The NSA's Overt Problem
In any war, surveillance of the enemy is critical. Today, in the eyes of at least some Americans, surveillance itself has become the enemy.
It was not always so. As any intelligence maven knows, some of the heroes of World War II were eavesdroppers, not soldiers. They were quiet, wonkish men, like those who monitored and deciphered Nazi communications about German battle plans at Bletchley Park, an estate 50 miles northwest of London. Their super-secret operation employed thousands of people who listened to 226 radio frequencies for dot-and-dash messages and passed them to ingenious code-breakers. The results were kept on 5-by-7 inch cards in shoe box-shaped containers.
Who are our masters of surveillance today? Most are located at the National Security Agency, the giant "Crypto City" complex located off Interstate 95 between Washington and Baltimore. The agency vacuums up 650 million intercepts a day -- called signals intelligence, or sigint -- from satellites, ground stations, aircraft, ships and submarines around the world. And it hunts for patterns that might lend seemingly ordinary words significance in the war on terrorism.
But the agency and its experts are not being hailed as heroes right now. The NSA, so secretive that its letters are commonly said to stand for "No Such Agency," has been uncomfortably in the limelight in recent weeks after the New York Times revealed that as the result of a presidential order, the agency has been monitoring thousands of Americans over the phone and by e-mail without court authorization.
As the controversy over the legality and propriety of domestic surveillance by the National Security Agency rages on, one question has not been adequately addressed: Is the NSA's approach really the best way of tracking terrorists? While there's no question that the NSA's covert move into domestic surveillance raises serious legal and ethical issues, the equally important and less examined question is whether -- more than four years after 9/11 -- the agency's methods are suited to tracking the jihadists.
The difference between Bletchley Park and Crypto City has as much to do with the very different nature of their tasks as with the way they are viewed. By today's standards, the mission at Bletchley Park was well-defined. The targets of the surveillance were clear: the German high command and intelligence service. The signals collectors had a good fix on what communications to monitor. The greatest challenge lay in breaking the extremely complex Enigma code.
By contrast, the NSA conducts broad-based surveillance indiscriminately over communications lines that few bad guys even use any longer. "Big Noddy," as those in the know call the NSA's vast "Ear in the Sky," has capabilities that dwarf the Bletchley Park World War II enterprise, but it isn't picking up much because the smartest terrorist groups have long since stopped talking about their plans over cell phones or land lines -- or to the extent they do, it's probably to plant disinformation. Today the challenge isn't decoding an intercepted message from a known enemy; instead it's figuring out what is and isn't a message and who the enemy is.
The NSA was designed to monitor a relatively contained number of official communications pipelines in nation-states -- for example, microwave transmissions from Moscow to an intercontinental ballistic missile (ICBM) base in Siberia. But as Michael Hayden, then NSA director, told me in an interview in late 2002: "We've gone from chasing the telecommunications structure of a slow-moving, technologically inferior, resource-poor nation-state -- and we could do that pretty well -- to chasing a communications structure in which an al Qaeda member can go into a storefront in Istanbul and buy for $100 a communications device that is absolutely cutting edge, and for which he has had to make no investment for development."
The result is that the NSA is overwhelmed by millions of phone calls and e-mail contacts that it simply can't digest. And it's not just a question of finding the needle in the haystack; today's surveillance professionals aren't sure what the needle looks like. The agency has adjusted, but it continues to perform what some experts consider to be primitive, broad-based techniques, like random keyword searches on the Web for Islamist tag lines. As a December 2002 report by the Senate Select Intelligence Committee noted, "Only a tiny fraction of the daily intercepts are actually ever reviewed by humans, and much of what is collected gets lost in the deluge of data."
Moreover, communications between terrorist groups today, says one intelligence official, is either "air-gapped" -- in which a document or computer disk is hand-delivered by messenger (as was seen in the letters allegedly exchanged between al Qaeda chieftain Ayman Zawahiri and Iraqi insurgent leader Abu Musab Zarqawi) -- or it occurs through Web sites. Some intelligence experts who are critical of NSA's efforts, like John Arquilla of the Naval Postgraduate School in Monterey, Calif., a sometime Pentagon consultant, say the real problem is that the agency is still pursuing a Cold War-era strategy.
What the NSA really needs to do, say Arquilla and others, is to build a new Bletchley Park. Just as Bletchley attracted Alan Turing, inventor of the modern computer, the NSA needs to summon the Turings of our day -- mainly computer hackers -- to snare al Qaeda and other terrorists at the only place they still communicate electronically, on Web sites. An added benefit, Arquilla adds, is that "if we went the route of a much greater emphasis of intelligence collection on the Web and Net, we would learn a lot more and intrude less on civil liberties."
Bruce Hoffman, a terrorism expert at the Rand Corp., notes that most of the major breakthroughs against al Qaeda-linked plots in recent years have shown that the terrorists, wary of phone monitoring, are communicating through couriers on the ground and coordinating plots on the Web. When Muhammad Naeem Noor Khan, a protege of Khalid Sheikh Mohammed, was arrested in July 2004, his laptop contained plans for simultaneous attacks on London and New York that were to have been transmitted electronically. Today, adds Hoffman, the most sophisticated terrorists have learned to evade the NSA altogether. "They keep their messages in a draft file on a Web site, then give someone the password and user name to get in. The NSA can't track that, because it's stationary."