A presidential group convened to review National Security Agency practices released its report outlining forty-six recommendations that President Barack Obama’s administration should adopt in the aftermath of news stories containing revelations from documents provided by NSA whistleblower Edward Snowden. The revelations have exposed the massive spying capabilities of the NSA, showing collection of the personal data of Americans as well as indiscriminate surveillance of citizens in foreign countries.
One of the recommendations is the “United States government should examine the feasibility of creating software that would allow the National Security Agency and other intelligence agencies more easily to conduct targeted information acquisition rather than bulk-data collection.” This recommendation applies to the bulk data collection of Americans’ phone records under a provision of the PATRIOT Act known as Section 215. The data is stored and then searched later for anything relevant to investigations or operations.
Not only is this a “feasible” alternative to vacuuming the personal data of Americans in violation of their privacy but NSA whistleblower William Binney told Firedoglake that this system for “targeted information acquisition” was already developed and proposed about fifteen years ago. It was called ThinThread.
He, along with NSA whistleblowers Thomas Drake, Edward Loomis and Kirk Wiebe, fought to have it adopted by the agency. However, the NSA rejected ThinThread and opted to develop another much more expensive and inefficient program called Trailblazer.
These four individuals were not merely looking to have their own program adopted so they could personally benefit. They were concerned about processes or procedures adopted at the NSA after the 9/11 attacks that involved spying on Americans and violated their privacy. They challenged the leadership and became targets of a government investigation. They had their homes raided by the FBI. Drake was even indicted for retaining classified information in violation of the Espionage Act. (For full background, read journalist Timothy Shorrock’s feature story published in The Nation this year on “Obama’s Crackdown on Whistleblowers.”)
ThinThread would have defined “up front the areas or zones of suspicion in the world,” Binney described. “That is, you would graph relationships in banking or phone calls or email or travel or anything else. All those relationships of everyone in the world and then you would have zones like groups of individuals who are active in drug smuggling, money laundering or terrorism or whatever and those groups then would show up in all these relationships.”
The NSA would only go two hops or two degrees from a known participant in any particular activity, and such a limit would make “all that content manageable.” It would reduce the “problem of all the volume in the world down to a very relevant area that has high potential for intelligence production,” which was “the whole idea from the beginning with ThinThread.” And, “It was all going to be automated so we didn’t have people doing it.”
In 2004, Binney, Loomis and Wiebe submitted a proposal to the NSA for a $250,000 contract to develop this system for data filtering and automated information processing. The system, according to the proposal submitted to the NSA and shared with Firedoglake, would have employed a “list of known entities of interest (EOI) to be selected at the point of access in order to derive information of interest, including new entities at one degree of separation from the known EOIs and all associated content.”
If a new entity were to appear to have a “one-degree relationship” with a known EOI, that entity could be added to the list of EOIs.
It would have managed bandwidth better “by filtering data at their source based on entity affinity.” Associations between an EOI and unknown entities could be “derived in a sufficiently timely manner to effect selection adjustment and drive automated tasking.”
This proposal was rejected. The NSA leadership, Binney explained, “took the philosophy they wanted to collect everything they could with the understanding that whatever was relevant they would have captured and eventually they would eventually find it or work algorithms.” This is what the White House’s Big Data initiative is about, “to try to get algorithms” that will go through all the data “they’ve collected and figure out what’s important automatically without people because the people can’t get to it.”
“That’s why I keep saying they’ve made themselves dysfunctional by collecting all this material,” Binney added.
Wiebe appeared on “Democracy Now!” to talk about the NSA review report and recounted the history of trying to get intelligence or security agencies other than the NSA to adopt the developed system, which had been rejected:
…[W]hen 9/11 happened and we failed and the project that we had been developing called ThinThread was not adopted, we felt we had no other things to do at NSA. And since three of us were eligible for retirement, we retired, formed a small company and tried to bring the concepts of ThinThread to other agencies in the government. We succeeded in demonstrating its capabilities in a government contract with Boeing Company in 2004, but a high executive in the agency that that contract serves said, “We have to stop these guys. They’re going to embarrass NSA,” because we had found things in a set of data, that two agencies had, that NSA had not, and that was embarrassing. So that contract was stopped.
We then found another contract at Department of Homeland Security, Customs and Border Patrol. We found some news-breaking data there about an operation involving Iranian businesses importing electronics to support the building of triggering devices for IEDs. And we found that—and this is not classified. This data, this fact, was actually broadcast publicly by the Department of Commerce to U.S. businesses, putting them on alert that certain people, individuals and businesses were trying to import electronics to build triggering devices for IEDs to be used against our troops abroad and coalition forces. We simply, Bill Binney and I, sat down, used Google at home, on our spare time, to formulate a profile of these businesses, where they were, how they were functioning, and it turned out they were all false fronts to cover up the import operation. We put all the—we connected the dots for the government, reported it to Customs and Border Patrol, where we were working. They took the data and briefed it up the line. And within two weeks, we were let go from our contract. I guess we had embarrassed too many people…
Director for National Intelligence James Clapper, who lied to Congress, talks about wanting to have this “peace of mind” that all the data has been collected and nothing has been missed, but this fundamentally misunderstands that NSA is supposed to be fulfilling an intelligence role, not a police role.
Intelligence production is supposed to predict intentions and “capabilities of threats that have been happening so something can be done to stop them,” Binney explained. “Feeling comfortable that you have all the data that you can find in the forensics adds nothing to that intelligence objective.”
“They think it’s just the issue of having the data to begin with and somehow the answer will come out. They’ve failed to understand the analytic process, what drives that and they’ve lost that perspective,” Binney suggested. “They’re mostly dealing with it in terms of a computer process or engineering issue and that’s simply the wrong issue.”
Neither Binney nor Drake was contacted by the NSA review group, which consisted of: former CIA deputy director Michael Morell, former counterterrorism adviser, Richard Clarke, former Obama administration official Cass Sunstein, privacy law expert Peter Swire and University of Chicago law professor, Geoffrey Stone.
Yet, “Recommendation #20″ outlines the following:
In the course of our review, we have been struck by the fact that the nature of IT networks and current intelligence collection technology is such that it is often necessary to ingest large amounts of data in order to acquire a limited amount of required data. E-mails, telephone calls, and other communications are moved on networks as a series of small packets, then reassembled at the receiving end. Often those packets are interspersed in transit with packets from different originators. To intercept one message, pieces of many other messages might be recorded and placed in government databases, at least temporarily. Frequently, too, it is more cost-effective and less likely to be detected by the transmitter if the collection of a message occurs in transit, mixed up with many others, rather than at the source.
It might reduce budgetary costs and political risk if technical collection agencies could make use of artificial intelligence software that could be launched onto networks and would be able to determine in real time what precise information packets should be collected. Such smart software would be making the sorting decision online, as distinguished from the current situation in which vast amounts of data are swept up and the sorting is done after it has been copied on to data storages systems. We are unable to determine whether this concept is feasible or fantasy, but we suggest that it should be examined by an interagency information technology research team. [emphasis added]
The review group called for bulk data collection to be terminated but proposed that private entities or a third-party provider hold on to this data and make it available to the NSA. To Binney, they shouldn’t even have the data to begin with. “Nobody should.”
Binney raised the issue of law enforcement involvement and how they use the data in the United States and around the world.
“Look at the Special Operations division in the Drug Enforcement Agency,” he said. It’s a “group that includes the FBI, NSA, Internal Revenue Service (IRS) and the Deparment of Homeland Security (DHS). Information on relationships in data collected could be used by the IRS to “target the Tea Party because all those relationships” are “sitting there.”
“So far nobody’s really addressing how law enforcement or IRS is using this information,” Binney declared. “They’re all talking about NSA analysts and, to me, that’s not the real threat. The real threat comes from those other people who can come at you with guns and put you in a prison and take you off without due process.”
He concluded, “Collecting all this information on individuals is what totalitarian states have done down through the centuries. That’s been their business.”
It is why German Chancellor Angela Merkel, whose phone was tapped by the NSA, was upset. It is like what the Stasi did, what the KGB did, what the Gestapo and SS did and what Mao Zedong’s people did in China. It is a “totalitarian procedure.”
“If we accept this, then we’re accepting totalitarianism. We have to speak up against it,” Binney concluded.