THE ROOM THAT WASN'T THERE

Electronic Freedom Foundation version of the NSA logo

Information about the secretive National Security Agency has been notoriously difficult to obtain since the agency was quietly established by President Truman in 1952. The existence of the agency itself didn’t actually remain a secret for all that long: the following summer, the New York Times reported that the Defense Department was launching a $30 million construction project to build a new home for the agency at Fort Meade in Maryland. But little information was available about what the agency would do in its new home.

“The National Security Agency,” the Times said, “which functions under the Defense Department, runs a super-communications network, monitoring and translating broadcasts from all parts of the world. Its services are used not only by the Defense Department, but also by the State Department, the C.I.A., the White House and other Government units.”

The specific nature of the services provided by the NSA to other branches of the government was classified at the time and remains so today. Nonetheless, the veil that has long shrouded the agency has thinned somewhat, particularly during the last couple of decades. The NSA received its largest (unwelcome) publicity boost in 2000, when a committee of the European Parliament issued a report outlining a global program of signals intelligence, code-named ECHELON, that is reportedly operated by the NSA on behalf of the United States, the United Kingdom, Australia, Canada, and New Zealand. Using a combination of satellite, telephone, and microwave intercepts, the ECHELON program enables the NSA to review the contents of millions of phone calls, faxes, e-mails, and text messages sent to and from devices around the world. The European Parliament cautioned, however, that “the analysis carried out in the report has revealed that the technical capabilities of the system are probably not nearly as extensive as some sections of the media had assumed.”

When President Bush freed the NSA from its warrant requirements under federal law, the NSA decided to take a more straightforward approach: directly intercepting the data transmissions flowing through the nation’s largest and busiest telecommunications companies. In January 2003, an AT&T communications technician named Marty Klein noticed that a new room was being built next to AT&T’s 4ESS switching equipment in the San Francisco office in which he worked. The switching equipment, Klein later told Wired magazine’s Ryan Singel, handles all long-distance and international calls. Klein subsequently learned that the person setting up the equipment in the new room had been recruited the previous fall by the NSA.

Not long after the NSA’s arrival at AT&T, Klein was assigned to connect the company’s massive Internet circuits to a so-called “splitting cabinet,” which contained a beam splitter that divided the Internet traffic into two identical streams, one of which flowed into the NSA’s secret room. The diverted data stream was not limited to just AT&T’s customers; thanks to peer sharing agreements among the various companies operating Internet backbones, NSA’s secret room captured data carried on AT&T’s network from other telecommunications companies. Klein said that similar setups were installed in other AT&T switching offices, “including Seattle, San Jose, Los Angeles and San Diego.”

Among other things, Klein reported, the secret room was equipped with a Narus STA 6400, a supercomputer that is part of the NarusInsight Intercept Suite (NIS). In a product description on the Narus Web site, the company says that the NIS “provides service providers and government organizations unmatched flexibility to intercept IP [Internet protocol] communications content and/or identifying information, enabling law enforcement and government organizations around the world to effectively gather evidence of illegal activity in the multi-faceted world of IP communications.” In simpler terms, the NIS is designed to collect huge amounts of data from various types of data networks and apply so-called “semantic traffic analysis” to determine whether any of the traffic contains information of interest to the organization collecting the data. Since 2004, the Narus board of directors has included William P. Crowell, an “independent security consultant” whose prior positions include deputy director of operations and deputy director of the National Security Agency.

While the Narus Web page for the NIS stresses the importance of capturing “all targeted data but nothing else,” it leaves unanswered the thornier question of what constraints exist, if any, for determining whose data should be targeted. It was no accident that the European Parliament opened its report on the NSA ECHELON program by quoting the first-century Roman poet Juvenal: “Sed quis custodiet ipsos custodies?” (But who will guard the guardians?)