By David K. Shipler
In the rush after the Paris attacks to step up surveillance, the usual arguments are being heard on one side about violations of civil liberties, and, on the other, about obstacles to monitoring because of what CIA director John Brennan derides as “hand-wringing” over government intrusion. But there is a less visible problem, often mentioned by former intelligence officials: Excessive, unfocused surveillance has produced floods of information beyond what the professionals can digest and analyze.
At an illuminating panel in Washington two months ago, three former officials of the National Security Agency—Thomas Drake, William Binney, and J. Kirk Wiebe—made precisely that point, and if you talk to others who have been in the business, many of them will tell you the same thing. The petabytes of data that have been vacuumed up almost indiscriminately since 9/11 are stored untranslated, unread, and unsifted in digital files, well off the radar of the agents who are charged with spotting radicals before they commit the next atrocity.
The American Civil Liberties Union, whose overriding goal is to protect constitutional rights, came up with the perfect metaphor after the Patriot Act diluted the Fourth Amendment’s protections in 2001: You don’t find a needle in a haystack by increasing the size of the haystack. Yet expanding the haystack is what was done, and is what is now being proposed.
“Each analyst has to look at 200,000 people,” said William Binney, a crypto-mathematician who was pressured into retirement after complaining about NSA practices. As a result, he said, a good deal goes unnoticed, and few terrorist plots in the United States have been prevented by surveillance.
One example was the attack by two gunmen last May on an anti-Muslim contest of cartoonists drawing blasphemous caricatures of the Prophet Muhammad. Police outside the meeting hall in Garland, Texas, killed the two after one shot a private security guard. “Two days before,” Binney said, “a member of Anonymous [the hacker collective] tipped off the police. Our intelligence community said absolutely nothing. They were too buried in data.”
One of the gunmen, Elton Simpson, had posted a Tweet earlier that day promoting the Twitter account of Junaid Hussain, a British hacker who joined the Islamic State in Syria two years before. That should have been a tip-off, because Simpson was not unknown to authorities. The FBI began investigating him in 2006, The New York Times reported; he had been charged with lying to agents and in 2011 was sentenced to probation.
But if the NSA had a warrant to monitor him—legally required because he is an American citizen—it didn’t bear fruit. Without being inside the agency, it’s impossible to know why, except to speculate along Binney’s line of reasoning: “buried in data.” Several other misses or near-misses can be added to that list, including the Boston Marathon bombing; the underwear bomber in an airliner over Detroit, whose explosives fizzled; and the aborted bombing in Times Square.
Binney helped develop a sophisticated NSA program called ThinThread, which “eliminated the need to accumulate and store all the data,” he said. It had two key properties: It filtered out irrelevant information, unrelated to people who were not legitimate targets, and it encrypted the communications of “United States persons,” defined by law as American citizens anywhere in the world and non-Americans who are permanent, legal residents of the U.S. Decryption would have been possible only with a key provided by the Foreign Intelligence Surveillance Court upon granting a warrant.
“We can recognize all the U.S. citizens right up front—the content flowed right by,” Binney explained. From “the rest of the world,” where warrants were not required, he said, “we pulled out only those on the target list.”
So ThinThread could automatically focus and protect. It was ready eight months before the 9/11 attack, but it was not deployed. Instead, the NSA went with a much more expensive program, Trailblazer, developed by a private contractor. It never worked properly, and after 9/11, the Bush Administration authorized the NSA to monitor Americans without warrants, using components of ThinThread without the filters that would guard their privacy.
Binney joined with Wiebe and Drake to complain to Congress, and then to the Defense Department’s Inspector General, about both the wasteful outside contract and the warrantless surveillance of Americans. They were then hounded by the NSA, and after leaks about the warrantless surveillance to the press, the FBI conducted brutal searches of their homes. Drake was forced to leave the NSA without his government pension, was indicted, and was financially ruined before the case against him collapsed.
If there is a vague impression among Americans that the surveillance has foiled lots of terrorist attacks, it is incorrect. Many of the most spectacular terrorist plots prevented by law enforcement in the United States have not relied on NSA surveillance but have been concocted during sting operations by the FBI, using undercover agents or informants who have tread close to the line of instigating the crimes.
The FBI equipped a would-be bomber with a disarmed suicide vest as he headed to the Capitol, offered a dummy missile to a hapless fellow in New York, and provided an Oregon college student with a van he thought contained explosives—six 55-gallon drums of inert material, inoperative blasting caps, and a gallon of diesel fuel to give the van just the right smell. The FBI even gave him a cell phone, which didn’t trigger anything except his arrest when he punched in a number.
Granted, intelligence agencies need to keep track as well as they can without shredding the Constitution. Encryption apps that seem to stay ahead of the NSA are compounding the problem. But if officials don’t look squarely at their own processes, they will fail us again and again.
They are already deflecting blame by pointing to Edward Snowden’s disclosures in 2013 of the NSA’s massive collection of meta-data, meaning every phone number and email address contacted by virtually everyone in the U.S. The revelation prompted the Obama administration to curtail the program, which had invaded everyone’s privacy but had never interrupted a single terrorist attack. And major assaults had occurred before Snowden leaked the documents, so the allegation that he’s responsible is unsupported.
More serious is the fact that the culture of massive collection has gone unrecognized and unaddressed. By shining too many lights on too many innocents, it creates blindness.
The collection mania was even a problem for the Soviet KGB in pre-Internet days, much to the benefit of political and religious dissidents. Once, a small group of Christian fundamentalists passed the word to American correspondents, face-to-face, that they planned a demonstration in Red Square to demand the right to emigrate to the West, where they could practice their religion freely.
As we reporters arranged with one another to cover the protest, we talked only in person, usually outside and away from the microphones we assumed were planted in our offices and apartments. We avoided the phones, of course, which were surely tapped. But an hour or so before the appointed time, my office phone rang, and a colleague from another news organization asked if I would be going to the demonstration in Red Square at noon. I was stunned by his carelessness, told him I had planned to, but doubted that it would happen now, with the KGB alerted.
Still, a few of us set off in a car, past the KGB guard at the entrance to our apartment house, and down to Red Square. Surprisingly, there was no police contingent in the square except for the one or two officers who usually patrolled lazily. We saw the small cluster of demonstrators, waiting for the correspondents. When we arrived, they unrolled a huge cloth banner they’d been hiding and stood with it for what seemed like an age, until one of the uniformed cops saw them, did a double take, and rushed over to grab the sign. A few plainclothes agents, also stationed routinely in the square, ran to provide reinforcements, but too late. The banner was ripped away, and the demonstrators were arrested. But they’d gotten their message out to the world, as they had intended.I’ve thought since that the KGB must have had so many reels of taped conversations from our phones that translators and transcribers were way behind. I wonder whether anybody in the agency took a lesson from the incident about the indiscriminate collection of too much information.