NSA's data operations are largely privatized.
Some of America's biggest social media and tech companies have been denying in recent days that they were aware of the National Security Agency's recently-exposed "PRISM" and telephone monitoring programs. But these denials obscure a larger truth: The government's massive data collection and surveillance system was largely built not by professional spies or Washington bureaucrats but by Silicon Valley and private defense contractors.
So says Michael V. Hayden, the retired Air Force general who as director of the NSA from 1999 to 2006 was a primary mover behind the agency's rebirth from Cold War dinosaur into a post-9/11 terror-detection leviathan with sometimes frightening technical and legal powers.
After many false starts, that transformation was achieved largely by drafting private-sector companies that had far more technical know-how than did the NSA, and contracting with them to set up and administer the technical aspects of these surveillance programs, Hayden told National Journalin an interview Sunday.
"There isn't a phone or computer at Fort Meade [NSA headquarters] that the government owns" today, he says.
That doesn't quite square with the popular image of the NSA as a shadowy confection of Big Brother and Big Government. Nor with the description of PRISM as merely "an internal government computer system," as Director of National Intelligence James Clapper called it over the weekend.
Among these contributing companies reportedly is Palantir Technologies, the Palo Alto, Calif., company that several news outlets have identified as a close associate of the NSA's. Another is Eagle Alliance, a joint venture of Computer Sciences Corp. and Northrup Grumman that runs the NSA's IT program and describes itself on its website as "the Intelligence Community's premier Information Technology Managed Services provider." ("We made them part of the team," says Hayden.) Another is Booz Allen Hamilton, the international consultancy for which the reported whistleblower in the NSA stories, contractor Edward Snowden, began working three months ago. In 2002, Booz Allen Hamilton won a $63 million contract for an early and controversial version of the current data-mining program, called Total Information Awareness, which was later cancelled after congressional Democrats raised questions about invasion of privacy in the early 2000s. The firm's current vice-chairman, Mike McConnell, was DNI in the George W. Bush administration and, before that, director of the NSA. Clapper is also a former Booz Allen executive.
In its outreach to private industry, the NSA occasionally overreached. The most notorious example was the $1.2 billion "Trailblazer" program developed in the early-to-mid-2000s by SAIC and other companies, which led to the notorious attempted prosecution of another whistleblower, an NSA career employee, who sought to expose the program as a wasteful failure. "One of the things we tried to do with Trailblazer was to hire out a solution to our problems," Hayden says. "It was kind of a moonshot."
Afterwards, Hayden said, "we began to do this in increments," still employing private-sector firms. "It's the companies responding to your requests… You look for a Palantir, and you make them part of our team."
It's questionable whether any of the nine major U.S. Internet companies named in the PRISM stories were, like some of these contractors, also willing parts of the NSA "team." For the tech industry, especially the social-media companies, the controversy over the extent of the NSA's domestic data gathering has become an acute embarrassment. The NSA is said to have tapped into servers of the nine companies, but the heads of two of the biggest, Facebook founder Mark Zuckerberg and Google co-founder Larry Page, issued near-identical statements late last week saying neither of them had ever heard "of a program called PRISM" until the press reports.
Yet for Hayden, who was one of the longest-serving NSA directors ever, remaking the stodgy Cold War spy agency into a private-tech-sector enterprise was a logical outgrowth of dramatic changes in the nature of both threats and technology.
Well before 9/11, he says, he realized that as the Internet era was taking off, the NSA was failing in its mission to collect signals intelligence, or sigint, and effectively "going deaf," in the critique of the time. Hayden admitted this, surprisingly, in an open session of the House Permanent Select Committee on Intelligence in 2000, telling the members what he thought needed to happen if the NSA was going to get in front of the data. "This agency grew up in the Cold War. We came from the world of ENIGMA [the Nazi encryption device whose code was broken by the allies], for God's sakes. There were no privacy concerns in intercepting German communications to their submarines, or Russian microwave transmissions to missile bases," he says. "But now, I told them, all the data you want to go for is coexisting with your stuff. And the trick then, the only way NSA succeeds, is to get enough power to be able to reach that new data but with enough trust to know enough not to grab your stuff even though it's whizzing right by."
That is still the issue today, Hayden says. And while he admits that critics have raised some legitimate concerns about proper monitoring and intrusions into privacy, inadvertent or not, he believes there are now adequate safeguards against undue intrusion into citizens' records. Hayden adds: "If we weren't doing this, there would be holy hell to raise." He notes that the 2002 joint Senate-House inquiry into 9/11 criticized the NSA for being "far too cautious." And as controversial as they might seem, programs such as PRISM were always intended to resolve the conflict he had laid out in 2000: how to monitor overseas conversations that are often routed through servers in the United States. "This is a home game for us," says Hayden. "Are we not going to take advantage that so much of it goes through Redmond, Washington?"
During most of the Cold War, he says, the NSA was the cutting-edge innovator, helping to create the Internet and American computer industry back in the 1950s and '60. "We were America's Information-Age enterprise during America's Industrial Age. We had the habit of saying if we need it, we're going to have to build it," Hayden says. "But in the outside world there was a technological explosion in the two universes that had been at the birth of the agency almost uniquely ours: telecommunications and computers."
By the time 9/11 arrived, the American tech industry was building the best stuff and had the best minds, so the NSA no longer had any choice but to enlist Silicon Valley's help. Signals intelligence "has to look like its target. We have to master whatever technology the target is using to turn his beeps and squeaks into something humanly intelligible," Hayden says. Not only was much of this traffic being routed through the United States, but the tech sector knew how to penetrate and "mine" it. He concludes: "Why would we not turn the most powerful telecommunications and computing management structure on the planet to our use?"
The NSA did. But now some of these companies may come to regret what is emerging as a public relations disaster.
NEXT STORY The Vets in Tech Hackathon at Facebook