It is unclear exactly how British intelligence services linked the Pakistani e-mail address, firstname.lastname@example.org, to a senior al-Qaeda operative who communicated in a kind of pigeon code to his distant allies. But the intelligence helped stop the plot in England, and the address somehow made its way to the National Security Agency at Fort Meade, Md.
A few months later, the NSA was monitoring the Yahoo user in Pakistan when a peculiar message arrived from a man named Najibullah Zazi, an Afghan American living in Aurora, Colo. He asked about “mixing of [flavor and ghee oil] and I do not know the amount, plz right away.”
A short time later, on Sept. 9, 2009, a second message arrived that echoed the code used in the British plot: “The marriage is ready,” Zazi wrote.
The e-mails led the NSA to alert the FBI, which obtained a court order to place Zazi under more extensive surveillance. Officials learned that he had visited Pakistan in 2008, the same time as one of the British plotters.
In the end, the e-mails and additional surveillance foiled a plot by Zazi and two others to conduct suicide bombings in the New York City subway system just days after he sent the “marriage is ready” e-mail.
In recent days, U.S. intelligence and law enforcement officials, as well as congressional officials, have pointed to the authority that allowed them to target the Yahoo account — Section 702 of the Foreign Intelligence Surveillance Act (FISA) — as a critical tool in identifying and disrupting terrorist plots here and abroad.
But some critics of NSA surveillance suggested that the collection of data under a program called PRISM was not essential to Zazi’s capture because the British first obtained the critical e-mail address.
Still, the case study provides a rare glimpse of how the broad surveillance practices of the United States, often in concert with allies, are deployed.
“The 702 program has been enormously useful in a large number of terrorist cases,” said a U.S. official who has access to classified records on NSA programs. “It’s basically beyond dispute that it is highly effective. It operates exactly as anyone paying attention would have expected it to operate based on floor debate and plain reading of law.”
Passage of Section 702 as an amendment to FISA in 2008 gave the government the authority to request information from U.S. telecommunications companies on foreign targets located overseas without a court order for each individual case. The broad authority is reviewed and renewed annually by the FISA court, although the law does not preclude making a specific request for surveillance.