As with GEOINT, the United States seeks ways to deny enemies their own SIGINT capabilities. Although the CSRS against imagery was not funded, DOD has declared the Counter Communications System operational. The system temporarily jams communications satellites with radio frequencies.
SIGINT consists of several different types of intercepts. The term is often used to refer to the interception of communications between two parties, or COMINT. SIGINT can also refer to the pickup of data relayed by weapons during tests, which is sometimes called telemetry intelligence (TELINT). Finally, SIGINT can refer to the pickup of electronic emissions from modern weapons and tracking systems (military and civil), which are useful means of gauging their capabilities, such as range and frequencies on which systems operate. This is sometimes referred to as ELINT, but is more customarily referred to as FISINT (foreign instrumentation signals intelligence).
The ability to intercept communications is highly important, because it gives insight into what is being said, planned, and considered. It comes as close as one can, from a distance, to reading the other side’s mind, a goal that cannot be achieved by imagery. Reading the messages and analyzing what they mean is called
content analysis.
Tracking communications also gives a good
indication and warning.
As with imagery, COMINT relies to some degree on the regular behavior of those being watched, especially among military units. Messages may be sent at regular hours or regular intervals, using known frequencies. Changes in those patterns—either increases or decreases—may be indicative of a larger change in activity. Monitoring changes in communications is known as
traffic analysis,
which has more to do with the volume and pattern of communications than it does with the content.
(See box, “SlGlNT Versus IMINT.
”
)
One other important aspect of COMINT is that it provides both content (what is being said) and what might be called texture, meaning the tone, the choice of words, the accent (such as when distinguishing one type of French- or Spanish- or Arabic-speaker). Texture is like listening to the tone or watching the facial expression of a speaker. This can tell you as much—or sometimes more—as the words.
SIGINT VERSUS IMINT
An NSA director once made a distinction between IMINT—now called GEOINT—and SIGINT: “IMINT tells you what has happened; SIGINT tells you what will happen.”
While an exaggeration—and said tongue in cheek—the statement captures an important difference between the two collection disciplines.
COMINT has some weaknesses. First and foremost, it depends on the presence of communications that can be intercepted. If the target goes silent or opts to communicate via secure landlines instead of through the air, then the ability to undertake COMINT ceases to exist. Perhaps the landlines can be tapped, but doing so is a more difficult task than remote interception from a ground site or satellite. The target also can begin to
encrypt—
or code—its communications. Within the offensive-defensive struggle over SIGINT is a second struggle, that between encoders and codebreakers, or
cryptographers.
Crypies, as they are known, like to boast that any code that can be constructed can also be solved. But the present-day is far removed from the Elizabethan age of relatively simple ciphers. Computers greatly increase the ability to construct complex, onetime-use codes. Meanwhile, computers also make it more possible to attack these codes. Finally, the target can use false transmissions as a means of creating less compromising patterns or of subsuming important communications amid a flood of meaningless ones—in effect, increasing the ratio of noise to signals.
Another issue is the vast quantity of communications now available: telephones of all sorts, faxes, e-mails, and so on. In 2002, for example, there were some 180 billion minutes of international phone conversations, from some 2.8 billion cellular phones and 1.2 billion fixed phones. Instant messaging, a relatively new medium, generates 530 billion messages daily. As communications switch to fiber optic cable, the available volume will increase. Also, more phone calls are going over the Internet using the Voice-over-Internet-Protocol (VoIP) technology.
Even a focused collection plan collects more COMINT than can be processed and exploited. One means of coping with this is the
key-word search,
in which the collected data are fed into computers that look out for specific words or phrases. The words are used as indicators of the likely value of an intercept. The system is not perfect, but it provides a necessary filter to deal with the flood of collected intelligence. TELINT and ELINT offer valuable information on weapons capabilities that would otherwise be unknown or would require far more risky human intelligence operations to obtain. However, as the United States learned from its efforts to monitor Soviet arms, the weapons tester can employ many techniques to maintain secrecy. Like communications, test data can be encrypted. It can also be encapsulated—that is, recorded within the weapon being tested and released in a self-contained capsule that will be recovered—so that the data are never transmitted as a signal that would be susceptible to interception. If the data are transmitted, they can be sent in a single burst instead of throughout the test, greatly increasing the difficulty of intercepting and reading the data. Or the data can be transmitted via a spread spectrum, that is, using a series of frequencies through which the data move at irregular intervals. The testing nation’s receivers can be programmed to match the frequency changes, but such action greatly increases the difficulty of intercepting the full data stream.
One issue that arises in SIGINT, especially in COMINT, is
risk versus take.
This refers to the need to consider the value of the intelligence that is going to be collected (the take) against the risk of discovery—either in political terms or in the collection technology that may then be revealed to another nation.
The war against terrorism has underscored a growing concern for SIGINT. As with the other collection disciplines, SIGINT was developed to collect intelligence on the Soviet Union and other nations. Terrorist cells offer much smaller signatures, which may not be susceptible to interception by remote SIGINT sensors. Therefore, a growing view is that future SIGINT will have to rely on sensors that have been physically placed close to the target by humans. In effect, HUMINT will become the enabler for SIGINT. Signs also are evident that terrorist groups have increasing knowledge about U.S. SIGINT capabilities and therefore take steps to evade SIGINT detection by such means as using cell phones only once or avoiding cell phones and faxes.
Another SIGINT weakness is found within COMINT—foreign language capabilities. During the cold war, the United States emphasized the need for Russian speakers through a series of government-sponsored educational programs. Today, different languages are at issue: Arabic (which has many spoken varieties), Farsi, Pushto, Dari, Hindi, Urdu, and other languages common to the Middle East and South Asia. None of these languages has much academic support in the United States, and they all have the added difficulty of not being written in the Roman alphabet (which is also true of Russian, Chinese, and some six thousand other languages). It takes about three years (full time) to train someone to the desired capability in a non-Roman language. The United States suffers in its language capabilities because of the decline in language requirements in colleges and universities. According to the Modern Language Association, only 8 percent of schools have language requirements, down from 87 percent in the 1950s through the early 1970s. The United States, being an immigrant nation, has among its citizens speakers of most languages. But they need to be recruited, cleared, and trained. Clearing such candidates is a major motivation in DNI McConnell’s efforts to improve the security clearance process. In some cases, the native language skills of these people are very good but their ability to translate into English, which is the required outcome, is poor. For the foreseeable future, language skills will be a major problem for COMINT and for all intelligence activities.
A more fundamental issue for SIGINT collection in U.S. intelligence has been the capability of NSA to keep pace with the technological changes. It is important to understand that NSA has two roles: offense and defense. NSA intercepts foreign communications but also acts to prevent the interception of U.S. communications. These two roles are very closely allied—in effect, opposite sides of the same coin.
The offense role is made more difficult by the ongoing explosion in the amount of communications worldwide. According to Lucent Technologies, in 2006 there were more than 9.3 trillion e-mails; more than 300 billion voicemail messages; more 18 million new wireless users joining the 1.3 billion already using wireless; more than 123 billion Internet log-ins; and more than 32 million new phone lines. Again, NSA does not have to track all of these communications, but it does have to find the intercepts it needs inside this vast communications haystack.
Likewise, the defensive role is made more difficult by the increasing number of hacking attempts against government computers. Several new procurement programs designed to upgrade NSA infrastructure ran into cost overruns and failed to produce the needed improvements. There have even been concerns that NSA’s obviously high demands for electrical power will soon outstrip available supplies in its home state of Maryland.
The defense role has received increased attention as the number of attacks on U.S. government computers has sharply increased. Defense not only seeks to protect U.S. codes and communications but also the vast array of computers on which the nation relies. In January 2008, President Bush signed a directive authorizing the intelligence community—especially NSA—to monitor the networks of all federal computers as a means of detecting and defending against external attacks. According to press reports, NSA, CIA and the Federal Bureau of Investigation (FBI) will investigate intrusions by monitoring and reporting on Internet activity. This directive raised concerns about intelligence agencies looking into domestic activities but also was criticized by those concerned about cyber security, because the directive does not include the private sector, where some believe the real danger lies—banks, utilities, and other parts of the critical infrastructure.
An important aspect of SIGINT operations for the United States in combating terrorism is the legal issues involved. Under pre-2001 rules, if the SIGINT target was within the United States, the operation became the responsibility of the FBI, not NSA. To undertake wiretaps in the United States, the FBI must get a court order. Foreign intelligence wiretaps (as opposed to criminal case wiretaps) come under the jurisdiction of the Foreign Intelligence Surveillance Act (FISA) Court, created by the FISA in 1978. This was not seen as a major legal barrier, as the FISA court has reportedly approved 13,164 requests and denied four since its inception. In addition, according to data provided by the court to the Congress, the court approved more than 99.9 percent of all requests for wiretaps between 2000 and 2006.
The changing nature of communications and the campaign against terrorists have also led to requests by U.S. intelligence to change the rules under which they collect SIGINT within the United States. Since 1978, these activities had been conducted under FISA. Although FISA allowed for warrantless wiretaps under certain conditions (a one-year limit, conducted on foreign powers only. authorized by the president via the attorney general), press stories in December 2005 revealed a more extensive use of warrantless wiretaps since 2002. These revelations set off a major political controversy concerning the legal basis of the program as well as efforts to revise the law to adjust to changing circumstances. The details of this controversy are beyond the scope of this book, except to note that not only was there disagreement between the Bush administration and some in Congress over the new wiretap program but also among members of the Bush administration as well.
The new warrantless taps President Bush allowed after the September 11, 2001, attacks were placed on calls between people in the United States and terrorist suspects abroad. The Bush administration argued that the new program was necessary as the taps had to be placed quickly and this did not allow time to go to the FISA court. Judge Royce C. Lamberth, who headed the court from 1995-2002, refuted this argument, saying that court procedures had been streamlined in 2001 to make the court more responsive. In August 2007, DNI McConnell revealed that legal changes were necessary because a judge on the FISA court had ruled that court-sanctioned warrants were required on any communications traveling through the United States, even if the two parties involved in the exchange were both overseas. This was seen as a major setback for surveillance, as many Internet communications will pass through the United States. According to press reports, intelligence officials said this ruling had resulted in a 25 percent drop in intercepts. McConnell also revealed that one hundred or fewer individuals in the United States were under surveillance. He also acknowledged that some telecommunications companies had assisted the warrantless surveillance program.
After an intense and partisan debate that lasted almost a year, Congress passed a new law in July 2008 that was largely seen as a victory for the Bush administration. The law allows emergency wiretaps on American targets for one week without a warrant to preclude losing important intelligence and if there is strong reason to believe that the target is linked to terrorism. There is a similar one-week provision for foreign targets. Broad warrants, versus specific ones, will be allowed against foreign communications. The law also grants legal immunity to telecommunications firms that cooperated with the earlier warrantless program, which had been a major issue. The new law also makes clear that changes can only be made in the wiretap program within the law and not solely on order of the president. Various oversight provisions by the FISA court and by inspectors general are laid out as well.