Early in the fight against al Qaeda in Afghanistan and insurgents in Iraq, the National Security Agency was blindsided by enemy fighters’ frequent use of rudimentary wireless communications devices known as “high–powered cordless phones,” according to documents among 263 published today by The Intercept.
The documents, drawn from the agency’s internal news site, SIDtoday, and provided by NSA whistleblower Edward Snowden, date mostly to the latter half of 2003, and show the NSA was at the time rapidly expanding its internet monitoring. But even as its digital surveillance grew more sophisticated, the agency saw its targets increasingly adopting crude forms of communications like shortwave radio, SMS cellphone messaging and, most vexingly, high-powered cordless phones. The “poor man’s cell phones,” as the cordless devices were called, spread through Afghan borderlands and along Iraqi roadsides. Meanwhile, the NSA was scrambling to fill what one SIDtoday article referred to as an “intelligence gap” around the devices. The agency assembled more than 500 people at Fort Meade, including foreign intelligence partners and contractors, in order to understand, and plan how to crack into, a type of communication “increasing exponentially worldwide,” as an internal bulletin put it.
The NSA’s scramble to monitor cordless phones helps illustrate how the agency, despite its best efforts to predict the future, can end up blindsided. Just as the military after the Cold War continued to buy sophisticated weapons for use against conventional forces, leaving it poorly prepared for guerilla warfare, so too did the NSA’s state-of-the-art mass internet surveillance leave it unprepared for enemies in rural areas with crude radios.
The NSA documents about cordless phones are among many highlights from The Intercept’s second release of SIDtoday postings, made available for download starting today. As detailed in the roundup below, SIDtoday articles from the second half of 2003 also outline how the NSA obtained credit card information from the Secret Service, fed intelligence to the FBI, requested investigations of suspected leakers, spied on diplomats to advance the U.S. war in Iraq, exposed a purported terrorist computer as much less menacing than U.S. news media had reported, and cooperated extensively with the 9/11 Commission.
A SIDtoday article from the period also discloses that the NSA spied on non-governmental organizations, or NGOs, in order to collect information to feed into the U.S.’s extensive medical intelligence apparatus. Using this and other Snowden documents, Intercept reporter Jenna McLaughlin filed a story about the NSA’s “medical SIGINT” operation and other ways the U.S. collects so-called medical intelligence.
A July 2003 SIDtoday article by the “deputy director for data acquisition” noted how, amid a rapid growth in digital networking, the NSA increasingly found itself sifting through the communications of ordinary people. The article said that “our targets are moving from fixed narrowband transmissions to shared, re-routable, extremely wideband, multiplexed, multi-formatted transmissions.”
Lots of other people were jumping onto the internet as well so “our targets communications are increasingly buried by millions of non-target communications.”
Another article explained the successes of FAIRVIEW and STORMBREW – codenames for NSA’s partnerships with AT&T and Verizon to conduct unconstitutional surveillance of internet traffic passing through America’s largest telecom providers. These programs, part of NSA’s “upstream” collection, were later used to feed unimaginable amounts of surveillance data into XKEYSCORE to be processed and searched by analysts. In September 2003, FAIRVIEW, the AT&T surveillance program, captured “several trillion metadata records – of which more than 400 billion were selected for downstream processing or storage.” That same month, the program launched a new collection capability, allowing it to collect “more than one million emails a day.” (This document was published last year by the New York Times and ProPublica.)
As it monitored more and more internet traffic, the NSA also aimed to grow its own use of networks for collaboration. One SIDtoday article heralded a new tool called InfoWorkSpace, available to all Five Eyes intelligence agencies and boasting secure video and audio conferencing, text chat, whiteboards, and screen sharing —impressive, by 2003 standards. But using the cutting-edge the technology could be tricky. Three months after announcing InfoWorkSpace, SIDtoday reported that signals intelligence directors from each Five Eyes agency held their first virtual meeting using the system, but “GCHQ was unable to attend due to a computer failure.”
People who struggle to stay secure online can take comfort in the fact that even the digital spies at the NSA have trouble installing basic encryption, at least judging from two SIDtoday articles dating to July 2003. They described the NSA’s move to an internal online security system built around Public Key Infrastructure, or PKI. Such infrastructure comes into play every time you visit a website using the secure HTTPS protocol; it involves encryption keys that can be openly distributed in public as well as a system of certificates to help ensure the correct keys are distributed.
Within the NSA, nearly every employee was required to create their own PKI certificate, a process that was cumbersome and confusing. It involved 11 steps, including requiring employees to go to the nearest “kiosk room” for a machine to generate and print a password for them. “Just accept that this process might be a little confusing, a little frustrating, a little time-consuming,” an article consoled, “but just sit down, take a deep breath and do it! It really isn’t that bad!!!!”
Anther SIDtoday article announced SID’s new policy on “secure telecommuting,” for employees that needed to leave the Washington, D.C. area but wanted to continue their classified work. “Many of the skills resident among the workforce do not exactly grow on trees,” the author said, “and it is of critical importance that SID find a way to retain those skills.” All telecommuting must happen from a “suitable remote secure government facility” – working from home violates Defense Department policy, and “approval for telecommuting is given on a case-by-case basis.”
Even as the NSA ramped up cutting-edge surveillance of the internet, it also grew its efforts to monitor the use of high-powered cordless phones, an unsophisticated wireless technology known as a “poor man’s cell phone,” as a September 2003 SIDtoday article put it. Such devices were common in remote areas with handsets that could range 50 miles from the radio base station.
The article said HPCPs were potentially in use by “Usama bin Laden and his associates. … Thousands of networks are operating along the [Afghanistan/Pakistan] border region, particularly in regions of known terrorist activity.”
But such devices represented an “intelligence gap” and their use by enemies could result in an analyst “missing some of your target’s communications.” Another SIDtoday article published at the same time said use of HPCPs was “increasing exponentially worldwide” and that the NSA still needed to work to “understand this technology,” in part to “provide force protection in Iraq.” In Iraq, high-powered cordless phone technology was frequently used to detonate roadside bombs, Wired reported in 2011.
In late 2003, NSA had so much to learn about HPCP technology that the agency hosted a top-secret “Worldwide HPCP Conference” at NSA’s campus. More than 500 people attended the event, including representatives from all Five Eyes spy agencies, all branches of the U.S. military, and private contractors. “Being able to collect [from] communication devices such as HPCP phones can literally spell the difference between life and death,” an assistant director for central intelligence said at the conference. “Life for us, death for would-be terrorists.”
The U.S. military eventually acquired a variety of devices capable of monitoring or locating HPCP communications, several of which were disclosed by The Intercept last year as part of the publication of secret, internal U.S. government catalogue of surveillance gear targeting wireless communications.
While it struggled with cordless phones, the NSA had more luck tapping into another primitive radio platform, the nearly 100-year-old technology known as high-frequency, or shortwave, radio. A SIDtoday article from July 2003 said that “the market for HF continues to grow. … HF requires no terrestrial or spaceborne infrastructure to communicate globally and is capable of surviving the effects of a nuclear blast.” The technology was also relatively cheap and the radios were “mobile, rugged, and require minimal manpower and training to operate” making them “ideal for use by terrorists and third-world military organizations.”
But those weren’t the NSA’s only targets using HF: Important participants in negotiations at the United Nations utilized shortwave, too. “As the United States was considering its options regarding a Security Council resolution on Iraq,” the July article explained, “intelligence derived from HF collection provided the position and voting intentions of several key players.”
Another simple communications medium the NSA found itself increasingly monitoring in 2003 was SMS, the text-messaging protocol built into even the most basic of cellphones. In the 18 months through July, SMS use spiked among Islamic extremists, according to an article in SIDtoday. “They believe that SMS is more secure than both voice calls and E-mail,” the piece stated. But the NSA was clearly able to access plenty of SMS messages, as the article described how the extremists used SMS “to arrange instant messaging or chat sessions … to warn of security problems, especially after raids… to coordinate financial transfers” and “to pass new E-mail addresses, telephone numbers, and passwords”
A series of 2003 SIDtoday articles described support to the NSA’s partners at various U.S. government agencies. The agency’s work is traditionally driven by these partners, which it frequently refers to as “customers.” As the examples below make clear, customers both request and supply information to the signals intelligence directorate, and some are kept at a further remove than others, whether for legal reasons or due to turf wars.
An August 2003 SIDtoday article described the NSA’s relationship with the U.S. Secret Service, including the NSA’s work gathering signals intelligence to help protect the president and other executive branch members when they travel abroad.
In return, the article said, the Secret Service provided the agency access to, and a copy of, its financial crimes division database of credit card information, giving NSA analysts “the ability to do real-time, on-line pulls and determine if a particular credit card was issued by a foreign bank.”
One SIDtoday article seemed to exaggerate the NSA’s role in identifying a group of Yemeni American men who eventually pleaded guilty to providing material support for al Qaeda, a group known as the Buffalo Six or Lackawanna Six. The newsletter says information from the NSA was used to identify members of the group, although this version of events contradicts other reports.
The initial lead in the case, which included the names of the men eventually arrested, has repeatedly been attributed to an anonymous tip to the FBI from a member of the local Muslim community. Additional evidence allegedly came from the interrogation of a jihadist at Guantánamo Bay, after which updates on the investigation became a regular part of President George W. Bush’s daily intelligence brief, the New York Times reported.
The SIDtoday article said the arrest of the Buffalo Six stemmed from a partnership between the FBI and an NSA signals-intelligence cell focused on counterterrorism. The two parties worked together to develop new communications sources from which to extract intelligence, a process referred to as “SIGDEV.” “The Cell has further expanded its existing SIGDEV partnerships throughout the community to help locate specific terrorist targets,” the article stated. “This increased collaboration resulted in the arrests of six individuals in Buffalo, New York — [signals intelligence] reporting provided key leads and valuable information which enabled FBI analysts to identify the terrorist cell and advance their investigative efforts.”
Although the FBI seems to have identified the six men prior to any wiretapping, contrary to the SIDtoday article, federal authorities did reportedly begin monitoring the communications of the Lackawanna men using a FISA warrant after the Guantánamo interrogation and after White House interest in the case. A cryptic email referring to a “big meal” led them to interrogate the member of the Lackawanna Six who eventually confessed that the men had trained in an al Qaeda camp in Afghanistan and met Osama bin Laden prior to the Sept. 11 attacks, the Times has said.
The NSA’s signals intelligence directorate began supplying intelligence to the U.S. Coast Guard starting in approximately 1989, according to the directorate’s “Coast Guard Account Manager.” An August 2003 SIDtoday article by the manager said the Coast Guard used signals intelligence in “domestic and law enforcement missions,” including for missions related to “counterterrorism, alien smuggling, counternarcotics, maritime tracking of vessels and/or high-interest cargos and international civilian maritime activities.” For example, in June 2003, SID helped the Coast Guard and British intelligence agency GCHQ track a cargo ship off the Venezuelan coast. After it was seized by the UK vessel HMS Iron Duke, it was found to contain “3,930 kilos of pure cocaine with a New York City street value of $196,500,000.”
SIDtoday articles from 2003 detailed the changing relationship between the NSA and the Central Intelligence Agency. In a July post, NSA Signals Intelligence Director Richard Quirk described a new policy that, he wrote, “defines how we will provide NSA-collected, unminimized SIGINT to CIA for them to use in direct support of certain aspects of their mission.” Generally speaking, unminimized SIGINT is signals intelligence that may include the communications of American citizens and permanent residents, including inadvertently acquired communications not relevant to the authorized purposes of the collection.
An article from the CIA’s in-house journal Studies in Intelligence, declassified in 2014 as a result of a lawsuit from a former CIA employee, described a joint “Counterproliferation Fusion Cell,” located at CIA headquarters in Virginia but headed by an NSA officer, to “help focus SIGINT collection and reporting on high-priority proliferation targets.” A November 2003 SIDtoday article shed further light on this cell, saying that the team was focused on the nuclear proliferation network led by A. Q. Khan in Pakistan and was also intended to become the center for reporting on the International Atomic Energy Agency and the Organization for the Prohibition of Chemical Weapons.
The NSA also was providing the U.S. Strategic Command at Offutt Air Force Base in Nebraska with “intelligence on space control and surveillance operations, information operations, computer network operations, and space campaign planning,” according to another SIDtoday article. The command, whose traditional mission is to monitor missile deployments in Russia, China, and other countries, had recently expanded to also play a role in the global war on terrorism at the time the article was published, in August 2003.
In addition to sharing information within the U.S. government, the NSA also provides extensive signals intelligence to its allies.
The NSA’s closest foreign collaborators are known as “Second Party” partners or the “Five Eyes:” spy agencies from the world’s English-speaking nations, including the United Kingdom, Canada, Australia, and New Zealand. According to one SIDtoday article, the term “Five Eyes” was derived from the classification marking, “US/UK/CAN/AUS/NZ EYES ONLY.”
In Australia’s small capital city of Canberra, there was an office known as the Special U.S. Liaison Office Canberra with, as of October 2003, a staff of 16 Americans, according to a SIDtoday article. The office served as the hub for the NSA’s relationship with Australia’s Defence Signals Directorate (DSD) (today known as the Australian Signals Directorate, or ASD), and New Zealand’s Government Communications Security Bureau (GCSB).
The article, first described in a 2014 New York Times story, outlined an NSA-DSD training effort: “NSA integrees mentor both cryptomathematicians and engineers while tackling the encrypted Very Small Aperture Terminal (VSAT) network used by the Papua New Guinea Defence Force, a goal mentioned in the DSD Director’s business plan.”
To help share NSA surveillance data between Second Party allies while keeping collection sources secret, NSA’s data acquisition team established the TICKETWINDOW information-sharing project in 1999. Initial coverage in SIDtoday did not make clear precisely what sort of system TICKETWINDOW was or what sort of technology powered it.
The NSA’s Third Party relationships differ from its Second Party relationships in that information sharing is confined to particular missions and, even within those missions, only certain types of information are shared, according to a SIDtoday article by Charlie Meals, the deputy director of the NSA signals intelligence directorate.
In the article, Meals made the case for ramping up NSA’s Third Party partnerships: “If we can’t deal with the civilian authorities in a certain country, can we establish a military-to-military agreement? Can we deal with countries that aren’t necessarily our close allies when it’s mutually advantageous to do so? … Let’s look into it!”
Another SIDtoday article described Third Party information sharing agreements with Turkey, Japan, South Korea, and Jordan, saying that those partners were second only to certain European allies in the extent of sharing. It said the NSA shared information with Turkey and Japan on terrorism and with South Korea and Jordan on Iraq.
A September 2003 SIDtoday article threw cold water on an October 2002 Time Magazine story. The Time story reported that photos of American trains were found on a hard drive recovered during a raid of a purported al Qaeda cell by Kuwaiti authorities. The article also said that the photos, along with statements of senior al Qaeda operatives under CIA and FBI interrogation, led counterterrorism officials to worry that terrorists might have been planning an attack against U.S. railroads. The NSA’s “SIGINT Forensics Lab,” which extracts data from seized computing devices, sometimes getting past encryption in the process, examined the photos and concluded that they were “taken from a 1980’s commercially produced clip art CD.”
In the summer of 2003, in San Antonio, Texas, Jim Miklaszewski, Pentagon correspondent for NBC News, spoke to a class full of senior executives in the intelligence community about newsgathering. According to SIDtoday, Miklaszewski received some antagonistic questioning on the subject of leaks; one student even compared journalists to spies, asking how he “differentiated reporter recruitment of U.S. intelligence sources from recruitment of foreign Humint sources when the US sources are committing a felony by ‘leaking information’ to reporters who are accessories after the fact.”
Weeks later, SIDtoday published a two-part series of articles on media leaks – or “cryptologic insecurities,” as the NSA referred to them. The first article listed several examples of “damaging media leaks” from reports from CBS News and other media organizations and the “unfortunate consequences” of them, claiming that in two cases al Qaeda heightened its security and changed its tactics. Some leaks resulted in NSA requesting an FBI investigation.
The second article in the series briefly described the steps taken when a new leak is discovered, including potentially opening a Department of Justice investigation.
But “media leaks are rarely prosecuted,” the article said, often because “they are hard to prove, but in some cases officials are reluctant to prosecute for fear that the case will attract even more attention than the original disclosure.”
As in the early part of 2003, summarized in The Intercept’s last SIDtoday roundup, the NSA found itself in the last half of the year on a wartime footing in Iraq as fighting there failed to die down as anticipated. In Baghdad, NSA signals intelligence provided “the majority of intelligence briefed to Ambassador [Paul] Bremer and the senior staff” of the Coalition Provisional Authority, according to an agency staffer deployed to the former presidential palace and writing in SIDtoday. NSA staff was also on the ground in support of special operations teams hunting “High Value Targets” and “Special Collection Service” teams.
Although “major hostilities” in Iraq officially ended on May 1, as SIDtoday put it, echoing the official administration position, and the U.S.’s “post-war reconstruction” had begun, a fierce insurgency was brewing. On August 6, the NSA signals intelligence director, Richard Quirk, put the “Iraq Issue Management Team” back in action, saying in SIDtoday that:
“Conditions in Iraq remain extremely dangerous. … It is essential that Signals Intelligence resurrect the support and level of effort that were so pronounced when bombs were falling.”
By mid-September, a dedicated group of 40 analysts at Fort Meade was formed as the “Iraq Terrorism Development Center” to perform target discovery against attacks by terrorists and former regime members.
In October, the United Nations Security Council was considering a draft, U.S.-authored resolution providing international participation and financial backing for military forces in Iraq and the reconstruction of the country. The stakes were high, and, as a SID national intelligence officer wrote in SIDtoday, Germany and France continued to “express their displeasure” and U.N. Secretary General Kofi Annan did not want to put U.N. personnel at risk unless the organization was in charge of reconstruction.
But on October 16, the resolution passed unanimously and “was at heart a triumph of SIGINT support” according to a SIDtoday article co-authored by the NSA’s representative to the U.S. Mission to the U.N.
“NSA played a key role in keeping U.S. policy makers in New York and Washington abreast (or ahead) of the many twists and turns in the marathon negotiations,” the SIDtoday article stated. “Reporting from across SID … provided a window into the planning and intentions of the principal players on the Council – and may have even provided … the key information needed to ensure the unanimous vote.”
Top photo: A helicopter view of the National Security Agency headquarters in Fort Meade, Maryland earlier this year.