It was rather disconcerting to find out that the NSA was so far ahead of the game in terms of cyberintelligence, yet so far behind it in terms of cybersecurity. My chiefs at the PTC understood the risks, so they tasked me with engineering a solution. The result was a backup and storage system: a complete, automated, and constantly updating copy of all of the agency’s most important material. It allowed the agency to store intelligence data for progressively longer periods of time. The goal quickly went from being able to store intelligence for days, to weeks, to months, to five years or more. The agency’s ultimate dream is permanency—to store all of the files it has ever collected or produced forever, and so create a perfect memory. The permanent record.
The NSA has a whole protocol you’re supposed to follow when you give a program a code name. An internal website throws imaginary dice to pick one name from column A, and throws again to pick one name from column B. This is how you end up with names that don’t mean anything, like FOXACID and EGOTISTICALGIRAFFE. But agents at the NSA would often cheat and redo their dice throws until they got the name combination they wanted, whatever they thought was cooclass="underline" TRAFFICTHIEF, the VPN Attack Orchestrator.
I swear I never did that when I went about finding a name for my backup system. I swear that I just rolled the bones and came up with EPICSHELTER. Later, once the agency adopted the system, they renamed it something like the Storage Modernization Plan or Storage Modernization Program.
In the midst of my EPICSHELTER work, the PTC hosted a conference on China, and I was asked to make a presentation. To prepare, I started pulling everything off the NSA network (and off the CIA network, to which I still had access), trying to read every top secret report I could find about what the Chinese were doing online.
What I read were the technical details of China’s surveillance of private communications—an accounting of the mechanisms and machinery required for the constant collection, storage, and analysis of the billions of daily telephone and internet communications of over a billion people. Essentially, China was spying on the private lives of its own citizens. At first I was so impressed by the system’s achievement that I almost forgot to be appalled by its totalitarian controls.
But there were certain aspects of what I was reading that disturbed me. I was reminded that if something can be done, it probably will be done, and possibly already has been. There was simply no way for America to have so much information about what the Chinese were doing without having done some of the very same things itself. What China was doing publicly to its own citizens, America might be—could be—doing secretly to the world.
And although you should hate me for it, I have to say that at the time I did my best to ignore my concerns. The distinctions were still fairly clear to me. China’s system was intended to keep its citizens in and America out. The American systems were invisible and purely defensive. Understood this way, the US surveillance model was perfectly okay with me.
But in the sleepless days that followed, some dim suspicion still stirred in my mind. Long after I gave my China briefing, I couldn’t help but keep digging around.
At the start of my employment with the NSA, in 2009, I was only slightly more knowledgeable about its practices than the rest of the world. I was aware of the agency’s surveillance initiatives authorized by President George W. Bush in the immediate aftermath of 9/11, especially the warrantless wiretapping of the President’s Surveillance Program (PSP).
The PSP empowered the NSA to collect telephone and internet communications between the United States and abroad without having to obtain a special warrant—in other words, there was no need for the NSA to prove that someone was suspected of wrongdoing in order to spy on them. That was a drastic, potentially unconstitutional change from how wiretapping had worked in the past.
The Bush administration claimed to have let the program expire in 2007. But the expiration turned out to be a farce. When Congress passed the Protect America Act of 2007 and the FISA Amendments Act of 2008, it gave the NSA approval for the warrantless collection of outbound telephone and internet communications originating within American borders.
That, at least, was the picture I got after reading the government’s own summary of the situation in an unclassified report compiled by the inspectors general from five government agencies. I couldn’t help but notice the fact that hardly any of the executive branch officials who had authorized these programs had agreed to be interviewed by the inspectors general. I interpreted their absence from the record as an admission of malfeasance, or wrongdoing by a public official.
My suspicions sent me searching for the classified version of the report, but such a version appeared not to exist. I didn’t understand. I wondered whether I was looking in the wrong places. After a while of finding nothing, I decided to drop the issue. Life took over, and I had work to do.
It was only later, long after I’d forgotten about it, that the classified version came skimming across my desktop. Once it turned up, I realized why I hadn’t had any luck finding it previously: It couldn’t be seen, not even by the heads of agencies. It was filed in an Exceptionally Controlled Information (ECI) compartment, an extremely rare classification used only to make sure that something would remain hidden even from those holding top secret clearance. Because of my position, I was familiar with most of the ECIs at the NSA, but not this one.
The report came to my attention by mistake: Someone in the NSA IG’s office had left a draft copy on a system that I had access to. Here was everything that was missing from the unclassified version. And the activities it outlined were so deeply criminal that no government would ever allow it to be released unredacted, or uncensored.
The classified version immediately exposed the unclassified document as an outright and carefully concocted lie. The only thing these two particular reports had in common was their title.
The classified report outlined what it called “a collection gap,” and pointed to the necessity of the bulk collection of internet communications. The code name for this bulk collection initiative was STELLARWIND; it was the classified report’s deepest secret. It was, in fact, the NSA’s deepest secret. The program’s very existence was an indication that the agency’s mission had been transformed from using technology to defend America to using technology to control it.
At any time, the government could dig through the past communications of anyone it wanted to victimize in search of a crime (and everybody’s communications contain evidence of something). At any point, for all perpetuity, any new administration—any future rogue head of the NSA—could just show up to work and, as easily as flicking a switch, instantly track everybody with a phone or a computer, know who they were, where they were, what they were doing with whom, and what they had ever done in the past.
The term mass surveillance is more clear to me, and I think to most people, than the government’s preferred bulk collection, which to my mind threatens to give a falsely fuzzy impression of the agency’s work. Bulk collection makes it sound like a particularly busy post office or sanitation department, as opposed to a historic effort to achieve total access to—and clandestinely take possession of—the records of all digital communications in existence.
But even once a common ground of terminology is established, misperceptions can still abound.
Most people, even today, tend to think of mass surveillance in terms of content—the actual words they use when they make a phone call or write an email. When they find out that the government actually cares comparatively little about that content, they tend to care comparatively little about government surveillance. The unfortunate truth, however, is that the content of our communications is rarely as revealing as the unwritten, unspoken information that can expose the broader context and patterns of behavior.