[liberationtech] Wired: NSA’s Warrantless Wiretapping and Data Mining

[Moritz Bartl]

http://www.wired.com/threatlevel/2011/05/new-yorker-on-thomas-drake/

New Yorker Sheds New Light on NSA’s Warrantless Wiretapping and Data Mining

By Kim Zetter
May 16, 2011  |
5:37 pm  |
Categories: Crime, NSA, Surveillance

New details about the NSA’s post–Sept. 11 domestic surveillance programs
have emerged in a stunning New Yorker article about NSA whistleblower
Thomas Drake, who faces trial next month for allegedly leaking
information about waste and mismanagement at the agency.

The article provides new insight into the warrantless surveillance
program exposed by The New York Times in December 2005, including how
top officials at the intelligence agency viewed the program. Former NSA
Director Michael Hayden, in 2002, reportedly urged a congressional
staffer who was concerned about the legality of the program to keep
quiet about it, telling her that she could “yell and scream” about the
program once the inevitable leaks about it occurred.

Asked why the NSA didn’t employ privacy protections in its program,
Hayden reportedly told the staffer, “We didn’t need them. We had the
power,” and admitted the government was not getting warrants for the
domestic surveillance.

The New Yorker also spoke with a former head of the agency’s Signals
Intelligence Automation Research Center, or SARC, who invented software
codenamed ThinThread that is believed to have been adapted by the NSA
for the warrantless surveillance. The program had privacy protections
built into it, but the official says he believes the NSA rejiggered the
program to remove those protections, so that it could collect data on
everyone, including people in the United States.

Thomas Drake, the focus of the article, is facing trial next month on
charges that he violated the Espionage Act by retaining classified
information. Ironically, he’s not being charged for leaking classified
information about the warrantless wiretapping program itself. Instead,
the charges are based on five documents government investigators found
in Drake’s basement and e-mail archive that prosecutors say contain
classified information.

The documents discuss another data-mining program dubbed Trailblazer
that was deemed a failure and canceled before it was implemented. Drake
allegedly provided information about waste and mismanagement of the
Trailblazer program to a reporter at the Baltimore Sun in 2006 and 2007,
but he maintains that he gave the reporter no classified information and
disputes that the documents found in his possession contain classified
material.

Drake, who left the NSA in 2008 and now works at an Apple Store outside
Washington, D.C., is facing a possible sentence of 35 years if
convicted. The government’s decision to prosecute him is now resulting
in further information about the NSA’s illegal surveillance being
exposed, as the New Yorker article shows.

Drake was a linguist and military crypto expert who had been an NSA
contractor when he began a new staff job with the agency on the fateful
morning of September 11, 2001, in the agency’s Signals Intelligence
Directorate.

As a contractor, Drake had become familiar with a data-mining program
codenamed ThinThread, that had been tested within the NSA and could be
deployed in Afghanistan, Pakistan and other regions where terrorism was
prevalent. After 9/11, the program seemed ideal to address the suddenly
urgent need to track down terrorist targets.

The program was created in the late ’90s by Bill Binney, a mathematician
and head of the NSA’s SARC unit. It was designed to trap, map and mine
vast amounts of data in real time to pick out relevant and suspicions
communications, rather than requiring the data to be stored and sifted
later. The New Yorker details it:

    As Binney imagined it, ThinThread would correlate data from
financial transactions, travel records, Web searches,GPS equipment, and
any other “attributes” that an analyst might find useful in pinpointing
“the bad guys.” By 2000, Binney, using fibre optics, had set up a
computer network that could chart relationships among people in real
time. It also turned the N.S.A.’s data-collection paradigm upside down.
Instead of vacuuming up information around the world and then sending it
all back to headquarters for analysis, ThinThread processed information
as it was collected—discarding useless information on the spot and
avoiding the overload problem that plagued centralized systems. Binney
says, “The beauty of it is that it was open-ended, so it could keep
expanding.”

The program was “nearly perfect” except for one thing. It swooped up the
data of Americans as well as foreigners and continued to intercept
foreign communications as they traversed U.S.-based switches and
networks. This violated U.S. law, which forbids the collection of
domestic communication without a probable-cause warrant.

To solve this problem, Binney added privacy controls and an “anonymizing
feature” to encrypt all American communications that ThinThread
processed. The system would flag patterns that looked suspicious, which
authorities could then use to obtain a warrant and decrypt the information.

ThinThread was ready to deploy in early 2001, but the NSA’s lawyers
determined it violated Americans’ privacy, and NSA director Michael
Hayden scrapped it. In its place, Hayden focused funding on a different
program, codenamed Trailblazer, which the NSA contracted with outside
defense companies, like SAIC, to produce.

That system ran into numerous problems and cost overruns, yet continued
with Hayden’s support. Hayden’s deputy director and his chief of
signals-intelligence programs worked at various times for SAIC, which
received several Trailblazer contracts worth hundreds of millions of
dollars. In 2006, after eating up some $1.2 billion, Trailblazer was
finally deemed a flop and killed.

But in the meantime, just weeks after the 9/11 attacks, rumors began
circulating within the NSA that the agency, with the approval of the
White House, was violating the Foreign Intelligence Surveillance Act by
conducting domestic surveillance. On Oct. 4, 2001, President Bush
authorized the policy, which was operational by Oct. 6.

Drake said strange things began happening inside the NSA, with equipment
suddenly being moved, and people who worked on FISA warrants being
re-assigned. Drake saw this as a tipoff that the conventional legal
surveillance process was being circumvented.

Binney, who wasn’t involved directly in the post-9/11 surveillance
program, was certain that the rumored surveillance must be using
components of the ThinThread program he helped design, but with the
privacy protections now stripped out of it.

“It was my brainchild,” he told The New Yorker. “But they removed the
protections, the anonymization process. When you remove that, you can
target anyone.”

NSA people who were apprised of the program told him, “Can you believe
they’re doing this? They’re getting billing records on U.S. citizens!
They’re putting pen registers on everyone in the country!”

Drake heard from colleagues that the surveillance involved special
“arrangements” that were being made with telecom and credit card
companies to collect data on customers. Drake says he tried to raise
concerns about the legality of the program with the NSA’s general
counsel but was told not to worry about it, that it was legal and none
of his business.

“The mantra was ‘Get the data!’” he told The New Yorker.

He discussed the issue with Maureen Baginski, his superior at the NSA
and the third-highest-ranking official in the agency. She reportedly
told him presciently that she feared the NSA would be “haunted” by the
surveillance program. She left the agency in 2003 in part because she
was uncomfortable with the program, The New Yorker reports.

Drake also confided in Diane Roark, a staff member on the House
Intelligence Committee. She wrote a series of memos in February 2002
warning of the potential legal violations and gave them to Intelligence
Committee staffers who worked for committee chairman Porter Goss and
Democratic minority Whip Nancy Pelosi. But nothing happened.

Instead, Roark drew the wrath of Hayden who pleaded with her to stop
agitating against the program and seemed to suggest to Roark he had
assurances that the Supreme Court would back the program. The New Yorker:

    He conceded that the policy would leak at some point, and told her
that when it did she could “yell and scream” as much as she wished.
Meanwhile, he wanted to give the program more time. She asked Hayden why
the N.S.A. had chosen not to include privacy protections for Americans.
She says that he “kept not answering. Finally, he mumbled, and looked
down, and said, ‘We didn’t need them. We had the power.’ He didn’t even
look me in the eye. I was flabbergasted.” She asked him directly if the
government was getting warrants for domestic surveillance, and he
admitted that it was not.

Roark tried to contact Chief Justice William H. Rehnquist but got no
response. When she contacted a judge on the FISA court to express
concern that the NSA and government were doing an end-run around the
court, she was referred to the Justice Department, which had approved
the surveillance program in the first place.

“This was such a Catch-22,” Roark told The New Yorker. “There was no one
to go to.”