Amid the torrent of stories about the shocking new revelations about the National Security Agency, few have bothered to ask a central question. Who’s actually doing the work of analyzing all the data, metadata and personal information pouring into the agency from Verizon and nine key Internet service providers for its ever-expanding surveillance of American citizens?
Well, on Sunday we got part of the answer: Booz Allen Hamilton. In a stunning development in the NSA saga, Guardian reporter Glenn Greenwald revealed that the source for his blockbuster stories on the NSA is Edward Snowden, “a 29-year-old former technical assistant for the CIA and current employee of the defense contractor Booz Allen Hamilton.” Snowden, it turns out, has been working at NSA for the last four years as a contract employee, including stints for Booz and the computer-services firm Dell.
The revelation is not that surprising. With about 70 percent of our national intelligence budgets being spent on the private sector -- a discovery I made in 2007 and first reported in Salon – contractors have become essential to the spying and surveillance operations of the NSA.
From Narus, the Israeli-born Boeing subsidiary that makes NSA’s high-speed interception software, to CSC, the “systems integrator” that runs NSA’s internal IT system, defense and intelligence, contractors are making millions of dollars selling technology and services that help the world’s largest surveillance system spy on you. If the 70 percent figure is applied to the NSA’s estimated budget of $8 billion a year (the largest in the intelligence community), NSA contracting could reach as high as $6 billion every year.
But it’s probably much more than that.
“The largest concentration of cyber power on the planet is the intersection of the Baltimore Parkway and Maryland Route 32,” says Michael V. Hayden, who oversaw the privatization effort as NSA director from 1999 to 2005. He was referring not to the NSA itself but to the business park about a mile down the road from the giant black edifice that houses NSA’s headquarters in Fort Meade, Md. There, all of NSA’s major contractors, from Booz to SAIC to Northrop Grumman, carry out their surveillance and intelligence work for the agency.
With many of these contractors now focused on cyber-security, Hayden has even coined a new term -- “Digital Blackwater” – for the industry. “I use that for the concept of the private sector in cyber,” he told a recent conference in Washington, in an odd reference to the notorious mercenary army. “I saw this in government and saw it a lot over the last four years. The private sector has really moved forward in terms of providing security,” he said. Hayden himself has cashed out too: He is now a principal with the Chertoff Group, the intelligence advisory company led by Michael Chertoff, the former secretary of Homeland Security.
One of NSA’s most important contractors may be Narus, a subsidiary of Boeing that makes a key telecommunications software that allows government agencies and corporations to monitor huge amounts of data flowing over fiber-optic cables. According to Bill Binney, one of four NSA whistle-blowers who’ve been warning about NSA’s immense powers, one Narus device can analyze 1,250,000 1,000-character emails every second. That comes to over 100 billion emails a day.
“Narus is the one thing that makes it all possible,” Binney told me over the weekend, of the Verizon surveillance program unveiled by the Guardian. “They probably pick up 60 to 80 percent of the data going over the [U.S.] network.” The Narus technology, he added, “reconstructs everything on the line and then passes it off to NSA for storage” and later analysis. That includes everything, he said, including email, cellphone calls, and voice over Internet protocol calls such as those made on Skype.
NSA’s use of the Narus technology first came to attention in 2006. That was when an AT&T technician named Mark Klein went public with his discovery that NSA had hooked Narus devices to AT&T’s incoming telecom stream in San Francisco and set up a secret room that allowed NSA to divert AT&T’s entire stream to its own databases. Binney believes the equipment was hooked up to as many as 15 sites around the country.
The Narus devices can’t pick up everything, however, because large amounts of traffic (such as domestic calls and Internet messages) don’t go through the switches. That’s why NSA apparently decided in 2006 to create the PRISM program to tap into the databases of the Internet service providers such as Yahoo and Google, Binney says. “Even though there’s so many Narus devices collecting on the Net, they don’t get it all,” he explained. “So if they go to the ISPs with a court order, they fill in the gaps from the collection on Narus.”
But once the data is downloaded, it has to be analyzed. And that’s where Booz and the other contractors that surround the NSA come in.
Booz Allen Hamilton is one of the NSA’s most important and trusted contractors. It’s involved in virtually every aspect of intelligence and surveillance, from advising top officials on how to integrate the 16 U.S. spy agencies to detailed analysis of signals intelligence, imagery and other critical collections technologies. I first introduced Booz’s intelligence business in a 2007 profile in Salon when President Bush appointed Michael McConnell, a Booz veteran and former NSA director, to be director of national intelligence (he’s now back at Booz).
Among other secret projects, Booz was deeply involved in “Total Information Awareness,” the controversial data-mining project run for the Bush administration by former National Security Adviser John Poindexter that was outlawed by Congress in 2003.
Another major presence at NSA’s Business Park is SAIC. Like Booz, it stands like a private colossus across the whole intelligence industry. Of its 42,000 employees, more than 20,000 hold U.S. government security clearances, making it one of the largest private intelligence services in the world. “SAIC provides a full suite of intelligence, surveillance and reconnaissance (ISR) and cybersecurity solutions across a broad spectrum of national security programs,” it claims on its website.
Despite its grandiose claims, however, SAIC is also known for several spectacular intelligence failures, including NSA’s ill-fated Trailblazer project to privatize its analysis of signals intelligence. Other companies acting as pillars of NSA’s SIGINT analysis team include Northrop Grumman, Raytheon, CACI International, and hundreds of smaller companies scattered around the Washington Beltway (you can read detailed explanations of what they do for NSA in my book "Spies for Hire"). They, in turn, are surrounded by a small army of “big data” companies that are hired by NSA to sift through data for suspicious patterns and map the creation of “illicit networks” that can be followed or investigated.
In April, I wrote about one of those companies, Palantir Technologies Inc., in Salon. It sells a powerful line of data-mining and analysis software that maps out human social networks that would be extremely useful to NSA analysts trying to make sense of all the telephone and Internet data downloaded from Verizon and nine Internet companies that was described in the latest blockbuster stories in the Guardian and the Post.
“Their bread and butter is mapping disparate networks in real time,” a former military intelligence officer who has used Palantir software told me. “It creates a spatial understanding that can be easily used by analysts.” (See the detailed profile of Palantir I posted on my website last Friday.)
But how did NSA, long considered the crown jewel of U.S. intelligence, become so privatized in the first place?
In the late 1990s, faced with a telecommunications and technological revolution that threatened to make the NSA’s telephonic and radar-based surveillance skills obsolete, the agency decided to turn to private corporations for many of its technical needs.
The outsourcing plan was finalized in 2000 by a special NSA Advisory Board set up to determine the agency’s future and codified in a secret report written by a then-obscure intelligence officer named James Clapper. “Clapper did a one-man study for the NSA Advisory Board,” recalls Ed Loomis, a 40-year NSA veteran who, along with Binney and two others, blew the whistle on corporate corruption at the NSA.
“His recommendation was that NSA acquire its Internet capabilities from the private sector. The idea was, the private sector had the capability and we at NSA didn’t need to reinvent the wheel.”
Hayden, who was the NSA director at the time, “put a lot of trust in the private sector, and a lot of trust in Clapper, because Clapper was his mentor,” added Loomis. And once he got approval, “he was hell-bent on privatization and nothing was going to derail that.” Clapper is now President Obama’s director of national intelligence, and has denounced the Guardian leaks as “reprehensible.”
Hayden was relentless in shifting NSA from an agency that relied on in-house experts for its technology to one of the most privatized agencies in government today. His first action, a project known as Groundbreaker, outsourced all of NSA’s internal communications system. In one fell swoop, hundreds of longtime NSA employees left their government jobs one day and walked in the next morning wearing their green badges from CSC and its many subcontractors.
“To this day, the IT at Fort Meade is owned by a private sector company,” Hayden boasted recently. “That worked. That was a really good idea.” CSC remains the head of the “Eagle Alliance” consortium, and is now one of NSA’s biggest suppliers of cybersecurity services.
But Hayden’s master project, the grandiose Trailblazer project to private NSA’s analysis of signals intelligence flowing over the Internet, didn’t fare so well. Managed by SAIC in a consortium that included Northrop Grumman and Booz Allen Hamilton, it burned through over $5 billion without producing any actionable intelligence, and was canceled in 2005.
Despite the scandals and massive amount of money spent on private intelligence contractors, however, the mainstream media has been slow to report on the topic. It took until 2010, years after the spending spree began, for the Washington Post to highlight intelligence outsourcing in its famous series on “Top Secret America.” The paper, despite its work on the PRISM story, is still behind the curve.
On Monday, it reported for the first time the 70 percent figure I discovered back in 2007 and wrote about for Salon. But no credit was given to me or this publication for that blockbuster finding. Maybe next time.
Shares