Tuesday, June 25, 2013

NRO: The "Other" Intelligence Agency

Now that every member of Congress and the White House staff is avoiding learning anything about the National Security Agency, in favor of calling for the head of Edward Snowden (with the exception of admirable efforts by Mark Udall and Ron Wyden), it is time to remind everyone that NSA is not the largest U.S. technical intelligence agency by budget.  That honor goes to the even lesser-known National Reconnaissance Office, or NRO.  The NRO, which spends in the neighborhood of between $15 and $16 billion per year, is the largest of any U.S. intelligence agency, at least in budget authority.  Its staff is small, because its business is flying spy satellites, using partial budget authority of the Air Force.

For the first 15 or 20 years following establishment of the NRO in 1960, the agency had an even more benign reputation among arms-control liberals than did the NSA, and for a very concrete reason.  The early imaging satellites launched by NRO disproved Soviet bomber gaps and missile gaps, thereby making the case for smaller strategic nuclear budgets (admittedly, they did not seem very small in the height of the Cold War, but could have been even larger).  This tendency to rely on "national technical means of verification" led to a knee-jerk assumption by many liberals that the NRO was benign-by-design.  How could a spy-satellite agency be a subject of Constitutional debate?

Those that ask this question do not realize how profoundly the NRO changed during the 1980s, and particularly in the aftermath of the Cold War.  The NSA was on a mission during the Reagan years to limit the exposure of ground-based listening posts in sensitive locations like Iran and Turkey.  The NRO could claim new frontiers in chip integration and RF antenna design that would allow the fielding of massive geosynchronous satellites with unfurlable antennas as large as two football fields, and "close-listen" satellites in low-Earth and Molniya orbits that would allow particular conversations (voice or email) to be picked up in specific regions of the planet.  During the 1980s and 1990s, a vast array of NSA capabilities moved to space, courtesy of the NRO.

In my earlier post on NSA, I pointed out that this move made it easy for NSA to expand to full broadband intercept of all communications.  It is much harder to make a satellite turn itself off for one specific region, than for the same satellite to pick up everything globally, but make much of its intercepted content deniable except when other agencies of government specifically needed that information.  Thanks to NRO, the NSA was scooping up everything from the Clinton era on - not just from the post-9/11 era.  Bush's FISA Bypass flap was about making collected NSA information usable and only partially deniable - prior to 2002, the information was collected but was denied to exist.  The constellation of NRO satellites also made it easier for signals intelligence to update itself for the TCP/IP packet-switching era of the Internet.  Many ground-based NSA resources of the past were designed for circuit-switched, nailed-up connections between sender and receiver.  NRO satellites could function just as well in the packet-switched anything-to-anything world, as in the circuit-switched telco world of the past.

During the 1980s, huge new ground stations were built at locations such as Menwith Hill in England and Buckley Field in Colorado, specifically to download, analyze, and store this massive treasure-trove of data.  The rationale for these satellite-downlink stations is similar to that for the NSA's new Utah Data Center opening this summer in Bluffdale, Utah -- the stations wouldn't be built if the agencies didn't have the data to fill them up.

In the 1990s, organizations like Global Network Against Weapons and Nuclear Power in Space, submitted testimony to Congress on the potential problems of new classes of spy satellites.  We were privately told by Air Force officials that the protests were appreciated, because no member of Congress ever raised these issues.  Most members wouldn't know the difference between imaging and signals satellites in the first place, and virtually all members of Congress did not want to learn more about the NRO or NSA - rubber-stamping any new project was preferred.  This led to huge scandals in the mid-1990s -- at one point, NRO Director Jeff Harris was removed from the agency because he could not account for $2.5 billion of the agency's annual budget.

The NRO influence and budget continued to grow following Sept. 11, and continues to grow today.  Its classified budget is believed to exceed $15 billion.  The NRO launched six satellites in the course of 2012, of which citizens were allowed to learn virtually nothing, and the agency expanded staff at its Chantilly, VA headquarters and at Buckley AFB in Aurora, CO.  What happens if a contractor is upset about satellite capabilities and decides to reveal information a la Edward Snowden?  Do American citizens need to know each orbital plane and each frequency band of all of NRO's spy satellites?  Perhaps not.  But does the public deserve to know about the general class of advanced spy satellites like Advanced Orion and Advanced Jumpseat, and their possible role in violating civil liberties?  Of course they do.  But the attitude of the Obama administration, and 90 percent of the members of Congress, is that the public has no right to be asking about technical intelligence agencies in the first place, let alone the right to deserve honest answers.

Thursday, June 6, 2013

A Simple Primer on Global Listening

When the UK Guardian published direct orders from the Foreign Intelligence Surveillance Court to Verizon on June 5, many readers did not have the slightest idea what they were looking at.  The methodology used by the National Security Agency to conduct domestic surveillance is not new - what was new in the story was the direct proof that presidents from Reagan to Obama have consistently lied about what the NSA does, domestically and internationally.  Authors such as James Bamford, Duncan Campbell, Desmond Ball, Nicky Hager, and Matthew Aid have been disclosing the details about this global system for years.  It seems as though it's time for another refresher tutorial so that people understand what their government does on a daily basis, so they don't use ridiculous terms like "warrantless wiretap.":

   The United States exited World War 2 with plenty of new global bases, acquired in some cases from the UK, or established as U.S. forces drove the Japanese west across the Pacific.  British authorities were worried about having signals intelligence fall out of the hands of Anglo-Saxon nations, so they talked the U.S. into signing the UKUSA Treaty in 1946, which apportions signals intelligence duties across U.S., UK, Canada, Australia, New Zealand -- and no one else.  UKUSA remains highly classified today, 67 years later.

   The miserable status of signals intelligence collection during the Korean War spurred Harry Truman into creating the National Security Agency at Fort Meade, MD in 1952.  The mere existence of NSA was not disclosed until 1956.  It has since become the second biggest intelligence agency by budget, spending roughly $12 billion annually.

   When the U.S. was going through its base-building frenzy in the 1950s to establish a nuclear weapons infrastructure, it also built secret bases around the world to gather critical military intelligence everywhere on the planet.  Many bases were in global hotspots like Turkey, Iran, and Pakistan.  The most common form of ground-based SIGINT base at the time was a massive series of concentric dipole antenna rings, variously referred to as Elephant Cages, Flare-9's, Classic Bullseye, or Wullenweber arrays.  Although the main focus was offshore, plenty of SIGINT bases were opened on domestic U.S. soil, in locations such as Winter Harbor, ME; Fort Gordon, GA; Medina Annex, TX; Two Rock Ranch, CA; and Skaggs Island, CA.

   In 1960, the Air Force established the National Reconnaissance Office to manage spy satellite programs.  NRO subsequently became a DoD intelligence agency in its own right, and the largest intelligence agency by budget, currently spending around $16 billion annually.  Throughout the 1960s, NRO concentrated on primitive imaging satellites aimed at missile fields in the Soviet Union, though that was to change as electronic integration improved.

   NSA got caught up in the mid-1970s probes of intelligence agencies, and was forced to reveal domestically-aimed programs like SHAMROCK, though few in Congress asked if its international programs really aimed at the Cold War targets that were supposed to be NSA's bread and butter.  The so-called reforms Congress put in place created a new top-secret court called the Foreign Intelligence Surveillance Court.  All the judicial members of FISC and all its rulings are top secret.  The court is supposed to monitor the activity of the NSA.  The public learned for the first time in 2005 that there is also a Foreign Intelligence Surveillance Appeals Court, but it did not convene until the 21st century, because the FISC never rejected an NSA request until the post-9/11 period.

   When FISC began rejecting some Bush administration requests, forcing the convening of FISAC, George Bush issued executive orders that allowed NSA to bypass FISA requirements and conduct domestic surveillance as it saw fit.  Congress codified this procedure in its 2008 FISA "reforms."

   Bobby Ray Inman, director of the NSA in the Carter years, believed in faster deployment of advanced integrated circuits into spy satellites.  As a result, new satellites were fielded in the 1980s that allowed real-time digital delivery of images and electronic intelligence from phone calls and computer messages, directly from geosynchronous orbit to ground stations.  NSA and NRO worked together to define new satellites such as Jumpseat, Ranger, and Advanced Orion, some of which sported unfurlable antennas as large as two football fields!  As a result, NSA shut down many of its ground stations in the 1980s, and opened new satellite downlink stations in Menwith Hill, UK; Buckley Field, CO; Bad Aibling, Germany; and other locations.  NSA also opened special ground stations at Yakima, WA and Sugar Grove, VA that intercepted communications from commercial satellites in orbit.

   Two policy changes took place during this time without input from the public or Congress: Because satellites in geosynchronous orbit cover the planet in an RF footprint by their very nature, interception within the domestic U.S. became the rule, not the exception.  FISA rules or no, NSA was collecting everything globally - it simply could never acknowledge doing so.  Also, the agency established to intercept military communications of adversaries slowly was tasked with intercepting all commercial and consumer/civilian communications on the planet.  This was a massive expansion, requiring many more employees and facilities in the U.S. and abroad.

   In the latter years of the Clinton administration, a significant furor was raised over the code name Echelon, which referred to a specific Compaq Computer client-server architecture for tracking communications through the use of key words.  Echelon was not the global network - this had been built over the previous four decades as a basic infrastructure of NSA and NRO missions.

   Following Sept. 11 and passage of the Patriot Act, George Bush used the FISA Bypass as a cover for allowing the NSA to implement Stellar Wind, a program to put packet-sniffing equipment inside telephone switching centers inside the U.S.  This equipment, manufactured by Narus, Cisco, Blue Coat, and other companies, allows IP packets used in Internet communications to be probed deeply for both traffic analysis and content analysis.  Meanwhile, NSA was trying to shift from the circuit-switched telephony world of the past to the IP-based world of the future by implementing global programs that also allowed automated filtering and data mining of massive amounts of traffic.  Programs such as Trailblazer and ThinThread did not always work so well, though they cost a bundle.

   U.S. wireline phone companies were not too crazy about being lured into this, but agreed to have interception equipment placed in the heart of their networks.  When Joe Nacchio was ousted from Qwest Communications, he claimed in a court hearing that NSA had forced him out when he refused to have such equipment added to packet switching networks.

   The latest kerfuffle involving NSA, FISC, and Verizon illustrates the fact that NSA needs to work a lot harder with wireless cellular networks.  Some communications can be picked up using wireless methods, some phone calls and texts transferred to the wireline network at base stations can be intercepted at central switching centers, but NSA also needs the call records maintained by wireless operators to perform detailed traffic analysis.

   Of course, there is far too much traffic collected for the NSA to be able to analyze using human agents.  That's why automated data mining and filtering tools like ThinThread are so important.  And this is why the NSA was running out of storage space in the Baltimore-Washington corridor to store all that global communication it had intercepted.  NSA asked Congress for the money four years ago to create a new Storage Station Freedom in Bluffdale, Utah to store the massive amount of voice and IP traffic it collects abroad, and here at home.  The Bluffdale facility is slated to open in late July of 2013.  But of course, you're unlikely to hear about its grand opening, as it's merely one more element of NSA's daily business you are not allowed to know.