Monday, July 1, 2013

How a 30-year-old lawyer exposed NSA mass surveillance of Americans—in 1975

Project SHAMROCK allowed the NSA to intercept telegrams sent by US citizens.

The NSA at night—always watching.
NSA
US intelligence agencies have sprung so many leaks over the last few years—black sites, rendition, drone strikes, secret fiber taps, dragnet phone record surveillance, Internet metadata collection, PRISM, etc, etc—that it can be difficult to remember just how truly difficult operations like the NSA have been to penetrate historically. Critics today charge that the US surveillance state has become a self-perpetuating, insular leviathan that essentially makes its own rules under minimal oversight. Back in 1975, however, the situation was likely even worse. The NSA literally "never before had an oversight relationship with the Congress." Creating that relationship fell to an unlikely man: 30 year old lawyer L. Britt Snider, who knew almost nothing about foreign intelligence.
Snider was offered a staff position on the Church Committee, set up by Congress in 1975 to function as a sort of Watergate-style inquiry. This initiative focused on CIA subversion of foreign governments and spying on American citizens, recently revealed in the New York Times by noted investigative reporter Seymour Hersch. Congressional "oversight" of intelligence agencies was, at the time, nearly useless, as the Senate's official history of the Church Committee notes:
In 1973, CIA Director James Schlesinger told Senate Armed Services Chairman John Stennis that he wished to brief him on a major upcoming operation. "No, no my boy," responded Senator Stennis. "Don't tell me. Just go ahead and do it, but I don't want to know." Similarly, when Senate Foreign Relations Committee Chairman J.W. Fulbright was told of the CIA subversion of the Allende government in Chile, he responded, "I don't approve of intervention in other people's elections, but it has been a long-continued practice."
The committee was initially given nine months and 150 staffers to conduct its work. Snider was tasked with expanding the committee's inquiry to the NSA, which was so opaque that no one in Congress could even come up with an org chart for the Fort Meade-based operation. Years later, Snider became the CIA's inspector general. In late 1999 he wrote up his memories of that early NSA investigation and how it helped to reveal a massive program of NSA spying on telegrams—including those sent by US citizens. It turned out that the telegram companies had secretly agreed to the scheme out of a sense of "patriotic duty." Sounds a bit like the NSA of today, no?

"No Such Agency"

Snider and a colleague named Peter Fenn were told to look into the NSA, but it wasn't a simple job. They had no evidence that the NSA even did anything wrong.
Unlike the CIA and FBI, which were the agencies principally in the Committee's sights—thanks to a number of sensational press accounts—there had been no press exposĂ©s about NSA. Our supervisor, in fact, seemed to take particular delight in pitting Pete and me against this mysterious Goliath. "They call it 'No Such Agency,'" he said. "Let's see what you boys can find out about it." It was the first time I had heard the agency referred to this way, and it was not long before I understood why. What ensued was something of an odyssey that lasted over the better part of a year. It began with a series of fruitless, sometimes comical, efforts to penetrate NSA's defenses. ("They must have done something," our boss wailed.)
The pair knew almost nothing about the NSA, so they asked the Congressional Research Service (CRS) to dig up every scrap of public information on the agency. They received in response "a one-paragraph description from the Government Organization Manual and a patently erroneous piece from Rolling Stone magazine"—and this from an agency that had existed for more than 20 years. So Snider started sniffing about in Congress, going to the two committees nominally tasked with overseeing the NSA budget (though not with actually overseeing the agency's work). Only a single person on each committee was cleared to know budget details, and neither person heard anything about NSA abuses. The two staffers appear from the modern perspective to be amazingly credulous. "You've got to understand," Snider reports them saying, the NSA would only "focus on foreign targets." Case closed.
So Snider and Fenn skipped the obvious channels and sought out former NSA employees who might be willing to talk. They found several of them, but learned little of interest:
While we were encouraged by their willingness to talk with us, the most egregious "abuses" we were told about were complaints about how NSA allocated its parking spaces among employees and about a few cases of time and attendance fraud. None of the people we interviewed had any knowledge of NSA's having undertaken surveillance against American citizens. It became clear to us from these interviews that NSA's operations were so compartmented that, unless we had the right person, others were not apt to know. How, though, did we find the right person? At that point, we did not even have an organization chart.
So they went directly to the NSA and secured a meeting with its director, Air Force Lt. General Lew Allen. "Broadly smiling" NSA handlers met them and escorted them through the NSA's Maryland headquarters and into Allen's office. Allen offered to arrange any briefings that might be helpful to the pair, and together Snider and Fenn began to learn how the NSA actually operated. But they still saw nothing that smacked of abuse:
These occurred over the ensuing weeks, and implicitly the message came through: "Whatever you do, kids, don't screw this up—it's important to the country." In fact, the briefings did give us a considerably improved understanding of NSA's mission and accomplishments, but they failed to identify a single avenue that appeared promising from an investigative standpoint. Part of it was due to our own ignorance and uncertainty in terms of where to probe and how hard to push, and part of it was due to NSA's uncertainty in terms of what to share with us. Given the current highly intrusive nature of Congressional oversight, it may seem strange that in 1975 NSA was an agency that had never before had an oversight relationship with the Congress. That became painfully clear as our investigation progressed.
After months of work, the two men had nothing. Perhaps there was no breakthrough on the horizon.

Finding a SHAMROCK

In May 1975, the Church Committee received an 800 page report from the separate Rockefeller Commission. The report contained hundreds of pages of testimony from CIA employees about possible problems at that agency, but Snider and Fenn also found two small references to the NSA. The first mentioned an office in New York, loaned from the CIA to NSA in order to spy on telegrams; the second "disclosed that CIA had asked NSA to monitor the communications of certain US citizens active in the antiwar movement."
Snider took the first of these. He asked the NSA to explain the telegram-spying program, but the agency didn't respond. Pulling out the big guns, Snider sent the NSA another round of questions, this time signed by Senator Church, the committee chairman. The NSA objected, saying that it could only talk about the secretive program to the two senators running the committee—no one else. Snider couldn't get the meeting arranged for months; the two senators were too busy to make the joint scheduling work, in part because of how much other work they were doing on matters of more direct concern to the committee. As the Senate history of the Church Committee notes, it "interviewed 800 individuals and conducted 250 executive and 21 public hearings. At the first televised hearing, staged in the Senate Caucus Room, Chairman Church dramatically displayed a CIA poison dart gun to highlight the committee's discovery that the CIA directly violated a presidential order by maintaining stocks of shellfish toxin sufficient to kill thousands."
That August, Snider's scheduling problem suddenly evaporated. The New York Times dropped another bombshell, reporting that NSA had been spying on US citizens who were communicating abroad.
With the allegations now a matter of public record, NSA wanted to explain its side of the story. So, in late August, NSA told me that a briefing was being arranged.
I can remember the clean-cut, earnest man in his early forties who met with me, but I do not recall his name. It was true, he said, that NSA had access for many years to most of the international telegrams leaving New York City for foreign destinations. The program was codenamed SHAMROCK and known to only a few people within the government. Every day, a courier went up to New York on the train and returned to Fort Meade with large reels of magnetic tape, which were copies of the international telegrams sent from New York the preceding day using the facilities of three telegraph companies. The tapes would then be electronically processed for items of foreign intelligence interest, typically telegrams sent by foreign establishments in the United States or telegrams that appeared to be encrypted.
While telegrams sent by US citizens to foreign destinations were also present in the tapes NSA received, the briefer said that, as a practical matter, no one ever looked at them. "We're too busy just keeping up with the real stuff," he said. The program had been terminated in May, he told me, by order of the Secretary of Defense. I asked if the Secretary had ended it because he knew the Committee was on to it. "Not really," he said, "the program just wasn't producing very much of value."
But even the NSA briefer didn't know the full details of SHAMROCK, especially historical information about when it had started and how. It appeared that only one man had that information: recently retired NSA Deputy Director Dr. Louis Tordella.

Meeting Dr. No

According to NSA employee reminiscences of Tordella, who died in 1996, the professor left his job in Chicago during World War II to join the Navy. He was immediately shipped off to DC, where he joined cryptologic group OP-20-G in 1942. Tordella had a strong background in mathematics and a hobbyists' interest in crypto, and OP-20-G put him to work on German and Japanese codes after a mere eight hours of training. He helped with US efforts against the German ENIGMA cipher machines and later headed out to the Pacific theater to oversee codebreaking work against Japanese codes.
Enlarge / Dr. Louis Tordella
After the war, Tordella was a key figuring in transitioning US military intelligence into the newly formed NSA. He built the agency over the next 20 years, running its daily operations and pushing it hard into computers and mathematics. In 1996, the NSA's current Deputy Director said that Tordella "contributed more to the way NSA operates and is structured than any other individual."
A declassified NSA Cryptologic Almanac entry on Tordella notes that he was "known variously as 'Dr. T,' 'Dr. No,' and other, less flattering terms."
In 1975, he had been retired for only a year and still lived just outside DC. Snider found him, and Tordella agreed to talk on a Sunday afternoon. He met the young Snider with wariness but eventually gave him the background on SHAMROCK. The program started during World War II to scoop up copies of all foreign telegrams; it continued under the NSA after its formation in 1952. The three main telegraph companies agreed to the scheme voluntarily, and Tordella claims that there never paid for what they did.
The program went on in secrecy for years. Though President Truman knew about the program back when the NSA was formed, Tordella only briefed a single Secretary of Defense on SHAMROCK in the 20+ years since. Even in the NSA, the program was highly secretive. Like the NSA itself, SHAMROCK continued for years without much oversight.
Tordella recalled that while many NSA employees were aware of SHAMROCK, only one lower-level manager—who reported to him directly—had ongoing responsibility for the program over the years. The first person who served in this capacity had started doing it in 1952 and had continued until he retired in 1970. Another person was appointed to take his place. Tordella recalled that years would sometimes go by without his hearing anything about SHAMROCK. It just ran on, he said, without a great deal of attention from anyone.
Tordella admitted that the NSA, on some occasions, read the telegrams of American citizens who sent them to foreign interlocutors. Snider asked him whether this was legal. "You'll have to ask the lawyers," said Tordella.

Naming names

Apart from the NSA, the main question about SHAMROCK involved the private companies that participated. The program was set up relatively casually, with almost no documentation and no promises of legality from the US government. Tordella insisted that the companies not be named in any Church Committee report, since that might subject them to "embarrassment" and to lawsuits. It might also make it difficult for the NSA to convince other private companies to help out on future schemes.
The three companies were RCA Global, ITT World Communications, and Western Union International. Snider deposed executives from all of them.
The RCA Global executive, then retired, was the most colorful and forthright of the lot. He offered no apologies for what he or the company had done. He said the Army had come to him and asked for the company's cooperation, and, by damn, that was enough for him.
The executive from ITT World Communications, by comparison, came to the deposition surrounded by a phalanx of corporate lawyers who proceeded to object to every question I asked once I had gotten past the man's name and position. I pointed out to them that this was the United States Senate—not a court of law—and, if they wanted to object to the questions I was asking, I would have a Senator come in and overrule every one of their objections. They piped down after that and allowed the witness to respond to my questions.
The executive from Western Union International gave a slightly different version of the operation. He said that in his company, employees would microfilm copies of outgoing international telegrams that would then be picked up by a government courier.
The companies claimed to have no idea that anyone might look at American's communication, and they claimed to have received nothing from the government in return for their help. Snider, who been pushing for months on the SHAMROCK story, now found himself in sympathy with their position. His report concluded that the three companies not be named. Others on the Church Committee disagreed on the grounds that the companies sold out their own customers, the needs of US intelligence be damned. The administration wanted discussion of the whole SHAMROCK program suppressed, but the Church Committee took a party-line vote to override the President's wishes. Church himself believed that SHAMROCK had been illegal. Snider's report on SHAMROCK—with the names of the companies included—was published on November 6, 1975.
The report concludes that SHAMROCK was "probably the largest governmental interception program affecting Americans ever undertaken," with 150,000 telegrams being reviewed each month. The report concluded that the surveillance appeared to violate the Fourth Amendment rights of Americans against search and seizure without a warrant. The NSA never obtained a single warrant for SHAMROCK.
The program was discontinued in mid-1975, a few months before the details were made public.
Enlarge / The final report on SHAMROCK.

Aftermath

Despite his concerns about programs like SHAMROCK, Snider wasn't a crusader against the intelligence community. He didn't want to name the telegraph companies, and he was furious to watch executives from RCA, ITT, and Western Union hauled before a House subcommittee a few weeks later. Rep. Bella Abzug chaired the event; Snider walked over to the House to watch. He was appalled.
Her hearings brought to mind the days of Nero, when Christians were thrown to the lions for sport. Ms. Abzug's "red meat" that particular day consisted of executives from RCA Global, ITT International, and Western Union International. As I leaned back against the wall of the hearing room, I saw many of those I had met months before.
Berating the witnesses as only she could, Ms. Abzug made it clear she "stood solidly for the privacy of the American people and squarely against the corporate thugs of this country who thought they could run roughshod over the rights of the American people." (I am paraphrasing here.) I knew they were getting a bum rap, but they had no defenders that day. One of their attorneys turned and caught my eye in the back of the room, nodding grimly as if to say I told you so.
And the companies' troubles would not end there. In the weeks that followed, they would be sued by a group of people claiming their rights had been violated by the SHAMROCK program.
As I walked back to the Senate side after the hearing that day, it occurred to me that none of this would be happening if not for me. Yet I hardly felt like gloating. Indeed, I was somewhat shaken to see the consequences I had predicted to Fritz Schwarz a few months before come to pass. For the moment, I was overcome by doubt. Had we, in fact, "poisoned the well" in terms of future cooperation with the private sector, as Dr. Tordella had feared?
Apparently not—many top US communications firms appear to have given the NSA direct access to some of their main connections over the last decade, a situation that posed a similar problem to the one seen in SHAMROCK. What if the companies got "embarrassed" or even sued? To prevent the possibility, in 2008 Congress simply granted them retroactive immunity (PDF).

Parallels

Snider's story is striking for just how modern it sounds. The NSA, drowning in "big data?" Check, both then and now. The NSA, having great difficulty pulling tiny needles from massive haystacks? Check, both then and now. An agency which is so difficult to penetrate that even "insiders" know only part of the story? Check, then and now. Communications companies doing their "patriotic duty" but worried about a backlash? Check, both then and now.
As security and crypto guru Bruce Schneier put it back in 2005, "A lot of people are trying to say that it's a different world today, and that eavesdropping on a massive scale is not covered under the FISA [Foreign Intelligence Surveillance Act] statute, because it just wasn't possible or anticipated back then. That's a lie. Project SHAMROCK began in the 1950s and ran for about 20 years. It too had a massive program to eavesdrop on all international telegram communications, including communications to and from American citizens. It too was to counter a terrorist threat inside the United States. It too was secret and illegal. It is exactly, by name, the sort of program that the FISA process was supposed to get under control."
One thing that is different about today's leaks is the relative lack of official outrage from top members of Congress. Consider Senator Church's amazing remarks from 1975, for instance, as noted by NSA historian and investigator James Bamford in a 2005 article. "That capability at any time could be turned around on the American people," Church said. "And no American would have any privacy left, such is the capability to monitor everything: telephone conversations, telegrams, it doesn't matter. There would be no place to hide... I know the capacity that is there to make tyranny total in America, and we must see to it that this agency and all agencies that possess this technology operate within the law and under proper supervision, so that we never cross over that abyss. That is the abyss from which there is no return."
That lack of such strident outrage is due in part to reforms spurred by the Church Committee. The NSA is also overseen (somewhat) more effectively by Congress, and the agency's programs have a much stronger veneer of legality thanks to court rulings, Department of Justice opinions, and legislation.
But none of that has stemmed worldwide anger and discussion about the NSA programs revealed recently by leaker Edward Snowden. And that's in part because the world has changed since 1975; the communications of much of the world now pass through US corporate servers on a daily basis thanks to the rise of Internet firms like Google, Facebook, and Twitter. What was once mainly a "US issue" is today a worldwide one, affecting hundreds of millions of people. And the scope is different too. As amazing as SHAMROCK was for its time, it's dwarfed by current collection programs. And today's computer analysis means that it's actually feasible to scan billions of items for keywords and phrases and signature in a way no human team could ever do.
In the near future, we're unlikely to see a renewed Church Committee over US intelligence operations, but perhaps the public scrutiny alone will bring changes. One lasting legacy of establishing Congressional oversight and bringing abuses to light in 1975 was reform. As Snider notes at the end of his reminiscence, oversight and exposure of potentially illegal behavior was ultimately good for the NSA and for the US.
"With no desire to undergo another such experience, NSA adopted very stringent rules in the wake of the Church Committee to ensure that its operations were carried out in accordance with applicable law," Snider wrote. "Where the communications of US citizens were concerned, I can attest from my personal experience that NSA has been especially scrupulous. As upsetting and demoralizing as the Church Committee's investigation undoubtedly was, it caused NSA to institute a system which keeps it within the bounds of US law and focused on its essential mission. Twenty-three years later, I still take some satisfaction from that."
But changes never last forever. Two years after Snider wrote that, the NSA would start up Stellar Wind, its presidentially authorized post-9/11 warrantless surveillance program. It raised many of the same concerns as the warrantless SHAMROCK intercepts had in 1975.

Further reading

No comments:

Post a Comment