Business Week June 6, 2006
Keeping an Eye on the Snoops
With government eavesdropping getting more aggressive, privacy safeguards need to be beefed up
By Otis Port
In recent months, the National Security Agency and the Bush Administration have been taking increasing heat for bending the rules in the hunt for terrorists. Instead of focusing almost exclusively on collecting foreign intelligence, as it has done historically, the hush-hush NSA is turning its electronic ears on U.S. communications.
The controversy turned white-hot in May, when USA Today identified three major phone companies that are allegedly cooperating with the NSA in an effort to sift through the phone records of millions of Americans. The companies -- AT&T (T ), BellSouth (BLS ), and Verizon (VZ ) -- all deny that they are illegally providing NSA with information.
Now, the Administration is pushing for access to more Web-surfing records. On June 2, government officials met with representatives from Verizon, Google (GOOG ), Microsoft (MSFT ), and others to persuade the companies to retain the records of people's Internet activities for as long as two years. The companies, which now hold onto that data for a few weeks or months, are continuing discussions with the Administration on the issue, says one source from a company involved.
In the end, though, all the fuss is much ado about not very much -- at least for longtime watchers of NSA, an arm of the Pentagon created to dig up foreign intelligence. NSA's trespassing in U.S. communications has been a cause célèbre before. The last time was when President Richard Nixon bugged his political opponents during the infamous Watergate era. That led, not only to Nixon's downfall, but also to some severe restrictions to ensure that NSA respects the privacy rights enshrined in the Constitution.
ANTI-TERRORISM RATIONALE. Of course, anticipating that an occupant of the White House would claim such rights can be ignored during a war on terrorism was as unforeseeable as the tragedy of September 11. The Administration's aggressive pursuit of terrorists is commendable, but its conduct with respect to privacy certainly merits intense scrutiny (see BW Online, 05/29/06, "The Spying Goes Beyond Snooping").
Still, even if NSA were getting help from some phone companies, it's not like NSA has never had access to this information. Before the Internet boom in the 1990s, NSA's worldwide network for monitoring electronic communications routinely scooped up called and calling numbers in long-distance phone traffic, plus the voice or data content. That's because the calls often went airborne at some point, traveling between microwave towers or satellite relays -- and any wireless signal is a snap for NSA to intercept.
In fact, it would be difficult for NSA's network to avoid picking up such wireless communications. Air Force General Michael Hayden -- President George Bush's pick for the next director of the Central Intelligence Agency and currently the Pentagon's top intelligence officer -- conceded as much in January. He said NSA "inevitably captures" domestic traffic" in the normal course of foreign intelligence activities."
SOPHISTICATED SPREADSHEETS. NSA won't say if it ever whipped up a database of dialing and dialed numbers to hunt for recurring links that might point to bad guys in the U.S. But it's doubtful. Sophisticated data-mining software is a fairly recent development, and intelligence experts believe that since the mid-1970s, NSA has kept its nose clean inside the U.S. So getting spreadsheets from telephone companies with neatly arranged numbers, as has been alleged, would save a lot of time.
Besides, NSA might not have many other options today. Since the U.S. binged on fiber-optic cables, the volume of domestic calls making a wireless hop has plummeted. The change is so dramatic that it has been offset only partly by the growth of cellular-phone use.
NSA could dispatch spooks to tap the fiber-optic cables. That's tough -- but not impossible, as is sometimes asserted. The U.S. Navy has built at least two special submarines that install taps on fiber-optic cables at sea. The latest is the USS Jimmy Carter, which entered service last year. But physical taps on telecom cables on U.S. soil would surely be spotted, sooner rather than later.
CLASS ACTION FILED. That may explain the arrangement that has outraged privacy stalwarts at the Electronic Frontier Foundation (EFF). A former AT&T technician gave the San Francisco group internal company documents, which purportedly describe secret, NSA-staffed rooms inside AT&T switching centers that could be used to monitor phone calls and e-mail. According to a lawsuit EFF has filed, a so-called splitter, or tap, on fiber-optic cables runs into the secret rooms, providing NSA with access to all Internet and voice traffic flowing through that center. The EFF class action, filed in January, seeks to stop AT&T from providing the NSA with access to its network.
AT&T said in a statement that its customers have "nothing less than our fullest commitment to their privacy," though the company also has "an obligation to assist law enforcement and other government agencies responsible for protecting the public welfare." It declined to comment beyond the statement.
To justify its more aggressive approach, the White House cooked up some unusual arguments. Basically, the Administration contends that the commander-in-chief powers conferred by the Constitution, plus the 2001 congressional resolution approving the use of military force in the war on terror, provide the legal grounds for President Bush to authorize the NSA to ignore the requirement for a warrant when bugging Americans.
LIFE DURING WARTIME? Initially, the White House claimed this applied only to communications between an American and a suspected terrorist or al Qaeda supporter who was outside U.S. borders. Under those conditions, said Attorney General Alberto Gonzales, warrantless bugging was O.K., because monitoring international communications is a normal part of waging war.
When the charge of data-mining of purely domestic calling records came to light, the Justice Dept. retorted that NSA needed a warrant only if the phone companies identified their customers. Since the data didn't include actual customer names, just phone numbers, no warrant was required. It's clear why the Administration felt backed into a corner. Under the Foreign Intelligence Surveillance Act (FISA), NSA can get a domestic warrant only if the agency can convince a judge there's good reason to suspect a person is involved in terrorism, espionage, or drug smuggling. FISA permits surveillance without a warrant for up to 72 hours if there's a reasonable suspicion of gathering enough evidence for a warrant within that period of time.
But that extra latitude is of little help in sifting through millions of phone records. The chance of finding a hint of terrorism in a real-time search of call data for any 72-hour period is less likely than winning the lottery. So attesting to reasonable suspicion would be a huge stretch. Besides, NSA can't specify which phones it wants to tap until after the numbers have gone through the data-mining mill.
Some lawmakers, lawyers, and intelligence experts buy the Administration's position -- as a wartime measure. Others don't. To critics, the White House is flat-out breaking the law. The harsher detractors charge that current policies, left unchallenged by Congress, could end up permanently distorting the Constitution's framework of checks and balances.
PAST ABUSES. "The constitutional theory under which they've justified this is monstrous," declares John E. Pike, president of GlobalSecurity.org and a longtime NSA watcher. It means that during a war, a President "can do whatever he wants, notwithstanding existing laws and regulations. If he doesn't like the way a law has been interpreted historically, or considers it inconvenient," says Pike, "he can just ignore it."
Even a former NSA chief, retired Admiral Bobby Ray Inman, has slammed the Bush team's rationale for no-warrant spying. Inman doesn't quibble with suspending FISA's rules temporarily, while NSA and other federal agencies scrambled to detect the second terrorist attack that many officials feared might follow on the heels of September 11.
But more than four years later, Inman figures the Administration should have asked Congress to update FISA and "deal with problems I didn't think of in '78." While he headed NSA from 1977 to 1981, Inman lobbied hard for the Foreign Intelligence Surveillance Act of 1978.
CELLULAR OPPORTUNITY. FISA was largely a reaction to past abuses of NSA's eavesdropping powers, particularly by President Nixon. He bugged scores of political enemies and antiwar activists such as Jane Fonda and Dr. Benjamin Spock.
NSA now poses a much more serious potential danger, because of the popularity of cellular phones and the Internet -- and not just in the U.S. NSA leads a collaboration of its counterparts in Britain, Canada, Australia, and New Zealand. For more than five decades, these cohorts have been operating a worldwide surveillance network known as Echelon.
Early on, Echelon's ears had a fairly easy task: just listening to radio signals. Oceans weren't spanned by copper phone cables until 1956, and commercial satellite communications emerged almost two decades after that. So radio was the workhorse. It carried encrypted military and diplomatic messages along with ordinary voice, telex, and telegraph traffic.
Today, NSA wields awesome power. It can eavesdrop on all wireless signals and fiber-optic cables that dip into a sea. Those two routes account for most communications outside the U.S. -- a lot of Europe's internal Internet traffic is actually shuttled to U.S. switching centers.
COMPUTER SCREENING. Pike and other experts believe that NSA bends over backwards to protect the identities of Americans, as its regulations require. First, NSA analysts inspect just a tiny fraction of e-mails and phone messages -- otherwise, NSA would need to employ every adult in the U.S. and then some. Computers do the initial screening. If someone in Chicago sends an e-mail to a relative in Afghanistan, and it triggers an alert, the Chicagoan's name is automatically replaced by an anonymous label such as "U.S. Person #1." Then it gets bounced to an NSA analyst for a look-see.
If the analyst decides the Chicagoan merits investigation by the FBI, restoring the person's name requires a FISA warrant. Otherwise, the intercept is dumped, along with the 99.999% of traffic that never gets seen by human eyes because it isn't kicked out by the computer filters.
However, a rogue NSA official could easily bypass the ban on snooping on Americans: Just ask one of its Echelon partners to do the dirty work. To them, Americans are foreigners and thus fair game.
HELPFUL PARTNERS. Such requests may be the exception, but they happen. And Nixon isn't the only chief of state to abuse Echelon. In 1983, Prime Minister Margaret Thatcher asked Britain's General Communications Headquarters (GCHQ) -- it runs Echelon's biggest eavesdropping facility -- to bug two of her cabinet ministers. That would have violated British privacy laws, so GCHQ handed the job to Canada's Communications Security Establishment (CSE), according to E. Michael Frost, a former CSE deputy director.
There's a crying need for better privacy safeguards that reflect today's world -- and mirror a consensus among America's gadget-happy, cell-phone addicts whose daily chats and text messages are grist for Echelon's computers. The Bush Administration shows no inclination to get the ball rolling, so the effort may have to wait until after the next Presidential election.
Two key questions are clear: Should FISA rules be changed to allow NSA to conduct needle-in-the-haystack data-mining searches, and if so, under what circumstances? Or would Americans prefer to slap much stricter limits on NSA's ability to poke its nose into domestic communications, even if that might increase the risk of terrorist attacks or hamper the battle against drug smuggling?
© Copyright 2006, The McGraw-Hill Companies Inc.