Fruit of Eavesdropping Was Processed and Cross-Checked With Databases
Information captured by the National Security Agency's secret eavesdropping
on communications between the United States and overseas has been passed on
to other government agencies, which cross-check the information with tips and
information collected in other databases, current and former administration
The NSA has turned such information over to the Defense Intelligence Agency
(DIA) and to other government entities, said three current and former senior
administration officials, although it could not be determined which agencies
received what types of information. Information from intercepts -- which typically
includes records of telephone or e-mail communications -- would be made available
by request to agencies that are allowed to have it, including the FBI, DIA,
CIA and Department of Homeland Security, one former official said.
At least one of those organizations, the DIA, has used NSA information as the
basis for carrying out surveillance of people in the country suspected of posing
a threat, according to two sources. A DIA spokesman said the agency does not
conduct such domestic surveillance but would not comment further. Spokesmen
for the FBI, the CIA and the director of national intelligence, John D. Negroponte,
declined to comment on the use of NSA data.
Since the revelation last month that President Bush had authorized the NSA
to intercept communications inside the United States, public concern has focused
primarily on the legality of the NSA eavesdropping. Less attention has been
paid to, and little is known about, how the NSA's information may have been
used by other government agencies to investigate American citizens or to cross-check
with other databases. In the 1960s and 1970s, the military used NSA intercepts
to maintain files on U.S. peace activists, revelations of which prompted Congress
to restrict the NSA from intercepting communications of Americans.
Today's NSA intercepts yield two broad categories of information, said a former
administration official familiar with the program: "content," which
would include transcripts of a phone call or e-mail, and "non-content,"
which would be records showing, for example, who in the United States was called
by, or was calling, a number in another country thought to have a connection
to a terrorist group. At the same time, NSA tries to limit identifying the names
of Americans involved.
"NSA can make either type of information available to other [intelligence]
agencies where relevant, but with appropriate masking of its origin," meaning
that the source of the information and method of getting it would be concealed,
the former official said.
Agencies that get the information can use it to conduct "data mining,"
or looking for patterns or matches with other databases that they maintain,
which may or may not be specifically geared toward detecting terrorism threats,
he said. "They are seeking to separate the known from the unknown, relationships
or associations," he added.
The NSA would sometimes monitor telephones, e-mails or fax communications in
cases where individuals in the United States -- and sometimes people they contacted
-- were linked to an alleged foreign terrorist group, officials have said. The
NSA, officials said, limited its decisions to follow-up with more electronic
surveillance on an individual to those cases where there was some apparent link
to terrorist sources.
But other agencies, one former official said, have used phone numbers or other
records obtained from NSA in combination with wide-ranging databases to look
for links and associations. "What data sets are included is a policy decision
[made by individual agencies] when they involve other than terrorist links,"
DIA personnel stationed inside the United States went further on occasion,
conducting physical surveillance of people or vehicles identified as a result
of NSA intercepts, said two sources familiar with the operations, although the
DIA said it does not conduct such activities.
The military personnel -- some of whose findings were reported to the Northern
Command in Colorado -- were employed as part of the Pentagon's growing post-Sept.
11, 2001, domestic intelligence activity based on the need to protect Defense
Department facilities and personnel from terrorist attacks, the sources said.
Northcom was set up in October 2002 to conduct operations to deter, prevent
and defeat terrorist threats in the United States and its territories. The command
runs two fusion centers that receive and analyze intelligence gathered by other
Those Northcom centers conduct data mining, where information received from
the NSA, the CIA, the FBI, state and local police, and the Pentagon's Talon
system are cross-checked to see if patterns develop that could indicate terrorist
Talon is a system that civilian and military personnel use to report suspicious
activities around military installations. Information from these reports is
fed into a database known as the Joint Protection Enterprise Network, which
is managed, as is the Talon system, by the Counterintelligence Field Activity,
the newest Defense Department intelligence agency to focus primarily on counterterrorism.
The database is shared with intelligence and law enforcement agencies and was
found last month to have contained information about peace activists and others
protesting the Iraq war that appeared to have no bearing on terrorism.
Military officials acknowledged that such information should have been purged
after 90 days and that the Talon system was being reviewed.
Gen. Michael V. Hayden, deputy director for national intelligence and former
head of NSA, told reporters last month that the interception of communications
to the United States allegedly connected to terrorists was, in almost every
case, of short duration. He also said that when the NSA creates intelligence
reports based on information it collects, it minimizes the number of Americans
whose identities are disclosed, doing so only when necessary.
"The same minimalizationist standards apply across the board, including
for this program," he said of the domestic eavesdropping effort. "To
make this very clear -- U.S. identities are minimized in all of NSA's activities,
unless, of course, the U.S. identity is essential to understand the inherent
intelligence value of the intelligence report." Hayden did not address
the question of how long government agencies would archive or handle information
from the NSA.
Today's controversy over the domestic NSA intercepts echoes events of more
than three decades ago. Beginning in the late 1960s, the NSA was asked initially
by the Johnson White House and later by the Army, the Secret Service, and the
Bureau of Narcotics and Dangerous Drugs to intercept messages to or from the
United States. Members of Congress were not informed of the program, code-named
Minaret in one phase.
The initial purpose was to "help determine the existence of foreign influence"
on "civil disturbances occurring throughout the nation," threats to
the president and other issues, Gen. Lew Allen Jr., then director of NSA, told
a Select Senate Committee headed by then-Sen. Frank Church (D-Idaho) in 1975.
Allen, in comments similar to recent Bush administration statements, said collecting
communications involving American citizens was approved legally, by two attorneys
general. He also said that the Minaret intercepts discovered "a major foreign
terrorist act planned in a large city" and prevented "an assassination
attempt on a prominent U.S. figure abroad."
Overall, Allen said that 1,200 Americans citizens' calls were intercepted over
six years, and that about 1,900 reports were issued in three areas of terrorism.
As the Church hearings later showed, the Army expanded the NSA collection and
had units around the country gather names and license plates of those attending
antiwar rallies and demonstrations. That, in turn, led to creation of files
on these individuals within Army intelligence units. At one point a Senate Judiciary
subcommittee showed the Army had amassed about 18,000 names. In response, Congress
in 1978 passed the Foreign Intelligence Security Act, which limited NSA interception
of calls from overseas to U.S. citizens or those involving American citizens