If you’ve sent an email from an IP address that has been used by bad guys in the past (IP addresses can be spoofed), your email’s metadata—the hidden directions that tell the Internet where to send it (that is, the To and From lines, the subject line, the length, and the type of email) probably passed through a server. The chances of an analyst or a computer actually reading the content of an email are very slim. (If you’re a journalist who writes about the Secret Service, it ought to be more disconcerting to you when Google customizes advertisements for weapons and commando courses based on search queries.)
If you are or were a lawyer for someone formally accused of terrorism, there is a good chance that the NSA has or had—but could not or cannot access (at least not anymore)—your telephone billing records. (N.B.: A Senate Select Committee on Intelligence report notes that the FISA Amendments Act does not require material erroneously collected to be destroyed.)
If you work for a member of the “Defense Industrial Base” on sensitive projects and your company uses Verizon and AT&T, your email has likely been screened by NSA computers for malware.45
Before 2007, if you, as an American citizen, worked overseas in or near a war zone, there is a small chance that you were “collected on”—that is, actively listened to—by a civilian NSA analyst or a member of the NSA’s Central Security Service (the name given to the military service elements that make up a large part of the NSA’s workforce).46
If you, from September 2001 to roughly April 2004, called or sent an email to or from regions associated with terrorism and used American Internet companies to do so, your transaction records (again, without identifying information) were likely collected by your telecommunications company and passed to the NSA.47 The records were then analyzed, and there is a tiny chance that a person or a computer read them or sampled them. The NSA would ask telecommunications companies for tranches of data that correlated to particular communities of interest, and then used a variety of classified and unclassified techniques to predict, based on their analysis, who was likely to be associated with terrorism. This determination required at least one additional and independent extraneous piece of evidence.
There is a chance that the NSA passed this data to the FBI for further investigation. There is a small chance that the FBI acted on this information.48
If you define “collection” in the broadest sense possible, there is a good chance that if the NSA wanted to obtain your transactional information in real time and knew your direct identity (or had a rough idea of who you are), they can do so, provided that they can prove to a FISA judge within seventy-two hours that there is probable cause to believe you are a terrorist or associated with a terrorist organization.
If the NSA receives permission from a judge to collect on a corporation or a charity that may be associated with terrorism, and your company, which is entirely separate from the organization in question, happens to share a location with it (either because you’re in the same building or have contracted with the company to share Internet services), there is a chance that the NSA incidentally collects your work email and phone calls. It is very hard for the agency to map IP addresses to their physical locations and to completely segregate parts of corporate telephone networks. When this happens, Congress and the Justice Department are notified, and an NSA internal compliance unit makes a record of the “overcollect.”
If any of your communications were accidentally or incidentally collected by the NSA, they probably still exist somewhere, subject to classified minimization requirements. (The main NSA SIGINT database is code-named PINWALE.) This is the case even after certain collection activities became illegal with the passage of the 2007 FISA Amendments Act, the governing framework for domestic collection. The act does not require the NSA to destroy the data.
If you are of Arab descent and attend a mosque whose imam was linked through degrees of association with Islamic charities considered as supporters of terrorism, NSA computers probably analyzed metadata from your telephone communications and email.
Your data might have been intercepted or collected by Russia, China, or Israel if you traveled to those countries. The FBI has quietly removed from several Washington, D.C.–area cell phone towers, transmitters that fed all data to wire rooms at foreign embassies.
The chances, if you are not a criminal or a terrorist, that an analyst at the NSA listened to one of your telephone conversations or read one of your email messages are infinitesimally small given the technological challenges associated with the program, not to mention the lack of manpower available to sort through your irrelevant communications. If an unintentional collection occurred (an overcollect), it would be deleted and not stored in any database.
What safeguards exist today? From what we could figure out, only three dozen or so people inside the NSA have the authority to read the content of FISA-derived material, all of which is now subject to a warrant.49 Can the NSA share FISA product on U.S. persons with other countries? By law it cannot and does not. (The FBI can, and does.) What is the size of the compliance staff that monitors domestic collection? Four or five people, depending on the budget cycle. How many people outside the NSA are privy to the full details of the program? More than one thousand. How can you find out if you’ve been accidentally or incidentally surveilled? You can’t. You can sue, but the government will invoke a state secrets privilege, and judges will probably agree—even when you can prove without any secret evidence that there is probable cause to believe that you were surveilled. The NSA’s general counsel’s office regularly reviews the “target folders”—the identities of those under surveillance—to make sure the program complied with the instruction to surveil those reasonably assumed to have connections to al-Qaeda. They do this by sampling a number of the folders at random. How do we know the program isn’t expanding right now, pushing the boundaries of legality, spying not just on suspected terrorists but on American dissidents? We don’t. But if it is, and over a thousand people are involved, how much longer can that secret last?
As of September 2011, ten years after the terrorist attacks that set a new course for the NSA, the special surveillance programs are institutionalized. The code name for the special access program is RAGTIME. In reports it is abbreviated as “RT.” There are four components. RAGTIME-A involves the U.S.-based interception of all foreign-to-foreign counterterrorism-related data. RAGTIME-B deals with data from foreign governments that transits through the United States. RAGTIME-C focuses on counterproliferation activities. Finally, RAGTIME-P (P stands for Patriot Act) is the remnant of the original PSP—the interception where one end of the call or email is inside the United States. FISA certifies a slate of approved targets for RAGTIME-P, and a certain amount of bulk data can be collected around those targets. An NSA spokesman said the agency had “no information to provide” about the existence of RAGTIME.50
At Fort Meade, a program called XKEYSCORE processes all signals before they are shunted off to various “production lines” that deal with specific issues. PINWALE is the main NSA database for recorded signals intercepts. It is compartmentalized by keywords (the NSA calls them “selectors”). Metadata is stored in a database called MARINA and is generally retained for five years. “Finished reporting,” or transcripts and analysis of calls, is accessed through the MAUI database. (Metadata is never included in MAUI.) There are dozens of other NSA signals activity lines, or SIGADS, that process data in parallel. Among the active databases and systems: ANCHORY, an all-source database for communications intelligence; HOMEBASE, which allows analysts to coordinate their searches with DNI mission priorities; AIRGAP, which deals with priority DOD missions; WRANGLER, which focuses on electronic intelligence; TINMAN, a database related to air warning and surveillance; OILSTOCK, a system for analyzing air warning and surveillance data; and many more.51
It’s almost an axiom of the age that citizens are willing to give corporations almost unlimited access to our data. That we don’t even mind when these businesses use our da
ta against us to manipulate us into buying things we didn’t know we needed or voting for politicians and policies we didn’t know we wanted. But there is a kind of clear-mindedness about the government. It is different. It has the power to kill and jail, and thus its surveillance powers must not go unchecked. Even if the president possesses inherent powers to collect intelligence or to perform surveillance under Article II of the Constitution, the mere fact that he is doing so might encroach upon the rights of Americans to associate with whomever they wish, might chill controversial but protected speech, and might blur the boundary between rights that are secure (like the ability to say in an open forum that one supports the right of Hamas to bomb Israeli citizens) and activities that are illegal (like soliciting funds for Hamas to do precisely that).
Combating terrorism requires a subjective judgment about when protected speech crosses the line into something that threatens the nation-state. In its investigative guidelines, the FBI uses a certain line repeatedly: “No investigative activity, including preliminary investigations, may be taken solely on the basis of activities that are protected by the First Amendment or on race, ethnicity, national origin or religion of the subject.” The key word is “solely.” There has to be something else.
In early 2002, the FBI and the Department of Energy (DOE) created a secret program to detect radiation in American cities. Vans were outfitted with sophisticated sensors and deployed when the Homeland Security threat level rose. In the absence of information about a specific threat, the FBI would often task the vehicles to check rail depots and airports, tourist hubs and malls—but also, frequently, mosques.52 Another ongoing program uses DOE helicopters to create radiation maps of American cities and then regularly remap the cities to test for subtle differences. The rationale for these programs is self-evident, but it does raise certain questions. We don’t really mind (mostly) when a police officer, sensing something suspicious, runs our license plate through the National Crime Identification Center. Even when she finds nothing, a record of that search remains in a computer somewhere forever.∗ When the FBI does the same thing in the context of a terrorism investigation—it calls this first step a “threat assessment”—the lines blur and most reasonable people get nervous.† It’s also worth considering that the police thresholds for obtaining warrants and arresting citizens for ordinary criminal acts are a matter of open record. The rules of cops and robbers are known and accessible to criminals, victims, and bystanders. The legal justifications for these thresholds are similarly public.
The FBI, on the other hand, won’t release even the full definition of a terrorist threat assessment.53 The Bureau’s Domestic Operations Investigations Guide is unclassified, but nonetheless redacts information about what constitutes this type of stranger danger. In the normal course of abnormal events, an FBI counterterrorism squad receives intelligence from FBI headquarters about a vague and undefined threat.
For example, say the NSA intercepts a phone call from someone in Somalia who mentions training a Minnesotan named Jason for Jihad. Under the FBI’s classified guidelines, it must open a file (thereby leaving a record) and use the bare minimum of tools (for example, open records searches, surveillance of a building, querying Customs databases) to see if there is someone named Jason who traveled to Somalia and back to Minnesota within the time frame specified. If the tip doesn’t pan out, or if there are too many Jasons and no evidence connecting any of them to Somalia, the assessment case closes, generally after thirty days of inactivity. After ninety days, a formal review takes place. If the FBI develops evidence leading it to a particular target or place (“adequate predication” is the standard), a preliminary investigation is launched.54 If not, the data collected during the assessment still goes into the FBI’s massive Investigative Data Warehouse (this it redacts from its public guidelines) for later use in data and link analysis.55 Under the guidelines, FBI section chiefs have a year to develop enough evidence (“an articulable factual basis”) to convince the counterterrorism section chiefs to open a full investigation, which can stay open until there’s an arrest, or forever.
To investigate a crime that is yet to be committed is to create a typology of thin distinctions. After 9/11, Congress quickly provided the FBI with a larger set of precision tools, among them the expansion of certain types of information that businesses and individuals are required to give the Bureau without a court order. These “National Security Letters,” which are basically an administrative subpoena for counterterrorism and counterintelligence, allow the FBI to collect and analyze financial records of specific persons or entities, telephone logs, credit histories, and rudimentary information about email messages.
To examine the actual content of emails, to record telephone conversations, or to physically follow or search someone, the FBI needs a FISA warrant. The exact threshold for obtaining one is classified—again, a difference that adds to the mythos of what the FBI actually does. But here it is: the FBI must be able to convince the FISA court that the U.S. person targeted is directly connected to a terrorist group or an agent of a foreign government. The FBI has seven days to start surveillance before it goes to the court—which in theory could lead to abuses. To wit, what if the FBI starts and stops surveillance before the court ever hears any evidence? Admittedly, it’s unlikely that this happens often, as the FISA court is made aware of the surveillance regardless of whether the affidavit for a warrant is submitted. And an affidavit is almost always submitted, in term-paper form, with footnotes and heavy documentation. On occasion, the FISA court will find the evidence lacking and order the surveillance stopped until the court is satisfied, and the FBI is disallowed from retaining records of what they’ve already collected. If the court is satisfied, however, it grants G-men permission in blocks of 180 days, with the option to renew.
There is another important caveat that limits the FBI’s authority in such matters. The terrorist group to which the person (our man from Minnesota, for example) is connected must be on the State Department’s list of terrorist entities. If the cell is not, the surveillance may only continue if the FBI deems the person to be acting alone, without instruction from anyone. (This is the “lone wolf” provision. According to officials, it has rarely been used.)
At FBI headquarters, surveillance requests are processed by the Communications Analysis Unit, which has not thus far acquitted itself well. An inspector general’s investigation found that from 2003 to 2006 it essentially fabricated the pretexts for what might be thousands of National Security Letters (NSLs), allowed representatives from telecommunications companies to point out suspicious patterns, and promised to send businesses actual National Security Letters in the future in exchange for data immediately—so-called exigent letters that had no basis in law.
The inspector general found no evidence of ill intent but did find a Bureau overwhelmed with suspects, tips, and leads and under intense pressure to perform. It found that few standards had been enforced internally and that many special agents specializing in criminal cases had trouble following the complex counterterrorism legal guidelines that, by the way, the Justice Department refines constantly. This is one reason that Robert Mueller, director of the FBI, agreed to fairly stringent limits on evidentiary standards for FISA warrants, and for extended oversight of the NSLs—Congress intended to bind the FBI to tighter standards if he refused to write his own.
Within the Communications Analysis Unit, the FBI’s Electronic Surveillance Operations and Sharing Unit (EOPS) has an organizational mission that, for some reason, the Bureau redacts from public reports. EOPS is, in fact, responsible for liaison with the NSA, other government agencies, and even foreign countries. EOPS gets the tips from the NSA’s surveillance and passes along FBI product to allies (the Brits get everything), friends (Israel gets many things), and occasionally even strategic opponents (China might get a report or two).
So the FBI uses FISA to develop probable cause to arrest terrorists inside the United States, and it uses NSLs to develop the
evidence that results in those FISA warrants. The number of NSLs issued since September 11, 2001, is astronomical in comparison to the number of investigations opened. This is mostly because a single case can often require hundreds of letters. Presently, the FBI is running a large investigation (code-named “SP”) into whether mainline Middle Eastern terrorist groups are inserting agents into the United States in order to target synagogues, or are using Islamic charities inside the United States to raise money to target Israel. SP has required more than four hundred NSLs.
Meanwhile, it’s also true that the FBI has a lot of open cases on people who may have no connection to terrorism whatsoever. Because each NSL includes a gag rule on the recipient, most subjects are unaware that they’re under investigation. After the assassination of Osama bin Laden, the attorney general ordered enhanced surveillance on hundreds of these suspects. (Most had existing FISA warrants; some had to be renewed.)
It is hard to assess the FBI’s record. Many cases brought to court do not seem to have been worth a nationwide surveillance dragnet. Of the 508 who’ve become defendants in terrorism-related investigations, about half were charged with terrorism-related crimes, while the rest were charged under unrelated statutes. A plurality of those arrested had no connection to any terrorist group—or no seeming connection. Here officials have an unusual explanation. They say that a lot of evidence that could have been introduced is purposefully withheld. In cases where an NSA tip had been given to the FBI (a “GUARDIAN Tip”), the chain of logic that led the FBI to begin looking at the bad guy in the first place might seem to begin abruptly in the absence of an acknowledgment that the NSA had intercepted a conversation.∗
Deep State Page 31