Leaked NSA document outlines its goals for greater power

Documents show that the security agency has a program that tracks data around the Internet and has helped it gain access to data centers in Taiwan

By James Risen and Laura Poitras  /  NY Times News Service, WASHINGTON

Sat, Nov 30, 2013 - Page 9

Officials at the US National Security Agency (NSA), intent on maintaining the agency’s dominance in intelligence collection, pledged last year to push to expand its surveillance powers, according to a top secret strategy document.

In February last year, a paper laid out the four-year strategy for the NSA’s signals intelligence operations, which include the agency’s eavesdropping and communications data collection around the world, agency officials set an objective to “aggressively pursue legal authorities and a policy framework mapped more fully to the information age.”

Written as an agency mission statement with broad goals, the five-page document said that existing US laws were not adequate to meet the NSA’s needs to conduct broad surveillance in what it cited as “the golden age of SIGINT,” or signals intelligence.

“The interpretation and guidelines for applying our authorities, and in some cases the authorities themselves, have not kept pace with the complexity of the technology and target environments, or the operational expectations levied on NSA’s mission,” the document said.

Using sweeping language, the paper outlined some of the agency’s other ambitions. They included defeating the cybersecurity practices of adversaries to acquire the data the agency needs from “anyone, any time, anywhere.” The agency also said it would try to decrypt or bypass codes that keep communications secret by influencing “the global commercial encryption market through commercial relationships,” human spies and intelligence partners in other countries. It also talked of the need to “revolutionize” analysis of its vast collections of data to “radically increase operational impact.”

The strategy document, provided by former NSA contractor Edward Snowden, was written at a time when the agency was at the peak of its powers and the scope of its surveillance operations was still secret. Since then, Snowden’s revelations have changed the political landscape.

Prompted by a public outcry over the NSA’s domestic operations, the agency’s critics in the US Congress have been pushing to limit, rather than expand, its ability to routinely collect the phone and e-mail records of millions of Americans, while foreign leaders have protested reports of virtually unlimited NSA surveillance overseas, even in allied nations. Several inquiries are underway in Washington; General Keith Alexander, the NSA’s longest-serving director, has announced plans to retire; and the White House has offered proposals to disclose more information about the agency’s domestic surveillance activities.

The NSA document, titled SIGINT Strategy 2012-2016, does not make clear what legal or policy changes the agency might seek. The NSA’s powers are determined variously by Congress, executive orders and the nation’s secret intelligence court, and its operations are governed by layers of regulations. While asserting that the agency’s “culture of compliance” would not be compromised, NSA officials argued that they needed more flexibility, according to the paper.

Senior intelligence officials, responding to questions about the document, said that the NSA believed that legal impediments limited its ability to conduct surveillance of suspected terrorists inside the US. Despite an overhaul of US security law in 2008, the officials said, if a terrorism suspect who is under surveillance overseas enters the US, the agency has to stop monitoring him until it obtains a warrant from the US Foreign Intelligence Surveillance Court.

“NSA’s SIGINT strategy is designed to guide investments in future capabilities and close gaps in current capabilities,” the agency said in a statement. “In an ever-changing technology and telecommunications environment, NSA tries to get in front of issues to better fulfill the foreign-intelligence requirements of the US government.”

Critics, including some US congressional leaders, say that the role of NSA surveillance in thwarting terrorist attacks — often cited by the agency to justify expanded powers — has been exaggerated. In response to the controversy about its activities following Snowden’s disclosures, agency officials claimed that the NSA’s sweeping domestic surveillance programs had helped in 54 “terrorist-related activities.”

Under growing scrutiny, US congressional staff members and other critics say that the use of such figures by defenders of the agency has dramatically overstated the value of the domestic surveillance programs in counterterrorism.

Agency leaders believe that the NSA has never enjoyed such a target-rich environment as it does now because of the global explosion of digital information — and they want to make certain that they can dominate “the SIGINT battle space” in the future, the document said.

To be “optimally effective,” the paper said, “legal, policy and process authorities must be as adaptive and dynamic as the technological and operational advances we seek to exploit.”

Intent on unlocking the secrets of adversaries, the paper underscores the agency’s long-term goal of being able to collect virtually everything available in the digital world. To achieve that objective, the paper suggests that the NSA plans to gain greater access, in a variety of ways, to the infrastructure of the world’s telecommunications networks.

Reports based on other documents previously leaked by Snowden showed that the NSA has infiltrated the cable links to Google and Yahoo data centers around the world, leading to protests from company executives and a growing backlash against the NSA in Silicon Valley.

Yet the paper also shows how the agency believes it can influence and shape trends in high-tech industries in other ways to suit its needs. One of the agency’s goals is to “continue to invest in the industrial base and drive the state of the art for high performance computing to maintain pre-eminent cryptanalytic capability for the nation.” The paper added that the NSA must seek to “identify new access, collection and exploitation methods by leveraging global business trends in data and communications services.”

It also wants to find ways to combine all of its technical tools to enhance its surveillance powers. The NSA will seek to integrate its “capabilities to reach previously inaccessible targets in support of exploitation, cyberdefense and cyberoperations,” the paper said.

The agency also intends to improve its access to encrypted communications used by individuals, businesses and foreign governments, the strategy document said. The NSA has already had some success in defeating encryption, the New York Times has reported, but the document makes it clear that countering “ubiquitous, strong, commercial network encryption” is a top priority. The agency plans to fight back against the rise of encryption through relationships with companies that develop encryption tools and through espionage operations. In other countries, the document said, the NSA must also “counter indigenous cryptographic programs by targeting their industrial bases with all available SIGINT and HUMINT” — human intelligence, meaning spies.

The document also mentioned a goal of integrating the agency’s eavesdropping and data collection systems into a national network of sensors that interactively “sense, respond and alert one another at machine speed.”

Senior intelligence officials said that the system of sensors is designed to protect the computer networks of the US Department of Defense and that the NSA does not use data collected from Americans for the system. One of the agency’s other four-year goals was to “share bulk data” more broadly to allow for better analysis.

While the paper does not explain in detail how widely it would disseminate bulk data within the intelligence community, the proposal raises questions about what safeguards the NSA plans to place on its domestic phone and e-mail data collection programs to protect Americans’ privacy.

NSA officials have insisted that they have placed tight controls on those programs. In an interview, the senior intelligence officials said that the strategy paper was referring to the agency’s desire to share foreign data more broadly, not phone logs of Americans collected under the Patriot Act. Above all, the strategy paper suggests the NSA’s vast view of its mission: nothing less than to “dramatically increase mastery of the global network.”

Other NSA documents offer hints of how the agency is trying to do just that. One program, code-named Treasure Map, provides what a secret NSA Powerpoint presentation describes as “a near real-time, interactive map of the global Internet.”

According to the undated Powerpoint presentation, disclosed by Snowden, Treasure Map gives the NSA “a 300,000 foot view of the Internet.”

Relying on Internet routing data, commercial and SIGINT information, Treasure Map is a sophisticated tool, one that the Powerpoint presentation describes as a “massive Internet mapping, analysis and exploration engine.” It collects Wi-Fi network and geolocation data, and between 30 million and 50 million unique Internet provider addresses — code that can reveal the location and owner of a computer, mobile device or router — are represented each day on Treasure Map, according to the document. It boasts that the program can map “any device, anywhere, all the time.”

The documents include addresses labeled as “US” based, and because so much Internet traffic flows through the US, it would be difficult to map much of the world without capturing such addresses.

However, the intelligence officials said that Treasure Map maps only foreign and US Department of Defense networks and is limited by the amount of data available to the agency. There are several billion IP addresses on the Internet, the officials said, and Treasure Map cannot map them all. The program is not used for surveillance, they said, but to understand computer networks.

The program takes advantage of the capabilities of other secret NSA programs. To support Treasure Map, for example, the document states that another program called Packaged Goods tracks the “traceroutes” through which data flows around the Internet. Through Packaged Goods, the NSA has gained access to “13 covered servers in unwitting data centers around the globe,” according to the Powerpoint. The document identifies a list of countries where the data centers are located, including Taiwan, Germany, Poland, Denmark and South Africa as well as Russia, China and Singapore.

Despite the document’s reference to “unwitting data centers,” government officials said that the agency does not hack into those centers. Instead, the officials said, the intelligence community secretly uses front companies to lease space on the servers.

Despite the NSA’s broad surveillance powers, the strategy paper shows that NSA officials still worry about the agency’s ability to fend off bureaucratic inertia while keeping pace with change.

“To sustain current mission relevance,” the document said, Signals Intelligence Directorate, the NSA’s signals intelligence arm, “must undertake a profound and revolutionary shift from the mission approach which has served us so well in the decades preceding the onset of the information age.”