International and Domestic Surveillance in the New Millennium Justin Carlson Introduction As the world ushers in the new millennium with the information age, a pervasive system of monitoring has been developed which will have profound implications going forward for everyone in every country around the world. The breadth of this system is difficult to comprehend. It ingests every detail about every person it encounters no matter who they are or where they came from. It knows their most intimate details, regardless of the threat they pose to society: a great one, none at all, even friends — the details of all of them are collected and catalogued. The threat that the surveillance state poses is great, potentially more dangerous than even the targets it is intended to combat. The surveillance state is secret. Its inner workings are not well understood, even by those whose job it is to oversee it. It collects and catalogues indiscriminately. Because of this indiscriminate collection and cataloguing by the surveillance state and a lack of auditing capability, the system can easily be turned on any target — even its own government. Because of the lack of auditing capability, the risks involved for someone who wishes to abuse the system in this way are minimal. The risks are too great for a surveillance state with this much power to continue to exist. It must be replaced. This report explains how it came to be, the extreme danger it poses, and the alternative already available that must replace it. September 11th and the NSA On September 11th, 2001, the United States was attacked. Three towers were leveled to the ground in downtown Manhattan, followed by the Pentagon and the crashing of an airline in the heart of Pennsylvania. On that day, approximately 3,000 people died. Shocked, many people looked to the government to make sure that an event like September 11th would never happen again. How the government went about doing that was by granting its agencies enormous power through unlimited funding and turning a blind eye to illegality — even going so far as to violate the Constitution of the United States itself. One of these challenges the unlimited funding was originally intended to solve had to do with what is called Big Data. What is Big Data? It’s the product of the technological revolution. As CARLSON !1 computers and other technological devices have become networked through the Internet, the total information exchanged between them has grown at a geometric rate. (The Young Turks). At the same time, the networks have been made to communicate faster and faster with each new generation of computers and technological devices. These two features of Big Data, volume and velocity, make analyzing data moving through the networks extremely difficult. How do you find the bit of information relevant to a terrorist attack? Doing so would be like trying to find a needle in a million stacks of hay while the stacks are being shuffled around simultaneously. Gathering intelligence would be extremely difficult in this new technological world. Fortunately, the United States government had already begun to tackle the problem inside its choice agency, the National Security Agency (NSA). The NSA historically gathered intelligence by wiretapping phone line conversations, listening to radio transmissions and intercepting mail. In many cases, the communiqués were encoded. It was the NSA’s job to intercept those communications and decode them in order to combat the Soviet Union. Now, in the age of the Internet, the agency was tasked with solving the Big Data problem. How do you find the proverbial needle, and how do you find it without violating the rights of American citizens? After all, the prime directive at the NSA was, “never spy on Americans without a warrant.” (NSA) Many felt that September 11th could have been prevented — if only we had the tools. That is only partly true. The NSA already had the tools to handle Big Data. The problem was, the NSA hadn’t deployed those tools. According to a former executive at NSA, Thomas Drake, the agency had been tasked by Congress to implement a program that had already been developed (NSA). The program was called ThinThread. It was a powerful tool that could find patterns in large data sets. It could be fed transactional data, flight data, communications data, any type of data you could imagine and find connections between all of those disparate domains (The Program). ThinThread could find the needle in the millions of proverbial haystacks — and it could accomplish this while ensuring the NSA would not be able to violate the 4th amendment. All data that ThinThread would collect would be heavily encrypted prior to analyses (The Young Turks). This would have the effect of limiting NSA’s ability to go after anybody they wanted without cause, narrowing the focus of the agency, forcing it to focus on legitimate targets. If the agency wanted to go after a target, it would have to get a warrant to get past the encryption of CARLSON !2 ThinThread. “Never spy on Americans without a warrant,” would remain the prime directive of NSA. The new program had a lot of potential. It would have been able to satisfy the needs of an agency struggling to handle high volume/high velocity information. It was cheap, costing the agency only $3 million and developed entirely in-house (The Young Turks). However, less than a month before September 11th, NSA shut down ThinThread. The news that the program would be shut down was given to William Binney and Edward Loomis, the creators of the project, in a private meeting on August 20th, 2001 — 3 weeks before 9/11 (Drake, Thomas A., Edward Loomis, and J. Kirk Wiebe). As the attacks became imminent, the agency had no tools at its disposal to gather and organize the valuable intelligence the country desperately needed to stop the attacks (Drake, Loomis, Wiebe). For some reason, NSA's leadership chose to take a different approach — at great cost. There does not appear to be any explanation for why ThinThread was shut down. Its shelving so close to the September 11th attacks was a decision that was, in retrospect, extremely foolish at best. NSA employees on the ThinThread team expressed strong resentment toward the treatment of the project by senior management (United States). An audit of the program by the Department of Defense's Office of the Inspector General (DOD OIG) found that a lack of sufficient resources made ThinThread difficult to use (United States). This problem was compounded by a lack of sufficient documentation to address complications without the development team (United States). However, the DOD OIG concluded that these problems, if addressed by senior management, would not have impacted ThinThread’s deployment (United States). Already showing promise at the time, ThinThread had been deployed to 3 test sites, costing a total of $3 million (United States). Without more information about first hand experiences at NSA, it is difficult to determine what the cause of ThinThread’s cancellation actually was. Addendum: Former NSA Executives Explain in a Letter to President Obama Previously mentioned, the shutting down of ThinThread appeared to be without cause. According to DOD OIG reports, there were no issues with ThinThread that could not be solved CARLSON !3 by NSA management devoting more resources to the project, which had already been successfully deployed to 3 test sites. A letter to President Obama by the executives who headed ThinThread has brought some of the potential reasons to light. According to these former executives, the primary reason for ThinThread’s cancellation, and the sudden removal of its chief manager as well as the dismissal of the central team, had nothing to do with feasibility and everything to do with cost. ThinThread wasn’t too costly at $3 million. It was too cheap. In 2000, the chief of the NSA Transformation Office (NTO), recognizing that ThinThread was beginning to show promise, asked the creators of ThinThread (Binney/Loomis/Wiebe) what they could do with $1.2 billion (Drake, Loomis, Wiebe). They proposed that with that amount of funding ThinThread's team could deploy collection equipment and upgrade all of the field installations with access to foreign Internet sources. They would also be able to upgrade all existing equipment to be able to meet the bandwidth requirements of fiber optics. Altogether, equipment, maintenance and other expenses for ThinThread would total only about $300 million. Not $1.2 billion. (Drake, Loomis, Wiebe) Hayden removed the NTO chief and replaced him with a senior vice president of Science Applications International Corporation (SAIC) (Drake, Loomis, Wiebe). SAIC soon became the leading contractor for a competing project called Trailblazer. Trailblazer would later waste almost $3.8 billion and eventually be discarded 6 years later. The waste, fraud and abuse of the Trailblazer project caught the attention of the DOD OIG, determining that Trailblazer was way over budget, had been over-billed by contractors and salaries for management and personnel were too high. Hayden allegedly wanted to expand NSA’s budget, even at the cost of rejecting a promising project in exchange for an untested, far more expensive, and ultimately failed project. SAIC’s immediate involvement and subsequent embedment in the NTO demonstrated how NSA was more interested in contracting out its projects than devoting resources to its own personnel. NSA was also willing to abandon its national security mandate to achieve its contractor-led vision. CARLSON !4 Trailblazer After September 11th, the NSA was given a blank check (NSA). Leadership chose to use its funding to start a new project. But this time the agency would not be using NSA resources to run the project.