A Tap Without a Wire

Following the collapse of the Soviet Union, the NSA was significantly downsized and defunded. Seeking a new raison d'être and a new way to remain financially relevant, the NSA decided to go commercial. Back in June of 2000, the agency released a statement announcing that it was pursuing a "government-industry partnership for information technology infrastructure services." Or: outsourcing. On Sept. 1, 2001, just 10 days before the terrorist attacks, Government Executive magazine investigated the transformation in an online article:

Beginning in November, hundreds of National Security Agency technology specialists will walk out the doors ... ending their careers as federal workers. But nearly all will return the next day to do the same jobs they did before, as contractors under the largest outsourcing ever conducted by an intelligence agency. ... One of the largest IT outsourcing pacts in government, ... NSA's Project Groundbreaker contract reflects a growing recognition by agencies that private companies can provide better IT support at lower prices than federal workers can.

With the recent communications revolution and the downsizing of the NSA, former NSA Director (now Director of CIA) Michael Hayden made it his goal to "get the technology of the global telecommunications revolution inside this agency." To do that, Hayden brought new executives into the NSA, including Harry Gatanas, a military and intelligence veteran turned business executive. Gatanas told the press: "Really, nothing is sacred. If it's not a core competency, then we'll look at the potential of outsourcing it."

That sentiment echoes the NSA's December 2000 "Transition Report", unveiling "Groundbreaker," which refers to "the decision to outsource routine information technology functions." The NSA mission is said to require the agency to "live on the network." Almost a year before Sept. 11, the report stated that "NSA will be a legal but also a powerful and permanent presence on a global telecommunications infrastructure where protected American communications and targeted adversary communications will coexist."

Even back in 2000, the NSA recognized the possible conflicts with Fourth Amendment rights. "The Fourth Amendment is as applicable to eSIGINT [electronic signals intelligence] as it is to the SIGINT [signals intelligence] of yesterday and today. The Information Age will however cause us to rethink and reapply procedures, policies and authorities born in an earlier electronic surveillance environment. ..."

By December 2000, the NSA had already claimed that its new mission was "well under way." In a statement reminiscent of Vice President Cheney's nostalgia for the days of broader executive power, the NSA proclaimed, "This new model for eSIGINT ... in the Information Age may require a restatement and endorsement of the policies and authorities that empowered NSA in the Industrial Age." After the 9/11 terrorist attacks, concerns about Fourth Amendment violations were swept aside with the "national security" argument, providing a broad-spectrum justification for any possible constitutional violations.

Data Mining Begins

Upon reading an article in USA Today alleging government spying on American communications, Philadelphia resident Norman LeBoon wondered if communications on his Verizon land line were being shared with the government. After a string of e-mails, LeBoon says he finally reached "Ellen" in customer service, who had this to say: "I can tell you, Mr. LeBoon, that your records have been shared with the government, but that's between you and me. ... They [Verizon] are going to deny it because of national security. The government is denying it and we have to deny it, too. Around here we are saying that Verizon has 'plausible deniability.' "

LeBoon is part of a class-action suit against the major telecommunications companies brought by lawyers Bruce Afran and Carl Mayer. Their case is remarkable not only in that it references such blatant admissions by Verizon employees, but also because the two lawyers claim to have evidence that AT&T was approached by the National Security Agency before 9/11 as part of the aforementioned Project Groundbreaker, which gave the government access to an unprecedented amount of the personal data of American citizens.

The data-mining program has been aided in no small part by the recent spree of telecommunications mergers that have gone through with little or no regulations thanks to cursory reviews by the Department of Justice.

Apart from the instances in which Verizon employees told customers of the program's existence, the size of the program and the number of businesses involved make it impossible for it to be completely obscured from the public. The technology installed in cooperative telecommunications companies is designed to sift through massive quantities of consumer communications. One such provider of data-mining technology to the government is Narus. The company puts AT&T at the top of its list of customers, but Narus has also been publicly connected directly to the NSA. Whistle-blower Mark Klein, a retired AT&T employee, has provided documents showing that Narus' technology was to be installed in a San Francisco facility at the behest of an NSA agent. The vice president of marketing for the company, Steven Bannerman, notes that the technology "enables network operators to spot viruses and identify human targets, such as spammers or potential terrorists."

While the equipment includes law-enforcement features that prevent searches in any data apart from court-approved targets, the use of those features is optional, leaving no formalized regulation of targeting.

The point of data mining is that you don't know exactly what you're looking for, searching instead for relationships and patterns in data. Lee Tien, an attorney at the Electronic Frontier Foundation, explains, "The idea is to take advantage of the fact that huge amounts of transactional data are produced every day in the course of our routine day-to-day lives and that each person is going to be leaving footprints."

Despite the ominous scope of a program targeting the daily routines of everyday Americans, President Bush has assured the nation that the government is not "mining or trolling through the personal lives of millions of innocent Americans."

In May 2006, former NSA analyst Ira Winkler wrote a heated rebuttal to Bush's assurances in Computer World:

They claim that the NSA is not receiving any personally identifying information. Frankly, you have to be a complete moron to believe that. ... By simply tying numbers together -- and intelligence discipline of traffic analysis -- I assure you I can put together a portrait of your life. I'll know your friends, your hobbies, where your children go to school, if you're having an affair, whether you plan to take a trip and even when you're awake or asleep. Give me a list of whom you're calling and I can tell most of the critical things I need to know about you.

When you start to understand the scope of the program, you realize why the Bush administration balked at the notion of obtaining a warrant for each individual whose information it intended to search. In order for data mining to be a thorough program, for the NSA to, as Hayden put it, "live on the network," the government needs to have blanket access to telecommunication companies across the country. The problem for the program began when one company, Qwest, refused to comply.