This self-imposed mandate requires endlessly expanding the NSA’s reach. Every day, the NSA works to identify electronic communications that are not being collected and stored and then develops new technologies and methods to rectify the deficiency. The agency regards itself as needing no specific justification to collect any particular electronic communication, nor any grounds for regarding its targets with suspicion. What the NSA calls “SIGINT”—all signals intelligence—is its target. And the mere fact that it has the capability to collect those communications has become one rationale for doing so.
* * *
A military branch of the Pentagon, the NSA is the largest intelligence agency in the world, with the majority of its surveillance work conducted through the Five Eyes alliance. Until the spring of 2014, when controversy over the Snowden stories became increasingly intense, the agency was headed by four-star general Keith B. Alexander, who had overseen it for the previous nine years, aggressively increasing the NSA’s size and influence during his tenure. In the process, Alexander became what reporter James Bamford described as “the most powerful intelligence chief in the nation's history.”
The NSA “was already a data behemoth when Alexander took over,” Foreign Policy reporter Shane Harris noted, “but under his watch, the breadth, scale, and ambition of its mission have expanded beyond anything ever contemplated by his predecessors.” Never before had “one agency of the U.S. government had the capacity, as well as the legal authority, to collect and store so much electronic information.” A former administration official who worked with the NSA chief told Harris that “Alexander’s strategy” was clear: “I need to get all of the data.” And, Harris added, “He wants to hang on to it for as long as he can.”
Alexander’s personal motto, “Collect it all,” perfectly conveys the central purpose of the NSA. He first put this philosophy into practice in 2005 while collecting signals intelligence relating to the occupation of Iraq. As the Washington Post reported in 2013, Alexander grew dissatisfied with the limited focus of American military intelligence, which targeted only suspected insurgents and other threats to US forces, an approach that the newly appointed NSA chief viewed as too constraining. “He wanted everything: Every Iraqi text message, phone call, and e-mail that could be vacuumed up by the agency’s powerful computers.” So the government deployed technological methods indiscriminately to collect all communications data from the entire Iraqi population.
Alexander then conceived of applying this system of ubiquitous surveillance—originally created for a foreign population in an active war zone—to American citizens. “And, as he did in Iraq, Alexander has pushed hard for everything he can get,” the Post reported: “tools, resources, and the legal authority to collect and store vast quantities of raw information on American and foreign communications.” Thus, “in his eight years at the helm of the country’s electronic surveillance agency, Alexander, 61, has quietly presided over a revolution in the government’s ability to scoop up information in the name of national security.”
Alexander’s reputation as a surveillance extremist is well documented. In describing his “all-out, barely legal drive to build the ultimate spy machine,” Foreign Policy called him “the cowboy of the NSA.” Even Bush-era CIA and NSA chief General Michael Hayden—who himself oversaw the implementation of Bush’s illegal warrantless eavesdropping program and is notorious for his aggressive militarism—often had “heartburn” over Alexander’s no-holds-barred approach, according to Foreign Policy. A former intelligence official characterized Alexander’s view: “Let’s not worry about the law. Let’s just figure out how to get the job done.” The Post similarly noted that “even his defenders say Alexander’s aggressiveness has sometimes taken him to the outer edge of his legal authority.”
Although some of the more extreme statements from Alexander—such as his blunt question “Why can’t we collect all the signals, all the time?,” which he reportedly asked during a 2008 visit to Britain’s GCHQ—have been dismissed by agency spokespeople as mere lighthearted quips taken out of context, the agency’s own documents demonstrate that Alexander was not joking. A top secret presentation to the 2011 annual conference of the Five Eyes alliance, for instance, shows that the NSA has explicitly embraced Alexander’s motto of omniscience as its core purpose:
A 2010 document presented to the Five Eyes conference by the GCHQ—referring to its ongoing program to intercept satellite communications, code-named TARMAC—makes it clear that the British spy agency also uses this phrase to describe its mission:
Even routine internal NSA memoranda invoke the slogan to justify expanding the agency’s capabilities. One 2009 memo from the technical director of the NSA’s Mission Operations, for example, touts recent improvements to the agency’s collection site in Misawa, Japan:
Far from being a frivolous quip, “collect it all” defines the NSA’s aspiration, and it is a goal the NSA is increasingly closer to reaching. The quantity of telephone calls, emails, online chats, online activities, and telephonic metadata collected by the agency is staggering. Indeed, the NSA frequently, as one 2012 document put it, “collects far more content than is routinely useful to analysts.” As of mid-2012, the agency was processing more than twenty billion communications events (both Internet and telephone) from around the world each day:
For each individual country, the NSA also produces a daily breakdown quantifying the number of calls and emails collected. The chart below, for Poland, shows more than three million telephone calls on some days, for a thirty-day total of seventy-one million:
The domestic total collected by the NSA is equally stunning. Even prior to Snowden’s revelations, the Washington Post reported in 2010 that “every day, collection systems at the National Security Agency intercept and store 1.7 billion emails, phone calls, and other types of communications” from Americans. William Binney, a mathematician who worked for the NSA for three decades and resigned in the wake of 9/11 in protest over the agency’s increasing domestic focus, has likewise made numerous statements about the quantities of US data collected. In a 2012 interview with Democracy Now!, Binney said that “they’ve assembled on the order of 20 trillion transactions about U.S. citizens with other U.S. citizens.”
After Snowden’s revelations, the Wall Street Journal reported that the overall interception system of the NSA “has the capacity to reach roughly 75% of all U.S. Internet traffic in the hunt for foreign intelligence, including a wide array of communications by foreigners and Americans.” Speaking anonymously, current and former NSA officials told the Journal that in some cases the NSA “retains the written content of emails sent between citizens within the U.S. and also filters domestic phone calls made with Internet technology.”
Britain’s GCHQ similarly collects such a great quantity of communications data that it can barely store what it has. As one 2011 document prepared by the British put it:
So fixated is the NSA on collecting it all that the Snowden archive is sprinkled with celebratory internal memos heralding particular collection milestones. This December 2012 entry from an internal messaging board, for instance, proudly proclaims that the SHELLTRUMPET program has processed its one trillionth record:
* * *
To collect such vast quantities of communications, the NSA relies on a multitude of methods. These include tapping directly into fiber-optic lines (including underwater cables) used to transmit international communications; redirecting messages into NSA repositories when they traverse the US system, as most worldwide communications do; and cooperating with the intelligence services in other countries. With increasing frequency, the agency also relies on Internet companies and telecoms, which indispensably pass on information they have collected about their own customers.
While the NSA is officially a public agency, it has countless overlapping partnerships with private sector corporations, and many of its core functions have been outsourced. The NSA itself employs roughly thirty thousand people, but the agency also h
as contracts for some sixty thousand employees of private corporations, who often provide essential services. Snowden himself was actually employed not by the NSA but by the Dell Corporation and the large defense contractor Booz Allen Hamilton. Still, he, like many other private contractors, worked in the NSA offices, on its core functions, with access to its secrets.
According to Tim Shorrock, who has long chronicled the NSA-corporate relationship, “70 percent of our national intelligence budget is being spent on the private sector.” When Michael Hayden said that “the largest concentration of cyber power on the planet is the intersection of the Baltimore Parkway and Maryland Route 32,” Shorrock noted, “he was referring not to the NSA itself but to the business park about a mile down the road from the giant black edifice that houses NSA’s headquarters in Fort Meade, Md. There, all of NSA’s major contractors, from Booz to SAIC to Northrop Grumman, carry out their surveillance and intelligence work for the agency.”
These corporate partnerships extend beyond intelligence and defense contractors to include the world’s largest and most important Internet corporations and telecoms, precisely those companies that handle the bulk of the world’s communications and can facilitate access to private exchanges. After describing the agency’s missions of “Defense (Protect U.S. Telecommunications and Computer Systems Against Exploitation)” and “Offense (Intercept and Exploit Foreign Signals),” one top secret NSA document enumerates some of the services supplied by such corporations:
These corporate partnerships, which provide the systems and the access on which the NSA depends, are managed by the NSA’s highly secret Special Sources Operations unit, the division that oversees corporate partnerships. Snowden described the SSO as the “crown jewel” of the organization.
BLARNEY, FAIRVIEW, OAKSTAR, and STORMBREW are some of the programs overseen by the SSO within its Corporate Partner Access (CPA) portfolio.
As part of these programs, the NSA exploits the access that certain telecom companies have to international systems, having entered into contracts with foreign telecoms to build, maintain, and upgrade their networks. The US companies then redirect the target country’s communications data to NSA repositories.
The core purpose of BLARNEY is depicted in one NSA briefing:
BLARNEY relied on one relationship in particular—a long-standing partnership with AT&T Inc., according to the Wall Street Journal’s reporting on the program. According to the NSA’s own files, in 2010 the list of countries targeted by BLARNEY included Brazil, France, Germany, Greece, Israel, Italy, Japan, Mexico, South Korea, and Venezuela, as well as the European Union and the United Nations.
FAIRVIEW, another SSO program, also collects what the NSA touts as “massive amounts of data” from around the world. And it, too, relies mostly on a single “corporate partner” and, in particular, that partner’s access to the telecommunications systems of foreign nations. The NSA’s internal summary of FAIRVIEW is simple and clear:
According to NSA documents, FAIRVIEW “is typically in the top five at NSA as a collection source for serialized production”—meaning ongoing surveillance—“and one of the largest providers of metadata.” Its overwhelming reliance on one telecom is demonstrated by its claim that “approximately 75% of reporting is single source, reflecting the unique access the program enjoys to a wide variety of target communications.” Though the telecom is not identified, one description of the FAIRVIEW partner makes clear its eagerness to cooperate:
Thanks to such cooperation, the FAIRVIEW program collects vast quantities of information about telephone calls. One chart, which covers the thirty-day period beginning December 10, 2012, shows that just this program alone was responsible for the collection of some two hundred million records each day that month, for a thirty-day total of more than six billion records. The light bars are collections of “DNR” (telephone calls), while the dark bars are “DNI” (Internet activity):
To collect these billions of phone records, the SSO collaborates with the NSA’s corporate partners as well as with foreign government agencies—for instance, the Polish intelligence service:
The OAKSTAR program similarly exploits the access that one of the NSA’s corporate partners (code-named STEELKNIGHT) has to foreign telecommunications systems, using that access to redirect data into the NSA’s own repositories. Another partner, code-named SILVERZEPHYR, appears in a November 11, 2009, document describing work done with the company to obtain “internal communications” from both Brazil and Colombia:
Meanwhile, the STORMBREW program, conducted in “close partnership with the FBI,” gives the NSA access to Internet and telephone traffic that enters the United States at various “choke points” on US soil. It exploits the fact that the vast majority of the world’s Internet traffic at some point flows through the US communications infrastructure—a residual by-product of the central role that the United States had played in developing the network. Some of these designated choke points are identified by cover names:
According to the NSA, STORMBREW “is currently comprised of very sensitive relationships with two U.S. telecom providers (cover terms ARTIFICE and WOLFPOINT).” Beyond its access to US-based choke points, “the STORMBREW program also manages two submarine cable landing access sites; one on the USA west coast (cover term, BRECKENRIDGE), and the other on the USA east coast (cover term QUAIL-CREEK).”
As the profusion of cover names attests, the identity of its corporate partners is one of the most closely guarded secrets in the NSA. The documents containing the key to those code names are vigilantly safeguarded by the agency and Snowden was unable to obtain many of them. Nonetheless, his revelations did unmask some of the companies cooperating with the NSA. Most famously, his archive included the PRISM documents, which detailed secret agreements between the NSA and the world’s largest Internet companies—Facebook, Yahoo!, Apple, Google—as well as extensive efforts by Microsoft to provide the agency with access to its communications platforms such as Outlook.
Unlike BLARNEY, FAIRVIEW, OAKSTAR, and STORMBREW, which entail tapping into fiber-optic cables and other forms of infrastructure (“upstream” surveillance, in NSA parlance), PRISM allows the NSA to collect data directly from the servers of nine of the biggest Internet companies:
The companies listed on the PRISM slide denied allowing the NSA unlimited access to their servers. Facebook and Google, for instance, claimed that they only give the NSA information for which the agency has a warrant, and tried to depict PRISM as little more than a trivial technical detail: a slightly upgraded delivery system whereby the NSA receives data in a “lockbox” that the companies are legally compelled to provide.
But their argument is belied by numerous points. For one, we know that Yahoo! vigorously fought in court against the NSA’s efforts to force it to join PRISM—an unlikely effort if the program were simply a trivial change to a delivery system. (Yahoo!’s claims were rejected by the FISA court, and the company was ordered to participate in PRISM.) Second, the Washington Post’s Bart Gellman, after receiving heavy criticism for “overstating” the impact of PRISM, reinvestigated the program and confirmed that he stood by the Post’s central claim: “From their workstations anywhere in the world, government employees cleared for PRISM access may ‘task’ the system”—that is, run a search—“and receive results from an Internet company without further interaction with the company’s staff.”
Third, the Internet companies’ denials were phrased in evasive and legalistic fashion, often obfuscating more than clarifying. For instance, Facebook claimed not to provide “direct access,” while Google denied having created a “back door” for the NSA. But as Chris Soghoian, the ACLU’s tech expert, told Foreign Policy, these were highly technical terms of art denoting very specific means to get at information. The companies ultimately did not deny that they had worked with the NSA to set up a system through which the agency could directly access their customers’ data.
Finally, the NSA itself has repeatedly hailed PRISM for
its unique collection capabilities and noted that the program has been vital for increasing surveillance. One NSA slide details PRISM’s special surveillance powers:
Another details the wide range of communications that PRISM enables the NSA to access:
And another NSA slide details how the PRISM program has steadily and substantially increased the agency’s collection:
On its internal messaging boards, the Special Source Operation division frequently hails the massive collection value PRISM has provided. One message, from November 19, 2012, is entitled “PRISM Expands Impact: FY12 Metrics”:
Such congratulatory proclamations do not support the notion of PRISM as only a trivial technicality, and they give the lie to Silicon Valley’s denials of cooperation. Indeed, the New York Times, reporting on the PRISM program after Snowden’s revelations, described a slew of secret negotiations between the NSA and Silicon Valley about providing the agency with unfettered access to the companies’ systems. “When government officials came to Silicon Valley to demand easier ways for the world’s largest Internet companies to turn over user data as part of a secret surveillance program, the companies bristled,” reported the Times. “In the end, though, many cooperated at least a bit.” In particular:
Twitter declined to make it easier for the government. But other companies were more compliant, according to people briefed on the negotiations. They opened discussions with national security officials about developing technical methods to more efficiently and securely share the personal data of foreign users in response to lawful government requests. And in some cases, they changed their computer systems to do so.
No Place to Hide Page 12