Dark Mirror
Page 45
ship them to another customer: This is described in a near-final draft copy of the classified NSA Inspector General’s Review of the President’s Surveillance Program, p. 16, footnote 4. On file with author. The IG report does not mention the vendor’s name. Kirk Wiebe, who was then chief of staff to the Signals Intelligence Automation Research Center, identified the supplier as Dell.
incorporating some two hundred machines: “FY-2002 Signals Intelligence Directorate (SID) Project Baseline Standards and Architecture Assessment Activity.”
The price surpassed $102 million: Draft Inspector General report, p. 27.
amplify the power of surveillance: Ibid.
“the Big Awesome Graph”: Ibid.
“the BAG”: From “KSP (aka the ‘BAG’): Connecting the Dots,” SID Today, September 3, 2003, an internal NSA newsletter on file with author.
a large network diagram: Ibid. FALLOUT is one of several systems that process internet metadata, not relevant here. FASCIA does the same for some phone metadata before it reaches MAINWAY. EKS stands for the NSA’s broad infrastructure upgrade to an Extended Knowledge System.
“metadata flow sourced from billing records”: Extract from “FAIRVIEW Data Flow Diagrams,” April 2012, on file with author. FAIRVIEW is the NSA’s cover name for AT&T, which it describes as a corporate partner. In late 2016, the Intercept published the whole presentation, save for the speaker’s notes, at https://theintercept.com/document/2016/11/16/fairview-dataflow-charts-apr-2012/.
“call detail record warehouse”: “SID Project Baseline Technical Assessment, Project: MAINWAY,” July 2002, on file with author. SID stands for the Signals Intelligence Directorate of the NSA.
“MAINWAY Precomputed Contact Chaining Service”: SSO Dictionary, on file with author.
“You have to establish all those relationships”: Rick Ledgett, interview with author, August 22, 2017.
“operating on a 7x24 basis”: “FY-2002 Signals Intelligence Directorate (SID) Project Baseline Standards and Architecture Assessment Activity,” on file with author.
billion new records a day: The Felten declaration, cited above, estimated a volume of three billion telephone calls each day in the United States. I assume here that at least one-third of them were captured in the NSA’s call records database.
the Graph-in-Memory: This briefing, dated May 10, 2012, and prepared by a member of the Large-Access Exploitation Group, was titled “Is it the End of the SIGINT World as We Have Come to Know It?” On file with author.
a rough and ready diagram: In December 2013, Judge Richard Leon made a comparable and little-noticed point in Klayman v. Obama: “The Government . . . describes the advantages of bulk collection in such a way as to convince me that plaintiffs’ metadata—indeed everyone’s metadata—is analyzed,” he wrote. Klayman v. Obama, p. 39. Felten, the Princeton computer scientist, added strength to Leon’s analysis on a technology website. “The plaintiffs’ data—and your data as well—is not just used occasionally; it is probably used in most every contact chaining calculation done by the NSA,” he wrote. Ed Felten, “Judge Leon Explains Why the NSA Uses Everyone’s Metadata,” Freedom to Tinker, December 17, 2013, https://freedom-to-tinker.com/2013/12/17/judge-leon-explains-why-the-nsa-uses-everyones-metadata/.
Binney, a mathematical cryptographer: See also “Bio: Bill Binney and J. Kirk Wiebe,” Government Accountability Project, undated, at https://perma.cc/9KEF-BBRK.
“you mean ‘Cosmic Fart’?”: Bill Binney, interview with author, summer 2013.
a colleague, Ben Gunn: James Bamford, the pioneering NSA journalist, described this scene in an article published the year before the Snowden leaks. See “Shady Companies with Ties to Israel Wiretap the U.S. for the NSA,” Wired, April 3, 2012, at https://perma.cc/TF9R-YCBS.
new and more permissive rules: SID Management Directive 424, November 29, 2010, on file with author.
“it enables large-scale graph analysis”: Internal NSA memo, “(S//SI//REL) New Contact-Chaining Procedures Allow Better, Faster Analysis,” January 3, 2011, on file with author.
“Spot the Fed” contest: According to the contest rules, “if enough people think it’s a true fed, or fed wanna-be, or other nefarious style character, you win a ‘I spotted the fed!’ shirt.” See www.defcon.org/html/defcon-15/dc-15-stf.html.
“No, we don’t”: Kim Zetter, “NSA Chief Tells Hackers His Agency Doesn’t Create Dossiers on All Americans,” Wired, July 27, 2012, www.wired.com/2012/07/nsa-chief-denies-dossiers/.
stretches coast to coast: The thought experiment is fanciful, but we may as well do the math. Using 12-point type, I get about 60 lines of text per foot on a computer printout. Assuming our imaginary clerks can write that small, they fill a mile of parchment for every 316,800 lines of telephone logs. In round numbers, that is three miles of parchment per one million lines, or 3,000 miles per billion. The distance from Miami to Seattle is 2,735 miles. I likewise assume arbitrarily that each notebook weighs a quarter pound and 100 million notebooks therefore weigh 12,500 tons. I rounded down.
Only twenty-two top officials: Privacy and Civil Liberties Oversight Board, Report on the Telephone Records Program Conducted Under Section 215 of the USA PATRIOT Act and on the Operations of the Foreign Intelligence Surveillance Court, January 23, 2014, p. 8, www.pclob.gov/library/215-Report_on_the_Telephone_Records_Program.pdf.
invited King to kill himself: Yale historian Beverly Gage was the first to unearth a full copy of the anonymous letter that FBI domestic intelligence chief William Sullivan sent to King. Sullivan set a deadline and wrote, “There is only one thing left for you to do. You know what it is.” Beverly Gage, “What an Uncensored Letter to M.L.K. Reveals,” New York Times, November 11, 2014, http://nyti.ms/2k2JTUT.
most heavy-handedly: Barton Gellman and Sam Adler-Bell, “The Disparate Impact of Surveillance,” Century Foundation, December 21, 2017, at http://perma.cc/WV8A-ZMV3.
learned from Der Spiegel: Laura Poitras, Marcel Rosenbach, Fidelius Schmid, and Holger Stark, “NSA Spied on European Union Offices,” Der Spiegel, June 29, 2013, at https://archive.is/5So5r.
Standard Form 312: Office of the Director of National Intelligence, SF-312, “Classified Information Nondisclosure Agreement,” Rev. 7-2013, at www.archives.gov/files/isoo/security-forms/sf312.pdf.
“support and defend the Constitution”: By statute, anyone appointed to federal office, the military, or civil service must swear these words, also known as the Oath of Office. See 5 U.S.C. § 3331, at www.law.cornell.edu/uscode/text/5/3331.
“As a test of your concern”: George R. Cotter to author, email, December 1, 2016.
“a massive shift in attitudes”: The poll surveyed 2,014 registered voters, who supported the “go too far” response by 45 to 40 percent. Quinnipiac University, “U.S. Voters Say Snowden Is Whistle-Blower, Not Traitor, Quinnipiac University National Poll Finds; Big Shift on Civil Liberties vs. Counter-Terrorism,” July 10, 2013, https://poll.qu.edu/national/release-detail?ReleaseID=1919.
“Guy boards an airplane”: The reference was to Umar Farouk Abdulmutallab, who tried to set off a bomb on a Christmas Day 2009 flight to Detroit. TATP is triacetone triperoxide, a high-explosive chemical. Abdulmutallab pleaded guilty in October 2011 to eight charges, including attempted use of a weapon of mass destruction, and received a life sentence the following year. See U.S. Department of Justice, “Umar Farouk Abdulmutallab Sentenced to Life in Prison for Attempted Bombing of Flight 253 on Christmas Day 2009,” February 16, 2012, archived at https://archive.is/LSPM3. A Senate report concluded that “systematic failures across the Intelligence Community” allowed Abdulmutallab to smuggle high explosives onto the plane. See Senate Select Committee on Intelligence, “Report on the Attempted Terrorist Attack on Northwest Airlines Flight 253,” May 24, 2010, www.intelligence.senate.gov/publications/report-attempted-terrorist-attack-northwest-airlines-flight-253-may-24-2010.
marked TOP SECRET//COMINT/NOFORN/X1: The first page, which provided a very high-level view of surveillance capabilities, had no “portion markings” to identify classified information by paragraph, which is NSA’s standard practice. At that level of generality it revealed nothing sensitive. Details on subsequent pages were more sensitive and are not reproduced here.
Careful readers will know by now that the markings on this document stood for “communications intelligence” and “no foreign distribution.” The designation X1 was a claim of exemption from automatic declassification review after ten years. The governing rule at the time was Information Security Oversight Office, “ISOO Directive No. 1,” October 13, 1995, archived at https://fas.org/sgp/isoo/isoodir1.html. Updated rules, which ended the X-series exemptions, came in Information Security Oversight Office, “Marking Classified National Security Information,” December 2010, at www.archives.gov/files/isoo/training/marking-booklet.pdf. I am indebted to Steven Aftergood, author of the Secrecy News blog at the Federation of American Scientists, for explaining this to me.
“critical national assets”: “NSA/CSS Mission: PROVIDE AND PROTECT VITAL INFORMATION FOR THE NATION,” October 24, 2001, on file with author.
a special achievement award: The draft nomination, on file with author, covered the period from February 2001 through January 2002. I withhold the name of the woman in question, whose civil service rank was GG-13 on a scale of 15.
“just get all the American people”: A transcript of my exchange with Alexander is archived at https://archive.is/tg9pB.
Maybe a review of the video: The panel with Negroponte and Blair was recorded in its entirety and may be viewed at “Clear and Present Danger: Cyber Crime; Cyber Espionage; Cyber Terror; and Cyber War,” Aspen Security Forum, 2013, https://youtu.be/Ncc0zPRrV04?t=58m21s.
video evidence of waterboarding: Mark Mazzetti and Scott Shane, “Jose Rodriguez, Center of Tapes Inquiry, Was Protective of His CIA Subordinates,” New York Times, February 20, 2008, archived at https://archive.is/j5B2.
CHAPTER SIX: JAMBOREE
toothpaste bombs: Bond, the fictional British spy, used a toothpaste bomb supplied by Q in the film Licence to Kill, 1989. See Jordan Hoffman, “23 of James Bond’s Most Memorable Gadgets,” Popular Mechanics, October 15, 2012, www.popularmechanics.com/culture/movies/g985/23-most-memorable-james-bond-gadgets/.
“circumvent or exploit”: Invitation, TCB Jamboree 2012, on file with author. TCB stands for Trusted Computing Base, which refers to the core hardware, firmware, and software components essential for security safeguards on a digital device.
“discreet control of the radio”: Ibid.
Stealing foreign secrets: David Martin, “Former Intel Head Michael Hayden on Stealing Others’ Secrets,” CBS News, February 21, 2016, www.cbsnews.com/news/former-intel-head-michael-hayden-on-stealing-others-secrets/.
eagle astride the globe: I described this seal, belonging to the NSA’s Special Source Operations unit, in chapter 3.
norms, admittedly ironic: Ironic but not contradictory. As I argue in chapter 7, oversight by the public is not properly comparable to surveillance of the public by government.
has been known as Jamboree: Unsigned article, “Jamboree,” Intellipedia, TS//SCI, on file with author.
songs of peace: According to the official Scouting site, a Jamboree “is above all an educational event to promote peace and understanding.” See “World Scout Jamboree,” Scouts, at www.scout.org/jamboree.
a TS/SCI conference space: In 2012, the defense contractor Lockheed Martin hosted Jamboree in a squat, six-story office building equipped with “secure, compartmented information facilities” for classified work at 13560 Dulles Technology Drive in Herndon, Virginia. “Jamboree 2012,” Intellipedia, on file with author. A SCIF is enclosed in fine metal mesh and other materials to block electromagnetic signals from coming in or going out.
Jamboree celebrates technical: One definition of “jamboree” is, in fact, a revel or carousal. See Oxford English Dictionary, online at www.oed.com/view/Entry/100700?redirectedFrom=jamboree.
“As many of you know”: Quoted in “InSIDers View of History: A Lesson Learned in Personal Accountability,” SID Today, December 24, 2004, first published in The Intercept.
relied upon exceptional colleagues: A partial list of others, not named here, included Alice Crites, Jeff Leen, Jason Ukman, Peter Finn, Craig Timberg, Steven Rich, Peter Wallsten, Todd Lindeman, Marc Fisher, Craig Whitlock, and Jennifer Jenkins.
from slide 3 to slide 4: NSA briefing slides, “SSO Collection Optimization,” January 7, 2013, on file with author.
read “Emo Cat”: This combines two common photographic memes. For a guide, see the reference site Know Your Meme at https://knowyourmeme.com/memes/subcultures/cats and https://knowyourmeme.com/memes/cultures/emo. For the ubiquity of cat memes, a neural network trained by programmers to categorize images taken from YouTube found more with cats than any other subject. See Andrew Ng and Jeff Dean et al., “Building High-Level Features Using Large Scale Unsupervised Learning,” Proceedings of the 29th International Conference on Machine Learning, Edinburgh, Scotland, 2012, https://arxiv.org/pdf/1112.6209v3.pdf.
“I know these guys”: Ashkan Soltani, September 19, 2013.
“I, like a lot of people”: Ashkan Soltani to author, email, June 2017. Emphasis in original.
“‘men in black’ types”: Barry Sonnenfeld’s 1997 film depicted a secret agency that protected Earth from dangerous aliens. See “Men in Black,” Internet Movie Database, www.imdb.com/title/tt0119654/.
567-question psychological test: This is the Minnesota Multiphasic Personality Inventory, or MMPI-2. See https://psychcentral.com/lib/minnesota-multiphasic-personality-inventory-mmpi/.
SF-86 Questionnaire: The Questionnaire for National Security Positions is available at www.gsa.gov/forms-library/questionnaire-national-security-positions.
Alan Tu: The author verified Tu’s identity by his driver’s license and his NSA assignment by a document in the Snowden archive.
Soltani’s father had grown: Ashkan Soltani requested that the author not include the full names of family members.
fled to America: Family history courtesy Ashkan Soltani’s older sister, July 2018. The family prefers that I not name the siblings and parents.
my first NSA story: Barton Gellman and Laura Poitras, “U.S., British Intelligence Mining Data from Nine U.S. Internet Companies in Broad Secret Program,” Washington Post, June 6, 2013, http://wapo.st/1LcAw6p, archived at https://archive.is/cYyFe.
piece of the backbone: What is known as the backbone of the global communications network is a complex infrastructure with major components including trunk lines of fiber optic cable, high-capacity switches known as core routers, cable landing stations where undersea cables join terrestrial networks, and Internet Exchange Points. The majority of worldwide telephone and internet traffic passes to, from, or through U.S. infrastructure.
$394 million: FY 2013 Congressional Budget Justification, Volume 1, National Intelligence Program Summary, on file with author. See Craig Timberg and Barton Gellman, “NSA Paying U.S. Companies for Access to Communications Networks,” Washington Post, August 29, 2013, at https://perma.cc/4C9Y-HLJW. For more on the so-called black budget, see www.washingtonpost.com/wp-srv/special/national/black-budget/.
tunnel just about anywhere: Even overseas, the NSA may not target a U.S. person for surveillance without a warrant from the FISA Court, but that does not stop it from tapping the infrastructure of U.S. companies. (See chapter 8.) By agreement, with few exceptions, the NSA also restrains itself from clandestine surveillance in Canada, the United Kingdom, Australia, and New Zealand—the other four members of the Five Eyes intelligence partnership. Undisclosed operations inside other allied countries are regarded as risky but not out of bounds.
man in the middle: In a man-in-the-middle attack, the NSA places or takes
control of equipment directly in the path of digital traffic from one server to another. This enables the agency to read—and alter, for example by injecting malware—the data flow between source and destination.
man on the side: A man-on-the-side attack gives the NSA access to but not control of equipment, such as a router or switch, that stands between the source and destination of digital traffic. This allows the agency to read but not alter the flow of data.
in NSA parlance, interactive: PowerPoint presentation, “NIOC Maryland Advanced Computer Network Operations Course,” slide 7, on file with author.
2,588 such interactive missions: Ibid, slide 21.
Tailored Access Operations: A colleague reported in 2017 that the unit has been renamed Computer Network Operations. Ellen Nakashima, “NSA Employee Who Worked on Hacking Tools at Home Pleads Guilty to Spy Charge,” Washington Post, December 1, 2017, www.washingtonpost.com/world/national-security/nsa-employee-who-worked-on-hacking-tools-at-home-pleads-guilty-to-spy-charge/2017/12/01/ec4d6738-d6d9-11e7-b62d-d9345ced896d_story.html.
Decipio—Circumvenio—Latrocinor: The author thanks Yelena Baraz, associate professor of classics at Princeton, for the translation.
an actual cartoon: Unsigned NSA diagram, “Network Shaping,” classified TS//SI//REL, on file with author, and reproduced online at www.documentcloud.org/documents/2922412-Shaping-Diagram.html. For a much more detailed NSA explanation, see the eighty-one-page “Network Shaping 101” slide deck at https://perma.cc/K7AB-MKLQ. For the civil liberties risks associated with network shaping, see Axel Arnbak and Sharon Goldberg, “Loopholes for Circumventing the Constitution: Unrestrained Bulk Surveillance on Americans by Collecting Network Traffic Abroad,” Michigan Telecommunications and Technology Law Review 21, issue 2 (2015), at https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2460462.
take control of a switch: I use the term generically. The switch might be, for example, a “core router” with very high capacity that directs traffic on internet cables.