Playing to the Edge: American Intelligence in the Age of Terror (9 page)

She listened intently and simply asked if I thought it was the right thing to do. I repeated that I did and she then said that, of course, I had to do it.

Gutsy call on her part, because the implicit understanding between us was that I was really asking her to volunteer herself, our grown children, and our grandchildren for what could be a very rocky ride at some point in the future. That she assented said a lot about her—and military spouses in general—especially since she had no idea what it was we would actually be doing.

After my session in the Oval, the vice president had turned to David Addington to draft an order that would eventually be approved by the attorney general, authorized by the president, and signed by the secretary of defense, directing us to carry out what we had already described as technologically possible and operationally relevant. It was John Yoo at Justice who insisted that this should flow through the secretary of defense and the chain of command as an element of war making. The
DOD fingerprints proved useful when Stellarwind became public and some in DOD wanted to dismiss it as “the White House program.”

The complex approval process was also designed to make it absolutely clear that this was being done with the knowledge and support and under the direction of the president. That was also true with CIA’s rendition, detention, and interrogation (RDI) program (see chapters 12 and 20), but there the paper trail was frustratingly thin, as I later learned.

On October 3, the vice president, Addington, and White House Counsel Al Gonzales took draft order number one to the president in the White House residence. As they entered the room, the president asked, “All ready?” He was familiar with what he was signing, but couldn’t resist a question: “Well, David?” A bit at a loss for words, Addington simply pointed out the obvious: “No question that one day we will be publicly accountable.” It was a great choice of phrase. Either way, there would be a reckoning on what the president did (or didn’t do) that Wednesday evening with this order.

Addington then had to take the signed document to CIA to append to it the threat estimate and DCI recommendations that legitimized such dramatic action. Then to Justice for the attorney general to aver to its lawfulness, to Defense to direct its implementation, and then to me at Fort Meade to carry it out. David did it personally—no couriers, no pouches, no electronic signatures. Secrecy was paramount. No wonder he lobbied for (and won) forty-five-day cycles between each renewal rather than thirty.

David has a bit of a reputation as a snarly watchdog, but in setting up this meticulous process, he had my best interests at heart, as well as those of NSA, the president, and the country. He wasn’t (always) the unrelenting ideologue that some portray him as, either. Speaking after the end of the first authorization, he reminded me that—as written—the order allowed the intercept of domestic-to-domestic communications if I thought they were al-Qaeda related. I reminded him that we were a
foreign
intelligence organization, that I wouldn’t do that without a warrant, and
besides, we didn’t even have the plumbing to do that. The alleged architect of the “unitary executive” theory simply nodded, swung around in his chair, and amended the order that was on his screen so that it reflected exactly and only what it was we intended to do.

On Thursday, October 4, the day that the first authorization was official, I held a small meeting in my office for key people and asked, “Who should be in the room when I announce this more generally? We need to keep this tight.”

As it turned out, there were sixty-six handpicked people in the director’s conference room when I walked in there Saturday morning.

I began by demanding their undivided attention. I then outlined the events of the past weeks, how we had gotten here, and what the president wanted us to do. Bob Deitz was with me because, contrary to some uninformed views, NSA professionals are
very
conservative when it comes to the privacy of US persons and are so legally attuned that they recognized immediately that what we were going to do sidestepped FISA. Without visible, unqualified support from me, my deputy, and the legal folks (the ones who had been telling them the “thou shalt nots” for years)
,
they wouldn’t have done this. Deitz would reprise this session down the road at two town hall meetings to assure analysts of the lawfulness of the program and to explain why it was legal.

I left the operators in the conference room with their leadership for detailed briefings, but before I departed, I added that what we were about to do was unprecedented, but it was also lawful. I then said, “We are going to do what the president has authorized us to do but not one photon or one electron more.”

When they were done they went downstairs to build a room and the connectivity they needed. By Sunday, work shifts had started. We had launched what would easily be the agency’s edgiest undertaking in its history. We eventually called it Stellarwind, not because that meant anything, but because it didn’t.

When I asked what the reaction was after I left the room, I was told
that it was all business and dedication. People were excited that they would be able to do what they knew needed to be done. There was also a bit of an air of “This is a significant event. Don’t screw it up.”

One of the first things we needed was more computing power; this was going to be really big data. I contacted the CEO of a computer manufacturer that I had visited earlier. They found a shipment of about a hundred servers that met our needs and was already out the door, but not yet delivered to their customer. It was diverted to us, and we met it at a rest stop on Interstate 95 near Fort Meade, led the driver to our loading ramp, and assembled the components ourselves in the new Stellarwind offices.

Within about a month of launching, Stellarwind had several hundred people either committed to it full-time or otherwise cleared to support the program.

Of course, those numbers grew. By the time the
New
York Times
revealed its existence in December 2005, well over a thousand people had been formally read into Stellarwind throughout the government, the majority of them at NSA, of course, but with significant pockets at FBI and CIA. Not all were active, but once read in, they were always knowledgeable.

Still, by government standards, for a four-year program, that’s pretty tightly compartmented. After the program was disclosed, I received a true professional nod from David Pepper, the head of Britain’s GCHQ. Entering my DNI office on a courtesy call, David simply smiled, and said, “Michael, my compliments. We had no idea.”

When we were fully set up, just because of the way the telecommunications network functions, we had the theoretical ability to access a significant percentage of the calls entering or leaving the United States. Of course, we would access and collect a call only when the agency already had probable cause that it was affiliated with al-Qaeda.

NSA uses what it calls “selectors” when deciding to target a call; for telephone calls a selector could be the actual al-Qaeda associated number that is dialing or being dialed. Under Stellarwind, an overwhelming
majority of the selectors were actually foreign numbers, and that proportion actually grew as the program matured.

From 2001 to 2005 there were hundreds of sole-source SIGINT reports, the kind derived from the content of communications, based on Stellarwind reporting. These reports covered terrorist planning, finances, logistics, training, travel, and contacts with people in the United States.

Because of the nature of modern communications, most of the content reports were actually from foreign-to-foreign calls that were merely transiting the United States. In 2006 alone there were nearly a hundred transit (i.e., both ends foreign) reports in which Stellarwind was the sole source and another thousand-plus in which Stellarwind accesses contributed to the final SIGINT product.
*

Once disseminated, Stellarwind reporting was indistinguishable from the normal SIGINT production stream. Since one or both ends were always foreign, there was nothing that made their content stand out. What made them unique was how and where we acquired them.

We also gathered large volumes of metadata. In the first six months of the program we built up a bank of billions of domestic call events in addition to an even larger number of foreign ones. We used contact chaining from known or suspect “dirty numbers” to see if there were connections that suggested terrorist ties to the United States. These generated tippers that we would forward to CIA and FBI for further analysis (or action).

One agency wanted extensive three-hop metadata reports. A known dirty, that is, a terrorist-associated or “seed” number, calls A (hop 1), who calls B (hop 2), who calls C (hop 3). Admittedly that last hop to C is pretty attenuated from the original seed number. In most instances it only proves that everyone has a dentist or orders pizza. Things get interesting, though, when the last hop in one chain shows up in other chains from other seed numbers. We classified our tippers as high, medium, or low confidence based on the frequency, recency, and directness of
contacts with the original dirty number. By December we were cranking out about ten potential leads per day, about one in ten of them high confidence.

The FBI had a policy to investigate every number sent. That approach really increased their workload.

Still, this all worked pretty much as we had anticipated. We traced threatening calls, showed suspicious contacts, uncovered illicit financing networks, detected suspect travel, discovered ties to aviation schools, linked transportation employees to associates of terrorists, drew connections to the illicit purchase of arms, tied US persons to Khalid Sheikh Mohammed, and discovered a suspect terrorist on the no-fly list who was already in the United States.

 • • • 

N
O ONE EXPECTED
S
TELLARWIND
to stay secret forever. Nothing does. And we all knew that when it went public, the size of the storm would be in proportion to the success of Stellarwind and other counterterrorism programs. Specifically, if Stellarwind and other mutually reinforcing programs worked and the homeland remained safe, we would inevitably be accused of overreaching, of sacrificing liberty for security, and we would be treated to a whole bunch of misquotes of Benjamin Franklin, who actually said, “Those who can give up
essential
liberty to obtain a
little temporary
safety deserve neither liberty nor safety” (emphasis mine on the all-important qualifiers
he
inserted).

Most American intelligence professionals are well acquainted with the broad cultural rhythm connecting American espionage practitioners and American political elites: the latter group gets to criticize the former for not doing enough when it feels in danger, while reserving the right to criticize it for doing too much as soon as it has been made to feel safe again.

When the story broke in December 2005, it pretty much played out according to that script. Knowing that it would be no other way, we did our best from the beginning to cushion the inevitable shock wave.

One element was to make sure that we were doing this right. Because it was so tightly held, early oversight of the program was confined to our operations folks and our general counsel. By August 2002, though, we had expanded oversight to our inspector general’s office. The core group here was composed of professional auditors and the inspector general himself, Joel Brenner, who was a skeptical outsider.

They put Stellarwind under a regime of routine reviews. One of their most important contributions was to take a program that had been rapidly established and make it more accountable through thoroughly documented procedures.

They found the kind of human errors one expects to find in any such undertaking: transposed numbers, for example. But, most significantly, they reported that, based on a statistically significant sample, they had determined that Stellarwind was adhering to the terms of the authorization and that tasking was appropriately reviewed, duly recorded, and correctly linked to authorized targets.

Joel was pretty much on record that any president who failed to collect the intelligence authorized by this program would have been derelict in his duty. He was equally passionate that we should move as much of this program as possible under the FISA Court and a broader (i.e., legislated) legal structure. We did, but not until years later.

Early on, we pressed the White House to allow us to at least brief the Hill. There is an air force adage: “If you want people to be there at the crash, you have to put them on the manifest.” We had some pushback, not some kind of permanent prohibition, but more along the lines of “not now” and “we’ll tell you when.”

US law is pretty clear about keeping Congress “fully and currently informed” about significant intelligence activities, and Stellarwind certainly met that description. The executive has discretion, though, in limiting how many members actually get briefed.

A few weeks after we started the program, we got the OK to brief Congress.

On the morning of October 25 we met with the chairmen and ranking
members of the two intelligence committees in the vice president’s cramped office in the West Wing. I did the briefing after the vice president gave a solemn-toned introduction about the necessity of the program.

George Tenet was there to emphasize how serious the threat was. The order under which we operated was renewed by the president every forty-five days and was always accompanied by a DCI memo highlighting the dangers we were facing from al-Qaeda, including an ultimate threat to the continuity of government. With what had just happened in Washington and New York and Shanksville, we certainly didn’t view that as an exaggeration, but over time the DCI’s document was irreverently dubbed “the scary memo” by those of us read into the program. At this meeting George gave an excellent (if oral) “scary memo.”

I had about two dozen paper slides outlining what we were doing; I also had numbers showing the scale of the work we were undertaking. When we met at NSA to prepare these briefings, I told the staff that we had to be totally open here, that the members had to see that this was “bigger than a breadbasket” (as I frequently put it), and that no one would get to say, when all of this was over and a national debate was engaged, “Well, I got some kind of briefing, but . . .”