Three years after the 9/11 attacks, a frustrated NSA employee complained that Osama bin Laden was alive and well, and yet the surveillance agency still had no automated way to search the Arabic language PDFs it had intercepted.
This is just one of many complaints and observations included in SIDtoday, the internal newsletter of the NSA’s signals intelligence division. The Intercept today is publishing 251 articles from the newsletter, covering the second half of 2004 and the beginning of 2005. The newsletters were part of a large collection of NSA documents provided to The Intercept by Edward Snowden.
This latest batch of posts includes candid employee comments about over-classification, descriptions of tensions in the NSA-CIA relationship, and an intern’s enthusiastic appraisal of a stint in Pakistan.
Most revealing perhaps are insights into how NSA has operated domestically. The Intercept is publishing two stories on this topic, including one about NSA cooperation with law enforcement during American political conventions, and in a throwback to the movie “Bladerunner,” another article describes a spy balloon used over the United States.
Finally, The Intercept, in cooperation with the Japanese broadcaster NHK, is revealing the history of U.S. surveillance cooperation with Japan. Starting with the American occupation of Japan after World War II and reaching a standoff after the Soviet shoot-down of a South Korean aircraft, the long and sometimes tense relationship reveals how even close U.S. allies can find themselves targeted by the NSA.
The NSA’s Follow-the-Money Branch (the actual name of the division) brings together “experts from across a spectrum of disciplines and organizations.” The division in 2004 created a North Korea CRASH Team, short for Combined Rapid Analysis and Synthesis Hit, after the State Department “issued a requirement for a new emphasis on regime finance and an increased emphasis on” North Korea’s financing of its nuclear proliferation. In response, the CRASH Team looked at North Korean transactions that went through foreign banks. In particular, the team “targeted leadership finance,” i.e. Kim Jong Il, the North Korean leader who died in 2011, and traced sales of precious metals allegedly owned by him, weapons shipments, and relationships among regime leaders.
The “6th rock drill on Korea” brought together NSA and officials from the U.K., Canada, Australia, and New Zealand to rehearse the scenarios involving civilian evacuations in Seoul and Pyongyang during a hypothetical Korean War. Participants planned a response to a North Korean attack and “held a brainstorming session about signals intelligence operations” in a hypothetical newly unified Korea. In the discussions, “critical gaps” were found in communications with trusted Five Eyes countries, which did not have access to the computer networks for the “Korea Theater of Operations.” Twenty-two other nations committed to defending South Korea are not included in intelligence sharing either. So NSA will be “working through some of these problems, with the goal of exercising the resulting solutions sometime in early 2005.”
Back in the late 1960s, Charlie Meals, the deputy director of SID, worked in the Soviet “weather shop.” The only way the U.S. could track weather in the Soviet Union was by listening to Soviet communications. The Soviets knew the U.S. was listening and so it encrypted the locations of weather reports. U.S. Strategic Air Command “needed to have weather reports in case bombers ever had to fly into Soviet air space,” and the weather reporting could also be an indicator of impending military action. For example, before the 1968 invasion of Czechoslovakia, the Soviets started including Czech weather reports in military broadcasts. (The intricacies of collecting weather data as intelligence is also described in this article by Jeffrey Richelson of National Security Archive.) The “weather effort” had at least 250 people at NSA and people at bases around the world. This desk was still in operation in 2004.
FBI field office staff made little use of signals intelligence and many didn’t know how to access the information for themselves on the Intelligence Community’s Intelink system, according to an NSA intern, describing assignments at the bureau. The FBI field offices had little or no Sensitive Compartmented Information Facility space, which made it difficult to share the higher levels of intelligence between the agencies. The intern had higher regard for FBI headquarters. With data from the NSA, “FBI analysts can now immediately tell if an individual in the U.S. has any foreign terrorism-related contacts.”
The NSA tracked “High Value Targets” in Haiti following the 2004 coup, according to an article classified “Top Secret.” An NSA staffer reports that a task force on HVTs traveled to the central highlands of Haiti where they met with rebel leaders. “During this trip they had collected several telephone numbers of these leaders and their associates,” the staffer wrote. Soon thereafter, the NSA “began to see multi-page reports of conversations between one important rebel leader and his wife which provided insight into his negotiating position and plans for control of the central highlands.” Those private conversations proved useful. “I received several emails from people who were incredulous that a conversation between an HVT target and his girlfriend was of any importance,” the staffer went on. “The truth is that a lot of SIGINT ‘leavings’ that never make it into normal SIGINT reporting are actually valuable intelligence items for tactical warfighters.”
NSA interns see the sights, even in Pakistan. An intelligence analysis intern working in SID’s Pakistan branch was deployed to assignments in Islamabad and Lahore. At the embassy, the intern focused on signals intelligence related to the non-tribal “Settled Areas” and coordinated communications among NSA, CIA and the “local counterpart” i.e. Pakistani partners, in tracking and targeting terrorists. The Settled Areas Office along with their local counterparts was responsible for the arrests of more than 600 alleged terrorists from September 11, 2001 to 2004. Outside of working hours, the blonde American attracted a “constant stream of stares and curious looks” as she ventured out to tourist sites. Station Islamabad, which has been fictionalized in “Homeland” and “Zero Dark Thirty,” was to this staffer “one of the most exciting, challenging, and fast-paced locations to work in the world.”
“Q: What do SIGINT and mad cows have in common?
SIGINT isn’t just for intelligence or military agencies. NSA’s two-person Washington Liaison Office responds to signals intelligence requests from Departments of Agriculture, Health and Human Services, Interior, Transportation, the Environmental Protection Agency, Export-Import Bank, Federal Aviation Administration, Federal Communications Commission, Federal Reserve System, and National Aeronautics and Space Administration. With such a wide range of subject matter and competing priorities, the liaison officers have to balance “topics from bovine spongiform encephalopathy to space launch vehicle capabilities; from narcotics interdiction techniques to wine labeling regulations; from toxin delivery technologies to secure communications options, and much, much more.”
Imagine if the NSA missed warning signs of an attack for no other reason than it couldn’t search Arabic words in PDF format. “If you were looking for Osama bin Laden,” wrote an NSA employee in SIDtoday, “and you had entered every Arabic word known to mankind in every possible encoding and Osama were doing nothing more than using PDF and writing in Arabic, you’d never get a hit. Quite reassuring, isn’t it?”
Near the end of 2004, SIDtoday began publishing a technical advice column written by an experienced Digital Network Intelligence analyst under the pseudonym “Raul.” One article describes a gaping intelligence hole that NSA had at the time, three years after the 9/11 attacks. Though analysts at NSA understood exactly how foreign-language PDFs were encoded, they lacked the technology to untangle them in real-time in order to search them for keywords.
Apparently, this article “hit a few nerves.” Raul’s subsequent column responded to a flood of complaints he had received. In the subsequent column, he outlined requirements for a hypothetical solution to the foreign-language PDF problem, and concluded with a bit of snark: “Bin Laden is still safe and we, to the best of my knowledge, still have no reasonable solution to the PDF problem.”
For some sensitive missions, NSA personnel need cover identities while working in the field. An article from October 2004 describes how agents “go about making NSA personnel look like they actually work for an entity other than NSA.” The Special Operational Support office is responsible for NSA’s “cover and sensitive personnel support programs.” In addition to ensuring that cover operations comply with Department of Defense regulations, SOS provides “logistics, transportation, personnel and medical support.” The office also provides undercover operatives with “DoD Common Access Cards (CAC), travel documents, state driver’s licenses, credit cards, post office boxes, social security cards, pocket litter and telecommunications.”
The NSA, it turns out, likes to stay on top of the latest scientific developments. Writing at the end of 2004, an NSA cryptanalyst described her experience working as an intern, and using her cryptography skills, on looking for information about genetic sequencing in the signals intelligence collected by the NSA. “The ultimate goals of this project are to gain general knowledge about genetic engineering research activity by foreign entities,” she wrote, “and to identify laboratories and/or individuals who may be involved in nefarious use of genetic research.”
Even though the 9/11 Commission report harshly criticized intelligence agencies’ failures to share information, the NSA touted its contribution to the July 22, 2004, report. “It goes without saying that NSA Cooperation was absolutely vital to this effort,” an article in SIDtoday says. SID staff aided in the declassification of material, turned over documents, and “patiently explained the intricacies of their work.” SID workers also scrubbed references to the NSA from the final report, rewording sections to avoid indications that certain pieces of intelligence derived from SIGINT. “You should all feel proud,” writes the post’s author.
Yet the report itself points to specific SIGINT that could have led to the discovery of the attackers’ conspiracy that remained unshared due to agencies’ fear of disclosing intelligence to inappropriate channels and a culture of secrecy in which “agencies feeling they own the information they gathered at taxpayer expense.”
A prior SIDtoday article touted the agency’s “extraordinary level of cooperation” and provision of “large volumes of SIGINT assessment reporting on terrorism, strategic business plans,” and a wide range of other topics.
Cooperation between the NSA and CIA runs deep, but it hasn’t always been smooth. An August 6 post, “CIA’s Directorates . . . Understanding More About Them,” talks about “‘turf wars’ due to real or perceived mission overlap,” particularly within the CIA’s technical division. Yet the Special Collection Service (SCS), which surveils foreign communications from U.S. embassies, is seen as a positive example of joint CIA-NSA work. SIDtoday cites the achievements of that highly classified organization, which came under scrutiny in 2013 for reports that its Berlin office had been intercepting Chancellor Angela Merkel’s mobile phone data. The August 18 post, “SCS and Executive Protection” details the interception of Philippine police communications about a bomb that had been placed on President Clinton’s motorcade route, which the police were trying to defuse without informing the Americans. SCS passed this information to the Secret Service, who re-routed the cars.
The NSA-CIA relationship was also the subject of two SIDtoday articles in 2003.
Even the NSA acknowledges that it classifies too much. In an article, “Do We Overclassify? Are We Sharing Enough Information?” a senior SID leader echoes language from the 9/11 Commission report, specifically citing the need to go from “a climate of ‘need to know’ to one of ‘need to share.’” This interview shares the report’s concern that intelligence agencies err on the side of over-classification: “If we continue to insist on classifying information which has already become known to our adversaries or for which disclosure would cause little or no harm to national security, we risk losing control over the really sensitive stuff.” Tellingly, though, he fears that Congress itself will act to force the NSA to disclose more information.
Post-9/11, the NSA has expanded its cooperation with law enforcement agencies, including the U.S. Marshals Service. In February 2004, SID formalized a relationship with the Marshals and its Electronic Surveillance Unit, which “functions like an intelligence operations team,” as it both monitors fugitives and provides support and threat assessments to other agencies. The U.S. Marshals Service represents an ideal client for the NSA given its interest in “stay(ing) out of the public limelight and courthouses.”