The NSA’s Brave New World

When Russell Tice, former NSA and DIA employee, first spoke to the public in January about the administration’s spying on Americans, he received a lot of attention.

He testified to Congress on February 14 yet this received almost no attention despite the fact that he revealed important information.  The only traditional media article I could find was from UPI:

Russell D. Tice told the House Government Reform Subcommittee on National Security, Emerging Threats and International Relations he has concerns about a “special access” electronic surveillance program that he characterized as far more wide-ranging than the warrentless wiretapping recently exposed by the New York Times but he is forbidden from discussing the program with Congress.

Tice said he believes it violates the Constitution’s protection against unlawful search and seizures but has no way of sharing the information without breaking classification laws. He is not even allowed to tell the congressional intelligence committees – members or their staff – because they lack high enough clearance.

Tice was one of the New York Times sources for its wiretapping story, but he told the committee the information he provided was not secret and could have been provided by an private sector electronic communications professional.

When Tice refers to a “special access” program, he is referring to something with the legal definition of “Special Access Program”.  It’s what Hollywood movies and ordinary people call a “military black op”.  It’s an operation run by the military which is classified and whose funding comes from a budget which is not described to Congress.

I wrote about them in detail back on January 18 of this year.  Essentially SAP’s have three sub-classifications.  One is “acknowledged”, a program which has been declassified and revealed to the public (such as the F-117 stealth fighter).  A second is “unacknowledged” which is classified but the members of certain Congressional committees are briefed in detail.

The third, most secretive kind of SAP is called “waived”.  These are so secret that only the “Big 8” or “Gang of 8”, the top 4 Senators and Representatives in certain committees are ever briefed on the programs and they are not allowed to share the information with anyone, including other members of their committees.

The administration (and now much of the media) has been calling the domestic wiretapping program as the Terrorist Surveillance Program (TSP).  This is the one which has been in the news, involving wiretapping international phone calls with one end of the call in the United States.  I refer to it as Domestic Spying Program One (DSP1).  This program was a “waived” SAP.

As I’ve said before, this is not the only DSP in operation.  In fact when I wrote about Tice on January 20, I mentioned that he warned of a completely different DSP.  Since he cannot testify about it in public, we’ll probably never learn what that is but it’s clear that it’s another “waived” SAP.

I was very curious about Tice’s comment that it could have been a “private sector electronic communications professional” who was an additional source to James Risen for his NYT article which revealed the existance of DSP1.  I wanted to see if I could figure out who that might be.

My best guess is that it would be someone at Computer Sciences Corporation (CSC).  Back in 1999, the NSA took “quiet steps” to outsource its data centers and “other pieces of information technology infrastructure”.

It offered a contract for 2 billion dollars to a private company, the winner of which would then be expected to hire up to 2,000 NSA employees, to handle a number of tasks for the NSA.  This contract was known as “Operation Groundbreaker”.  A number of companies competed for this, including AT&T, but in the end it was awarded to CSC.  The good folks over at CSC had won a 1998 contract from the NSA called “Project Breakthrough” which concerned handling the operations and maintenance of the NSA’s computer systems.

CSC is well known for its data mining operations.  It has a contract with the Department of Education to handle its database and yes, do data mining operations.  They’ve also worked on similar projects with private businesses including IBM and some large banks.

Of course there’s no way to know exactly what services CSC has been providing for the NSA but considering the company’s long-running relationship and its other activities in the private sector, it seems likely that CSC handled some data mining activities for NSA.  But Tice wasn’t talking about data mining specifically, he was referring to wiretapping the phone calls of American citizens.  Is it possible that CSC was involved in that? I can’t say.

Other companies with NSA contracts include Certicom, who was tasked with routing secure sensitive but unclassified data within the U.S. government at large.  Certicom has certain patents on how to ecrypt data and it looks like the NSA wants to make that all unclassified but secure data in the U.S. uses these standards.

You may also be surprised to learn that the NSA has contracts with both Reuters and the Associated Press and that both of these contracts are classified.

Back in 2002, the NSA awarded a contract to Science Applications International Corporation (SAIC) for a program called TRAILBLAZER.  SAIC actually was the lead company in a team formed from other companies, including CSC, to handle the contract which originally was for 280 million dollars.  This was conceived of in 2000 to help the NSA process the “overwhelming” amount of data it was collecting after its computers blacked out.  The TRAILBLAZER program went over budget by several hundred million dollars.

From April 19, 2005:

“Although we can’t discuss specifics, several Trailblazer technologies and products have been used successfully by the intelligence community, as well as by the Department of Defense since 9/11,” spokeswoman Mary Payne told United Press International. “Trailblazer has contributed to this agency’s success while the agency has been on a wartime footing.”

So it looks like both DSP1 as well as the numerous data mining programs might be partially operated by the private sector through Trailblazer (which the Chicago Tribune describes as a data mining effort) and Groundbreaker.  And that puts the SAIC group and CSC squarely in the position of being the private contractors who could’ve been some of Risen’s sources.

If it’s difficult to figure out which private contracter might’ve spilled the beans on DSP1 to James Risen, it’s even more difficult to figure out what all the other DSP’s currently in effect are.  On February 15, the Washington Post described how the National Counterterrorism Center has an internal database of 325,000 names supposedly linked to terrorists and that some of this information is provided by the NSA.

The traditional media and Congressional hearings have been focusing on DSP1 and how it was “authorized” in violation of FISA.  I want to remind everyone what Gonzales said during his testimony about DSP1 in front of the Judiciary Committee on February 6:

GONZALES: I’m sorry. Can I make one point about in response to Senator Kohl? I made this point, but I want to make sure the committee understands this in terms of domestic-to-domestic Al Qaida communications.

I said that we’re using other authorities. I mean, to the extent we can engage in intercepting Al Qaida domestic-to-domestic calls, even under FISA, if we can do it, we’re doing it.

So I don’t want the American people to believe that we’re doing absolutely nothing about Al Qaida domestic-to-domestic calls.

The president made a determination, “This is where the line’s going to be,” and so we operate within those boundaries. And so we take advantage of the tools that are out there.

And if FISA isn’t always the most efficient way to deal with that, if that’s all we have, that’s what we use.

In this he seems to be saying that the DSP1 does not refer to domestic-to-domestic phone calls and that the administration has to rely on FISA if that’s “all they have”.  But they may “have” something else entirely.

There is a little-known exception to FISA and intelligence collecting by the NSA if it’s done in the guise of a “training exercise” or “training mission”.  Sometimes tin-foil hat Wayne Madsen (himself a former NSA employee) wrote about this before the DSP1 was publically revealed:

The political surveillance operations directed against current and former U.S. government officials and serving and retired U.S. military officers who opposed the neoconservative game plan was primarily carried out by NSA’s super-classified “black ops” organization, the Special Collection Service (SCS)–a joint NSA/CIA “higher-than-Top Secret” joint activity headquartered in Beltsville, Maryland.

Tasking was conducted through NSA’s Signals Intelligence Directorate (SID) and authority was granted by Hayden to largely bypass USSID 18 legal restrictions by using off-the-books “training missions” as a cover. Although training mission intercept data collected on U.S. persons is to be destroyed after completion of the mission, intercepts of phone calls made by scores of U.S. government and private persons found their way into the hands of Bolton, Cheney, and other neoconservative elements within the Bush administration.

What Madsen saying about exemptions for training missions is true, as I wrote about somewhat here.  U.S. intelligence rely on three guidelines (explained in more depth here) for electronic surveillance: Executive Order 12333, FISA and DoD 5240.1-R.  According to EO 12333, section 2.4:

Agencies within the Intelligence Community shall use the least intrusive collection techniques feasible within the United States or directed against United States persons abroad. Agencies are not authorized to use such techniques as electronic surveillance, unconsented physical search, mail surveillance, physical surveillance, or monitoring devices unless they are in accordance with procedures established by the head of the agency concerned and approved by the Attorney General. Such procedures shall protect constitutional and other legal rights and limit use of such information to lawful governmental purposes. These procedures shall not authorize:

(a) The CIA to engage in electronic surveillance within the United States except for the purpose of training, testing, or conducting countermeasures to hostile electronic surveillance;

So there’s one exploitable loophole right there.  The NSA is a division of the DoD so they also must abide by DoD 5240-1r.  Here are some quotes:

C5.6.2.2.1.  Except as permitted by paragraph C5.6.2.2.2. and C5.6.2.2.3., below, the use of electronic communications and surveillance equipment for training purposes is permitted, subject to the following limitations:

C5.6.2.2.1.1.  To the maximum extent practical, use of such equipment for training purposes shall be directed against communications that are subject to lawful electronic surveillance for foreign intelligence and counterintelligence purposes under Parts 1, 2, and 3 of this procedure.

C5.6.2.2.1.2.  The contents of private communications of non-consenting United States persons may not be acquired aurally unless the person is an authorized target of electronic surveillance.

C5.6.2.3.  Retention and Dissemination.   Information collected during training that involves communications described in subparagraph C5.6.2.2.1.1., above, shall be retained and disseminated in accordance with minimization procedures applicable to that electronic surveillance.

Information collected during training that does not involve communications described in subparagraph C5.6.2.2.1.1., above, or that is acquired inadvertently, shall be destroyed as soon as practical or upon completion of the training and may not be disseminated for any purpose.

So there you have it.  It can be collected as part of a training mission but must not be disseminated.  So it can be collected but it’s only when it’s transmitted that it’s breaking the law.  Except of course unless it complies with the “minimization procedures” that are “applicable”.

That’s very key right there because Senator Biden asked Gonzales about the minimization procedures during Gonzales’ testimony on February 6:

BIDEN: By definition, you’ve acknowledged that these minimization — the very minimization programs that exist under FISA, you’re not bound by. You’ve acknowledged that you’re not bound by FISA under this program.

Therefore, are you telling me the minimization programs that exist under FISA, as the way FISA is applied, are adhered to?

GONZALES: OK, I’m sorry if I was confusing in my response.

What I was meaning to say is that there are minimization requirements. Those minimization requirements are basically consistent with the minimization requirements that exist with respect to FISA if FISA were to apply.

BIDEN: Would it be in any way compromising the program if you made available to the Intelligence Committee what those minimization procedures that are being followed are?

GONZALES: Well, of course, the minimization procedures themselves, under 12333, and I believe perhaps under the FISA Court, are classified. I also believe they probably have been shared with the Intel Committee.

BIDEN: They have not, to the best of my knowledge. They have not been shared with the Intelligence Committee to the best of my knowledge, unless you’re talking about this very small group of the chairman and the ranking member.

GONZALES: Sir, I’m talking about the minimization procedures for 12333 and for FISA.

BIDEN: Let me very precise.

GONZALES: OK.

BIDEN: I have not heard of NSA saying to the Intelligence Committee, “We are binding ourselves as we engage in this activity under the minimization procedures of 12333, as well as other statutes.” I’m unaware that that’s written down or stated anywhere or been presented to the Intelligence Committee. Can you assure us that has been done?

GONZALES: No, sir, I can’t assure you that.

Again they’re discussing DSP1 but Gonzales seems to be indicating that new minimization procedures have been authorized, perhaps for DSP1 and perhaps also for other DSP’s.

“Minimization procedures” are the guidelines about what can be distributed to whom (for FISA’s see here).  The NSA has a set of rules and regulations on what information it can collect but the minimization procedures decide WHO can get the information.

As I wrote in my article Reefer Madness at the NSA, General Hayden more or less admitted that these minimization procedures had been modified post 9/11 and that more “raw” data was being given to the administration.  Madsen isn’t the only one who noticed this:

But after Bush was sworn in as president, the way the NSA normally handled those issues started to change dramatically. Vice President Cheney, as Bob Woodward noted in his book Plan of Attack, was tapped by Bush in the summer of 2001 to be more of a presence at intelligence agencies, including the CIA and NSA.

“Given Cheney’s background on national security going back to the Ford years, his time on the House Intelligence Committee, and as secretary of defense, Bush said at the top of his list of things he wanted Cheney to do was intelligence,” Woodward wrote in his book about the buildup to the Iraq war. “In the first months of the new administration, Cheney made the rounds of the intelligence agencies – the CIA, the National Security Agency, which intercepted communications, and the Pentagon’s Defense Intelligence Agency. “

It was then that the NSA started receiving numerous requests from Cheney and other officials in the state and defense departments to reveal the identities of the Americans blacked out or deleted from intelligence reports so administration officials could better understand the context of the intelligence.

That right there shows that the minimization procedures have been modified.  I’m not sure if any members of Congress are even aware of what those new ones are.

With new minimization procedures in place, this means that the government can do an “end run” around FISA restrictions by using the “training” exemption or that anything new was authorized by the Attorney General.  This basically opens the door to unlimited spying on Americans by the NSA.

With the training exemption also in effect for the CIA, this could mean that there are multiple agencies running multiple DSP’s which eventually feed into that NSTC database with 325,000 names in it – many of them matching ordinary, innocent Americans.

Incidentally, FISA-acquired information (obtained via FISC warrant) may only be disseminated by minimization procedures established by the Attorney General, with EO 12333 providing “additional instances” where dissemination of that information is permitted.  In plainer English, this means that NSA “raw” data can now be fed into the Hydra-like series of government databases which I’ve written about before, including ADVISE, JPEN, CORNERSTONE, TOPSAIL, SECURE FLIGHT and the SIMAS (State Department) which is then used by various agencies/groups like CIFA and Able Danger.

In summary, after 9/11, the government (specifically the Attorney General) modified the “minimization procedures” in effect for intelligence agencies, with the net result that a LOT of data that had been previously collected but destroyed could now be disseminated to a wide variety of government agencies, which then took that data and conducted surveillance against anti-war groups, Quakers, vegans and also added thousands of names of Americans to their databases and that information was “processed” using data mining techniques supposedly for the “war on terror” but in reality resulted with almost no actionable intelligence.

The minimization procedures themselves are classified, as is the data stored in the various databases, as is the nature and scope of those databases, and not even Congress seemingly has the “security clearance” to be informed about these programs by whistleblowers like Russell Tice.

“O wonder!
How many goodly creatures are there here!
How beautious mankind is!
O brave new world,
That has such people in it!”

–Shakespeare, The Tempest, Act V, Scene I

This is cross-posted from Flogging the Simian

Peace

Author: soj

If you don't know who I am, you should :)