). As the attacks became imminent, the agency had no tools at its disposal to gather and organize the valuable intelligence the country desperately needed to stop the attacks (Drake, Loomis, Wiebe). For some reason, NSA's leadership chose to take a different approach — at great cost.
There does not appear to be any explanation for why ThinThread was shut down. Its shelving so close to the September 11th attacks was a decision that was, in retrospect, extremely foolish at best. NSA employees on the ThinThread team expressed strong resentment toward the treatment of the project by senior management (United States). An audit of the program by the Department of Defense's Office of the Inspector General (DOD OIG) found that a lack of sufficient resources made ThinThread difficult to use (United States). This problem was compounded by a lack of sufficient documentation to address complications without the development team (United States). However, the DOD OIG concluded that these problems, if addressed by senior management, would not have impacted ThinThread’s deployment (United States). Already showing promise at the time, ThinThread had been deployed to 3 test sites, costing a total of $3 million (United States). Without more information about first hand experiences at NSA, it is difficult to determine what the cause of ThinThread’s cancellation actually was.
Addendum: Former NSA Executives Explain in a Letter to President Obama
Previously mentioned, the shutting down of ThinThread appeared to be without cause. According to DOD OIG reports, there were no issues with ThinThread that could not be solved
CARLSON 3� by NSA management devoting more resources to the project, which had already been successfully deployed to 3 test sites. A letter to President Obama by the executives who headed ThinThread has brought some of the potential reasons to light. According to these former executives, the primary reason for ThinThread’s cancellation, and the sudden removal of its chief manager as well as the dismissal of the central team, had nothing to do with feasibility and everything to do with cost. ThinThread wasn’t too costly at $3 million. It was too cheap.
In 2000, the chief of the NSA Transformation Office (NTO), recognizing that ThinThread was beginning to show promise, asked the creators of ThinThread (Binney/Loomis/Wiebe) what they could do with $1.2 billion (Drake, Loomis, Wiebe). They proposed that with that amount of funding ThinThread's team could deploy collection equipment and upgrade all of the field installations with access to foreign Internet sources. They would also be able to upgrade all existing equipment to be able to meet the bandwidth requirements of fiber optics. Altogether, equipment, maintenance and other expenses for ThinThread would total only about $300 million. Not $1.2 billion. (Drake, Loomis, Wiebe)
Hayden removed the NTO chief and replaced him with a senior vice president of Science Applications International Corporation (SAIC) (Drake, Loomis, Wiebe). SAIC soon became the leading contractor for a competing project called Trailblazer. Trailblazer would later waste almost $3.8 billion and eventually be discarded 6 years later. The waste, fraud and abuse of the Trailblazer project caught the attention of the DOD OIG, determining that Trailblazer was way over budget, had been over-billed by contractors and salaries for management and personnel were too high.
Hayden allegedly wanted to expand NSA’s budget, even at the cost of rejecting a promising project in exchange for an untested, far more expensive, and ultimately failed project. SAIC’s immediate involvement and subsequent embedment in the NTO demonstrated how NSA was more interested in contracting out its projects than devoting resources to its own personnel. NSA was also willing to abandon its national security mandate to achieve its contractor-led vision.
CARLSON 4� Trailblazer
After September 11th, the NSA was given a blank check (NSA). Leadership chose to use its funding to start a new project. But this time the agency would not be using NSA resources to run the project. Instead, with all the new funding, NSA leadership decided to build relationships with private contractors, outsourcing the development. Private contractors, dissatisfied with maintenance contracts that had been the norm for outsourced work, wanted to get a bigger piece of the pie, and Michael Hayden eagerly gave them what they desired.
Trailblazer, Michael Hayden’s brainchild and boondoggle, was hatched on March 24th, 2000, as recognized by the DOD OIG 2004 report. It was a cooperative effort by both senior officers of NSA and private intelligence contractors such as SAIC. Its purpose was to build a system that could be used by both NSA and private contractors. However, Trailblazer had no protections for American citizens’ data built into it, unlike ThinThread, making it a program that would indiscriminately collect and catalogue all the data NSA wanted, including domestic communications (NSA). It was intended to be a system that could indefinitely store communications, phone calls, web activity and every other form of data. The data would be stored, indexed, and categorized first. Furthermore, all of the data stored would never be encrypted. The feature that made ThinThread compliant with the 4th Amendment, Trailblazer totally discarded. It was the NSA’s hope that by collecting everything, it might one day be able to go back and search through al of the data to find the relevant information (Seipel). It was a brute force approach to the problem, but in reality, it made the problem worse for NSA. The sheer volume of data being collected was immense. To understand it, the NSA would need another tool.
In the end, Trailblazer went nowhere. ThinThread was shut down with no viable alternative, and the billions of dollars spent never produced anything that could be used to prevent future attacks. It did have an effect, however. NSA now had a strong relationship with private contractors, now heavily dependent on near-limitless funding from the US government. It was an all-you-could-eat buffet, and nobody wanted it to end.
CARLSON 5� The Program
After the failure of Trailblazer, the NSA continued with its goal of creating a private contractor- developed system of surveillance. Outside NSA, unbeknownst to the vast majority of personnel inside the agency, a new program was being developed almost entirely by SAIC. Only a dozen
NSA Datacenter in Bluffdale, Utah capable of storing up to 100 years of the world’s internet traffic (The Program) (Bowmer) people within NSA were aware that the program even existed, but to those who were, it was referred to simply as The Program. The Program, now, called Stellar Wind, was an amalgamation of ThinThread and Trailblazer. It used the brains of ThinThread, developed before September 11th by William Binney, Thomas Drake, J. Kirk Wiebe, Edward Loomis and others, but it used Trailblazer’s proposed approach — collect everything now, store it and then query it later. To make matters worse, as the surveillance program collected the data, the program built profiles on every single person in that data (The Program). Since the bulk collection was indiscriminate, the program didn’t just build profiles on terrorists. It built profiles on everybody, including innocent people, American citizens, members of the US Congress, state and federal judges, even heads of state. Even the President of the United States would not be free from having his/her entire life being recorded by the program.
CARLSON 6� The NSA split Stellar Wind into separate programs after the 2007 publications of the NY Times, which exposed it (The Program). Currently, the NSA employs four surveillance programs. They are as follows:
• MAINWAY - Metadata program that focuses on collecting identifying information about phone communications (CNET)
• MARINA - Metadata program that focuses on collecting identifying information related to internet communications and traffic (CNET) Graphic showing relationships between pieces • NUCLEON - Content collecting of broader surveillance program (CNET) program that focuses on phone communications. There is speculation as to how the NSA is collecting this information and in what form. Voice-to-text transcription has been proposed as a possible method since it would be easier to move, store, parse and query text than audio (CNET) (Schneier)
• PRISM - Content collecting program that focuses on Internet activity and communications including e-mail, browsing activity, and social network activity (CNET)
In addition to these collection programs, the NSA employs a data-querying tool. Thanks to the disclosures by the former NSA contractor, Edward Snowden, we know the name: XKeyscore. XKeyscore has the power to gather together all of the data about an individual simply by putting in that individual’s e-mail address. With the e-mail address, an analyst can query everything has collected across all of its databases as well as the databases of other countries with which the NSA is partnered. This includes email, phone data, browsing activity, bank transactions, flight data, health records, etc. XKeyscore, in tandem with the power of the four surveillance systems and those internationally partnered with NSA, can lay out before an intelligence analyst a person’s entire life.
CARLSON 7� To make matters worse, analysts do not need prior authorization to use XKeyscore (Greenwald). It is unclear why this is the case. There are also no built-in auditing mechanisms. The only way anybody knows if a search has been done, or an abuse has been committed, is if the analyst volunteers that information (Seipel). Because of this, if an analyst or a senior member of NSA is very careful, it is possible to spy on anyone without others at NSA or in the government knowing about it (Seipel).
One can only speculate as to why XKeyscore was built this way. Secretly collecting intelligence on a member of congress could be a useful thing for a senior official in NSA or an outside contractor to do if he/she wanted to skirt budget cuts or appropriate more funding. Secretly collecting information on businesses around the world, like the Brazilian oil giant Petrobras (Kozloff), could leverage trade negotiations or prove valuable to American companies seeking to box out competitors. Such intelligence could definitely prove valuable enough to pay for. While speculative, these are potential benefits of XKeyscore’s programming.
The Risk: Turnkey Totalitarianism
Speculation on the motivations behind these programs is difficult. NSA went from having a system, ThinThread, that could pursue threats to national security while preserving the protections guaranteed by the Fourth Amendment and the Constitution of the United States, to building a multi-billion dollar surveillance apparatus that has no built-in protections, employs tremendous power to collect data on every individual in America and around the world, while at the same time builds personal profiles of the lives of every person in that data. As Edward Snowden said in an interview with NDR in Germany:
[Emphasis added] “Every time you pick up the phone, dial a number, write an e-mail, make a purchase, travel on the bus or carry a cell phone, swipe a card somewhere, you leave a trace. And the government has decided that it is a good idea to collect it all — everything, even if you have never been suspected of committing any crime. Traditionally, the government would identify a suspect, they would go to a judge, they would say, “he has been suspected of committing this crime,” they would get a warrant and they would be able to use the totality of their powers in pursuit of the
CARLSON 8� investigation. Nowadays, what we see is they want to apply the totality of their powers in advance, prior to an investigation” (Seipel).
Without auditing capabilities, and given the wealth of information available to the government and contractors about so many individuals, is it unreasonable to speculate that these powers could be used for personal gain? Could private contractors with these tools feed lobbyists information about members of Congress, information that could assist lobbyists in pushing Congressional leaders to give more government money, or secure more contracts? Could private contractors who float between corporations and government use their access to systems like XKeyscore to acquire information about foreign leaders or policymakers, even those of their own country? Is it possible individuals with access to systems like XKeyscore could blackmail judges? Could representatives who draft regulations for industry be influenced? Could trade representatives be as well? And finally, could the President of the United States too be influenced?
Beyond the risks of blackmail and abuse, a surveillance state changes the culture of the intelligence agencies that use the surveillance state and the people watched by it. Thomas Drake, a former senior executive at NSA, had this to say about the nature of the surveillance state when he was interviewed by Brian Rose of The London Real:
[Emphasis added] “The nature of the surveillance state is such that anything is suspicious, and by definition you are always looking for suspicion-full activity. And so you end up in the pathology of surveillance. You are always looking for more information. You are always looking for more data. And for me it’s particularly egregious because during the latter years of the Cold War I actually flew as a crypto-linguist, a German/Russian linguist on RC-135 reconnaissance aircraft monitoring the Warsaw Pact, monitoring the Soviet Union. And in my particular case, I became an expert in my particular discipline on East Germany, a fascist surveillance state; never imagining that the playbook in which [the Stasi] conducted surveillance would be used as a template for state-sponsored surveillance in the United States on a far far broader scale. They have actually interviewed former Stasi officers who just marvel at how far NSA has gone with surveillance, and just drooling at what would have been possible if they had the
CARLSON 9� technology of today back in the 60s, 70s and even 80s. And yet, they developed an extraordinarily efficient mechanism to collect all of this information – paper-based, indexed. They pretty much had records on everybody within that country. We’re talking about something that makes that look mild by comparison. While the United States is not like East Germany in terms of being a fascist state, it certainly has much of the characteristics in the virtual space of a surveillance state" (NSA Whistleblower).
When asked about the implications of the surveillance state, William Binney, the original designer of ThinThread and Stellar Wind, had this to say. “Just because we call ourselves a democracy doesn’t mean we will stay that way. That’s the real danger. […] The danger is that we fall into a totalitarian state like East Germany.” (The Program) History is not kind to governments who collect data on their citizens, and we don’t have to look back too far to see examples of widespread abuse. In our case, the mechanism of mass surveillance has already been constructed. All that is necessary to turn it on the population is the turn of a key.
Conclusion
We need to turn back the clock. To be clear, however, turning back the clock does not mean a regression. What the NSA has constructed is not progressive, nor is it a necessary evil. It is a system that has the potential to break society at its very core. We live in a democracy, and while it is not perfect, it does require certain freedoms. A functioning democracy requires the freedom of expression and the freedom of association. In a surveillance state, every person, but especially non-conformists, are under suspicion. Their motives, intentions, thoughts and actions are all thoroughly analyzed. Analyzed by whom? At the outset, computer algorithms that decide what forms of behavior are suspicious analyze them. What is suspicious activity? Who defines the criteria? In the United Kingdom, the Terrorism Act 2000 defines terrorism as, “[an] act designed to influence the government” (Great Britain). This interpretation of terrorism was used to detain David Miranda, an associate and partner of Glenn Greenwald, the journalist who broke the Snowden story, in Heathrow Airport for nine hours. The journalistic material Miranda was carrying would, “influence the government.” The surveillance state targeted a man who posed no threat to the public simply for having a difference of opinion.
CARLSON 10� In the surveillance state, this sort of thing will become more common. Jacob Appelbaum, an investigative journalist and innovator in privacy technology, had this to ay about the effects of mass surveillance:
[Emphasis added]… I work on anonymity, specifically on circumvention technologies about surveillance where I believe that each person has the right to read and the right to speak freely and should be able to do that without the fear of surveillance and without fear of tampering. It’s for this reason that mass surveillance is such an important issue to me. It’s very difficult for sources to contact me. It’s very difficult for sources to leave a life behind, essentially, which is the choice they have to make when they contact someone to talk about these topics. If they wanted to talk about these topics in a world where there wasn't mass surveillance, it would be possible for them to simply talk about a [topic] without having to choose between the topic and the rest of their life. And at the moment people have to make very serious, very heavy decisions. (WePromise EU)
In closing, it is my proposal that we work to dismantle this system. As has been explained, there is a viable working alternative waiting in the wings. Not only is the current system fraught with opportunities for abuse, but also it is unnecessarily costly, costing us billions of dollars when the alternative would cost us mere millions. We simply cannot afford to keep going down this road, the same road explored in the dark pages of history. They serve as a warning, if only we will heed them.
Works Cited
Bowmer, Rick. Utah Datacenter. 2013. Here's The $2 Billion Facility Where The NSA Stores And Analyzes Your Communications. Web. 23 Apr. 2014.
CARLSON 11� Drake, Thomas A., Edward Loomis, and J. Kirk Wiebe. "Input for Your Decisions on NSA." Letter to The President. 7 Jan. 2014. NSA Insiders Reveal What Went Wrong. Common Dreams, 8 Jan. 2014. Web. Prepared Under Auspices Of Ad Hoc Steering Group, Veteran Intelligence Professionals For Sanity: Ray McGovern, CIA analyst/Presidential Briefer, (ret.); Elizabeth Murray, Deputy National Intelligence Officer for Near East (ret.); Coleen Rowley, Minneapolis Legal Counsel & Special Agent, FBI (ret.); Daniel Ellsberg, Former State Dept. & Defense Dept. Official (VIPS Associate). Great Britain. Terrorism Act 2000. London: Stationery Office, 2000. Print. Greenwald, Glenn. "XKeyscore: NSA Tool Collects 'nearly Everything a User Does on the Internet'" Theguardian.com. Guardian News and Media, 31 July 2013. Web. 23 Apr. 2014.
CARLSON 12� United States. Department of Defense. Office of the Inspector General. DoD Inspector General Report: Requirements of ThinThread and Trailblazer Systems. By Thomas F. Gimble. N.p.: n.p., 2004. Print. WePromise EU. "#11 - Jacob Appelbaum on Surveillance." YouTube. YouTube, 08 Apr. 2014. Web. 23 Apr. 2014.
CARLSON 13�