In November 2008, Abid Naseer, a Pakistani student living in Manchester, England, began to e-mail a Yahoo account that was ultimately traced back to his home country. The young man’s e-mails appeared to be about young women — Nadia, Huma, Gulnaz and Fozia — and which of them would make a “faithful and loving wife.”
British investigators later determined that the four names were code for different types of explosives and that a final April 2009 e-mail announcing a “marriage to Nadia” between the 15th and the 20th was a signal that a terrorist attack in England was imminent, according to British court documents.
It is unclear exactly how British intelligence services linked the Pakistani e-mail address, firstname.lastname@example.org, to a senior al-Qaeda operative who communicated in a kind of pigeon code to his distant allies. But the intelligence helped stop the plot in England, and the address somehow made its way to the National Security Agency at Fort Meade, Md.
A few months later, the NSA was monitoring the Yahoo user in Pakistan when a peculiar message arrived from a man named Najibullah Zazi, an Afghan American living in Aurora, Colo. He asked about “mixing of [flavor and ghee oil] and I do not know the amount, plz right away.”
A short time later, on Sept. 9, 2009, a second message arrived that echoed the code used in the British plot: “The marriage is ready,” Zazi wrote.
The e-mails led the NSA to alert the FBI, which obtained a court order to place Zazi under more extensive surveillance. Officials learned that he had visited Pakistan in 2008, the same time as one of the British plotters.
In the end, the e-mails and additional surveillance foiled a plot by Zazi and two others to conduct suicide bombings in the New York City subway system just days after he sent the “marriage is ready” e-mail.
In recent days, U.S. intelligence and law enforcement officials, as well as congressional officials, have pointed to the authority that allowed them to target the Yahoo account — Section 702 of the Foreign Intelligence Surveillance Act (FISA) — as a critical tool in identifying and disrupting terrorist plots here and abroad.
But some critics of NSA surveillance suggested that the collection of data under a program called PRISM was not essential to Zazi’s capture because the British first obtained the critical e-mail address.
Still, the case study provides a rare glimpse of how the broad surveillance practices of the United States, often in concert with allies, are deployed.
“The 702 program has been enormously useful in a large number of terrorist cases,” said a U.S. official who has access to classified records on NSA programs. “It’s basically beyond dispute that it is highly effective. It operates exactly as anyone paying attention would have expected it to operate based on floor debate and plain reading of law.”
Passage of Section 702 as an amendment to FISA in 2008 gave the government the authority to request information from U.S. telecommunications companies on foreign targets located overseas without a court order for each individual case. The broad authority is reviewed and renewed annually by the FISA court, although the law does not preclude making a specific request for surveillance.
“In the Zazi case, it appears the NSA did not need any of the expanded authorities conferred by Section 702 to monitor the communications at issue,” said Elizabeth Goitein, co-director of the Brennan Center for Justice’s Liberty and National Security Program. “The government easily could have met the standard for an individual order if it certified that the targets were al-Qaeda terrorists in Pakistan.”
But U.S. officials argue that, given the flood of leads in today’s interconnected world, the system would bog down and they could miss plots if they had to go before the court every time they got information about potential foreign suspects. The officials spoke on the condition of anonymity to discuss intelligence programs.
The officials said they use material from multiple sources — allies, agents, informants and other investigations — to provide rolling targeting information for the PRISM program. And, they said, if the Yahoo address had not been included, Zazi might not have been identified just days before the attacks were set to occur.
In testimony before Congress on Tuesday, senior intelligence and law enforcement officials said that recently revealed surveillance programs have disrupted more than 50 “potential terrorist events,” including at least 10 plots with a connection in the United States.
The Zazi case was one of four that officials used in recent days to defend the effectiveness of the surveillance programs. One of the others was a planned attack on a Danish newspaper that involved a Pakistani American, David Headley.
Sean Joyce, the deputy director of the FBI, described the other two potential attacks Tuesday in testimony before the House Intelligence Committee.
In one, Joyce said, the NSA was monitoring “a known extremist in Yemen” when it learned that the individual was in contact with a man in Kansas City, Mo. Joyce said that Khalid Ouazzani and two co-conspirators were engaged in a nascent plot to bomb the New York Stock Exchange. Ouazzani pleaded guilty in 2010 to supporting a terrorist organization, bank fraud and overseas money laundering. His co-conspirators also pleaded guilty to terrorism charges.
In the other incident, telephone-call records helped identify a San Diego man who was financing a terrorist group overseas, apparently al-Shabab in Somalia. Joyce did not specifically identify the case, but it appears to have led to the successful prosecution of four Somali immigrants this year who were planning to help finance a terrorist organization in Somalia.
“Investigating terrorism is not an exact science; it’s like a mosaic,” Joyce said. “And we try to take these disparate pieces and bring them together to form a picture. There are many different pieces of intelligence. We have assets. We have physical surveillance. We have electronic surveillance through a legal process, phone records through additional legal process, financial records. Also, these programs that we’re talking about here today, they’re all valuable pieces to bring that mosaic together.”
Officials acknowledged that intelligence collected from U.S. phone records under a program authorized by Section 215 of the USA Patriot Act is less compelling and that the case for that extensive surveillance is harder to make.
The NSA’s ability to intercept “the contents of e-mail communications of bad guys overseas provides a more lucrative set of information” about terrorist activity than its access to phone records of millions of Americans, one U.S. official said.
Ellen Nakashima and Julie Tate contributed to this report.