The NSA’s new data-mining facility is one component of a growing local surveillance industry.
By Greg M. Schwartz
Surrounded by barbwire fencing, the anonymous yet massive building on West Military Drive near San Antonio’s Loop 410 freeway looms mysteriously with no identifying signs of any kind. Surveillance is tight, with security cameras surrounding the under-construction building. Readers are advised not to take any photos unless you care to be detained for at least a 45-minute interrogation by the National Security Agency, as this reporter was.
There’s a strangely blurry line during such an interrogation. After viewing the five photos I’d taken of the NSA’s new Texas Cryptology Center, the NSA officer asked if I would delete them. When I asked if he was ordering me to do so, he said no; he was asking as a personal favor. I declined and was eventually released.
America’s top spy agency has taken over the former Sony microchip plant and is transforming it into a new data-mining headquarters — oddly positioned directly across the street from a 24-hour Walmart — where billions of electronic communications will be sifted in the agency’s mission to identify terrorist threats.
“No longer able to store all the intercepted phone calls and e-mail in its secret city, the agency has now built a new data warehouse in San Antonio, Texas,” writes author James Bamford in the Shadow Factory, his third book about the NSA. “Costing, with renovations, upwards of $130 million, the 470,000-square-foot facility will be almost the size of the Alamodome. Considering how much data can now be squeezed onto a small flash drive, the new NSA building may eventually be able to hold all the information in the world.”
Bamford’s book focuses on the NSA’s transformation since 9/11, with the impetus for the new facility being a direct ramification of those attacks. At the time, the NSA had only about 7 percent of its facilities outside the Washington D.C./Baltimore area. But the realization that additional attacks could virtually wipe out the agency catalyzed a regional expansion. [See “Secret Agency Man,” November 5, 2008.]
The new facility is a potential boon to the local economy since it’s reportedly going to employ around 1,500 people, but questions remain about whether there will be adequate oversight to prevent civil-rights violations like Uncle Sam’s recent notorious warrantless wiretapping program. The NSA would suggest the facility’s ability to sort through surveillance data is one of America’s top defenses against terrorist threats, but the NSA’s presence comes with concerns that abuse of its secretive power could see the agency become akin to the “Thought Police” of 1984, George Orwell’s classic novel depicting the nightmare of a total surveillance society — and all for nothing. Even as the facility is completed, a new government-backed report has concluded that data surveillance is an ineffective method for identifying potential terrorists or preventing attacks.
So just what will be going on inside the NSA’s new San Antonio facility? Bamford describes former NSA Director Mike Hayden’s goals for the data-mining center as knowing “exactly what Americans were doing day by day, hour by hour, and second by second. He wanted to know where they shopped, what they bought, what movies they saw, what books they read, the toll booths they went through, the plane tickets they purchased, the hotels they stayed in… In other words, Total Information Awareness, the same Orwellian concept that John Poindexter had tried to develop while working for the Pentagon’s [Defense Advanced Research Projects Agency].”
Bamford details how Hayden, now head of the CIA, had originally leaned toward being overprotective of civil rights, not wanting to see the NSA revisit the scandal-ridden era of the 1970s and the violations of “Project Shamrock.” But 9/11 altered Hayden’s philosophical direction 180 degrees. The Total Information Awareness project supposedly died when the plan was exposed, Poindexter resigned, and Congress cut off further funding. But Bamford and others have reported that the project simply migrated to the NSA, “an agency with a far better track record than DARPA for keeping secrets.”
The NSA remembers the Alamo
The NSA was waffling on selection of a home for its new facility when the City of San Antonio sent a mission to NSA headquarters in January 2007 to lobby for it, part of a continuing effort to woo the agency. On January 18, Microsoft announced its selection of San Antonio for a new data center. The NSA followed suit three months later. Bexar County Judge Nelson Wolff was part of the effort to entice the NSA to choose San Antonio. He says talks centered on economic factors and what the city could do to facilitate the NSA’s plans.
“They’re pretty tight on what they do; they don’t share that information with you,” says Wolff. “I hope that the administration will be addressing [civil-rights violations], and I hope they’re correcting those concerns.”
Bamford writes about how NSA and Microsoft had both been eyeing San Antonio for years because it has the cheapest electricity in Texas, and the state has its own power grid, making it less vulnerable to power outages on the national grid. He notes that it seemed the NSA wanted assurance Microsoft would be here, too, before making a final commitment, due to the advantages of “having their miners virtually next door to the mother lode of data centers.” The new NSA facility is just a few miles from Microsoft’s data center of the same size. Bamford says that under current law, NSA could gain access to Microsoft’s stored data without even a warrant, but merely a fiber-optic cable.
“What the Microsoft people will have will be just storage of a lot of the email that is being sent. They keep this email — I don’t know why — and there should be some legislation saying how long it should be kept,” said Bamford in a phone interview last week. “The post office doesn’t keep copies of our letters when we mail letters; why should the telecom companies or the internet providers keep copies of our email? It doesn’t make sense to me. But there’s no legislation. So they need a place to store it, and that’s where they’re storing all this stuff.”
(Microsoft did not return a call for comment before press deadline.)
The new NSA facility boosts the agency’s already formidable presence in South Texas, where they have 2,000 employees on the Medina Annex of the Lackland Air Force Base — mostly Signals Intelligence, or Sigint, specialists, who use cutting-edge technology to intercept anything from faxes to emails and satellite communications.
NSA’s new facility also gives the agency easy access to UTSA’s Institute for Cyber Security and the school’s Center for Infrastructure Assurance and Security. The ICS was founded in 2007 with a $3.5-million grant from the Texas Emerging Technology Fund to continue efforts to protect American communities against cyber-attacks, with the CIAS — a think tank launched in 2001 — being rolled into the ICS. All of this led U.S. Representative Ciro Rodriguez (D-San Antonio) to declare San Antonio “the center of cybersecurity, in the country and the world.”
ICS Founding Executive Director Ravi Sandhu acknowledges some synergy between the NSA presence in San Antonio and UTSA’s cybersecurity work.
“Cybersecurity in the public domain has largely been about defense, but there’s certainly an attack component to it. To some degree, the U.S. Department of Defense and intelligence agencies are now starting to talk about the attack component in the public domain,” says Sandhu.
Sandhu says UTSA’s cybersecurity students are recruited by many of San Antonio’s local employers and doesn’t doubt that NSA is one of them. “Recruiting is one end … but it’s an attractive thing for NSA employees [too]. They can further their education — they can do degrees part-time, they can do advanced degrees … so there are advantages beyond direct recruitment of NSA students.”
Does automated data mining even work?
While the opening of the NSA’s massive new data center heightens existing civil-rights concerns, a new report from the National Research Council questions whether such data-mining is even effective. Sponsored by the Department of Homeland Security and the National Science Foundation and released in October of this year, the report suggests that pattern-based data-mining is not even a viable way to identify terrorists.
The 352-page study —“Protecting Individual Privacy in the Struggle Against Terrorists” — concludes that identification of terrorists through automated data-mining “is neither feasible as an objective nor desirable as a goal of technology development efforts.” It also says inevitable false positives will result in “ordinary, law-abiding citizens and businesses” being erroneously flagged as suspects.
“Actions such as arrest, search, or denial of rights should never be taken solely on the basis of an automated data-mining result,” says the report. The question, then, is how rigorously will human analysts vet such information before alleged leads are pursued, and who has oversight of the process?
“Part of the problem is … jurisdiction over national-security issues is very divided in Congress. You have the Homeland Security committee, the Justice committee, but, of course, you also have some basic issues — government oversight, appropriations,” says Professor Fred Cate, the NRC committee member who wrote most of the report and who serves as director of Indiana University’s Center for Applied Cybersecurity Research. “So I think in some ways one of the issues is the need for a more streamlined oversight system so that somebody takes responsibility for it.”
Cate says the migration of the TIA project to the NSA is part of the problem.
“Because so many different agencies are involved and because there are no consistent oversight mechanisms, it’s very hard [to monitor]. And Congress created a Privacy and Civil Liberties Oversight Board, and then it didn’t like the way it created it initially, so then it recreated it with more powers, but it never confirmed any members to it,” says Cate. “So for the past year, there’s been nobody in that critical position. So I think one immediate step for Congress and the new president will be to nominate members and get them confirmed.”
The lack of clearly delineated oversight remains a vital yet unsolved issue. Senator Jay Rockefeller (D-W.Virginia), Chairman of the Senate Intelligence Committee, would appear to be the Congressman with the most power to pursue such oversight.
“Eisenhower warned of the military-industrial complex, but now it’s mostly the security, industrial complex; it’s these people that build all the hardware and software for Homeland Security and Intelligence and all that,” says Bamford. “As far as I can see, nobody has a handle on how many contractors are out there, what they’re doing, how much money’s going to them, how much is useful, how much is wasted money.”
Cate says the NRC committee is not necessarily opposed to data-mining in principal, but is concerned about how it’s carried out. “The question is can you do it and make it work so that you don’t intrude unnecessarily into privacy and so that you reach reliable conclusions.”
Bamford writes in the Shadow Factory of how the NSA’s Georgia listening post has eavesdropped on Americans during the Iraq War, including journalists, without a warrant or any indication of terrorism. He also reports on NSA eavesdropping on undecided members of the United Nations Security Council in the run-up to the vote on the Iraq War resolution, with the Bush regime seeking information with which to twist the arms of voting countries. The spying was only revealed due to British Parliament whistleblower Claire Short, who admitted she’d read secret transcripts of UN Secretary-General Kofi Annan’s confidential conversations.
“The UN people have been aware of [NSA eavesdropping] for a long time, but there’s not much they can do about it,” says Bamford.
A common response to concerns about data surveillance is that those who keep their noses clean have nothing to worry about. But the reach of the NSA’s surveillance net combined with lack of oversight and the political paranoia escalated by the 9/11 attacks means that almost anyone could wind up on the terrorist watch list.
“The principal end product of all that data and all that processing is a list of names — the watch list — of people, both American and foreign, thought to pose a danger to the country,” writes Bamford. “Once containing just twenty names, today it is made up of an astonishing half a million — and it grows rapidly every day. Most on the list are neither terrorists nor a danger to the country, and many are there simply by mistake.”
Bamford reports that consequences of being on the list could include having an application for a Small Business Administration loan turned down; having a child’s application to one of the military academies rejected; or, because the names are shared with foreign governments, being turned away after landing in Europe for a vacation or business trip. All without ever being told why.
A senior intelligence official concerned about the situation told Bamford “the system is a disaster,” adding that the list at the National Counterterrorism Center isn’t even compatible with the NSA and CIA systems.
“They could be snooping on just about anything right now and not be accountable and be able to hold their hands up and go, ‘Our system doesn’t track that,’ when in many cases the system does, but the code is so convoluted you could never know it,” says the official.
Bamford also reports on Uncle Sam’s skyrocketing use of “national security letters” for obtaining personal information. The NSLs, which do not require probable cause or court approval, jumped from 8,500 in 2000 to 143,074 between 2003 and 2005, according to a 2007 Justice Department inspector general’s report. Under the revised version of the 1994 Communications Assistance for Law Enforcement Act, it’s not only a crime for any company to refuse to cooperate, it’s also become a crime for company officials to even disclose their cooperation.
“There was a lot of pressure by the FBI in ’94 to have CALEA enacted … but the Clinton Administration was in favor of doing all that,” says Bamford.
The question for us then becomes who, if anyone, is watching the watchdogs? One organization devoted to such duty is the Electronic Frontier Foundation, a San Francisco-based non-profit whose mission is to protect electronic civil liberties. Reducing the use of NSLs to gag and acquire data from online service providers is one of the planks in EFF’s proposed privacy agenda for the new Obama administration.
“The issue here is that when people are gagged, you can’t talk about it and [people] don’t know what kind of abuses there are,” says EFF media-relations coordinator Rebecca Jeschke. The EFF privacy agenda also includes repealing or repairing the FISA Amendments Act, reforming the Electronic Communications Privacy Act, and reform of the State Secrets Privilege, the latter which has been used by the Bush regime to shield its electronic surveillance activity from judicial review.
The EFF filed a lawsuit against the NSA in September on behalf of AT&T customers who were victims of warrantless wiretapping, with defendants including President Bush, Vice President Cheney, and NSA Director Keith Alexander. The EFF also filed suit against AT&T — until this summer headquartered in San Antonio, the telecom giant still maintains a sizable presence here — for participating in the illegal surveillance program, and is challenging the FISA Amendments Act passed by Congress in July — which gave retroactive immunity to the telecom companies — as being unconstitutional.
“Where I disagreed was the immunity to telecommunications entities … and that’s why I couldn’t support something that provided for the immunity provision,” says U.S. Representative Charlie Gonzalez (D-San Antonio) of the FISA Amendments Act. “We had something that we thought in the House was good, and then the Senate did their own thing. But I was never happy with the inclusion of the blanket-immunity provision to telecommunications entities, because I thought it relieved them of a responsibility and duty that they owe as corporate citizens.”
Gonzalez added that he thinks “there’s still tremendous shortcomings in the law when it comes to making sure that you don’t have abuses of the authority of eavesdropping.”
The Electronic Privacy Information Center in Washington, D.C., a public interest research group whose mission is similar to EFF’s, is suing the Department of Justice for access to documents authored by government lawyers regarding President Bush’s warrantless wiretapping program. These opinions, prepared by the Office of Legal Counsel, provided the legal rationale for Uncle Sam to wiretap American citizens in the United States without court approval. On October 31, a federal judge ordered the DOJ to provide for independent judicial inspection of documents relating to the program.
The latest news in Uncle Sam’s ongoing surveillance scandal happens to come from the FBI’s involvement with the NSA. The Washington Times reported in November that Supervisory Special Agent Bassem Youssef, who oversees the FBI’s role in the NSA’s warrantless surveillance program, says the FBI engaged in unlawful acts while carrying out that surveillance. Youssef, who now fears career retaliation for stepping up as a whisteblower, is due to testify with the Justice Department.
Whether or not the new Obama administration will enact any demonstrable change in the personnel and policies that created the civil-rights violations of recent years remains a question mark.
“Everything I’ve seen so far with Obama has not been focused on change. It’s been focused on bringing back the old Clinton Administration or continuing the same,” says Bamford, noting the President-elect’s decisions to nominate Hillary Clinton as Secretary of State and keep Robert Gates as Secretary of Defense. Bamford mentions Wisconsin Senator Russ Feingold as someone he feels would fight for greater accountability.
“That’s a person I would like to see rewarded for making the right decision, instead of people being rewarded for making the wrong decisions,” says Bamford of Feingold’s record in voting against the revised FISA Amendments Act and being the only senator to vote against the Patriot Act.
Bamford ends The Shadow Factory by quoting Senator Frank Church, the first chairman of the Senate Intelligence Committee, during the original hearings on the NSA in the 1970s. “If a dictator ever took charge in this country, the technological capacity that the intelligence community has given the government could enable it to impose total tyranny, and there would be no way to fight back, because the most careful effort to combine together in resistance to the government, no matter how privately it was done, is within the reach of the government to know. Such is the capability of this technology,” said Church more than three decades ago.
That technology now sees its latest evolution occurring at the shadowy building on San Antonio’s West Military Drive.