On August 23 the Wall Street Journal reported that National Security Agency (NSA) analysts abused their extraordinary power to conduct surveillance on love interests – “LOVEINT,” as intelligence analysts call it. This had Twitter sizzling with such hashtags as #NSAPickuplines and #NSALovePoems and the popular parody @PRISM_NSA (a reference to the PRISM surveillance program disclosed by Edward Snowden earlier this summer) where citizens poke a little fun at the shadowy officials who spy on them in the name of national security (with such suggestive adaptations of spy-speak as “I’d tap that,” “I’d like to violate your privacy,” “After all that metadata, I’m looking forward to some content”).
Meantime, Snowden, the erstwhile hacker nerd for hire employed as a contractor for the NSA, has now become a global icon, complete with his own Wikileaks line of merchandise and the essential Che Guevara-inspired t-shirts. Though hounded by Washington for his leaking of classified secrets, Snowden is justly admired by most of the world for his disclosure of the extraordinary and deeply disturbing surveillance programs the NSA has pursued without any public debate or meaningful congressional oversight. It’s hard not to enjoy these expressions of a robust humor and commitment to transparency that have remained unscathed in this age of ultra-surveillance. Perhaps, however, we can agree that it is, ultimately, no laughing matter that Americans and citizens of the world now live under a high-tech NSA Leviathan with a fetish for hyper secrecy. If, as recent reports suggest, “the NSA has secretly worked to gain access to virtually all communications entering, leaving, or going through the country,” scrutiny is overdue. When the last drop of ribald fun has been wrung from our tweets and we’ve bought as many Snowden mugs as we can afford, it might be time to put into perspective the man whom Snowden has forced out of the shadows and who is singularly responsible for some of the most disturbing tendencies of our age. Have Snowden adorn the merchandise, but let it be four-star General Keith Alexander who endures the heat of the public glare.
Despite his public obscurity (until Snowden’s leaks), Alexander is a stealthy but shrewd bureaucratic operator who has reshaped the national security state to serve his agenda. As head of NSA, Cyber Command and even more shadowy parts of the surveillance state, he has built an empire that threatens the basic privacy and civil liberties of all Americans and much of the population of the world, and threatens the peace of the world with the development and proliferation of dangerous cyberweapons. The NSA under Alexander has, in the words of one expert, “transformed itself into the largest, most covert, and most potentially intrusive intelligence agency ever created.”
Alexander’s Cyber-Industrial Complex
Snowden blew the whistle heard round the world before embarking on his own global tour, which currently has him marooned in Moscow. Snowden’s revelations came as a bombshell to many citizens in this country and abroad, but perhaps they should not have. For one thing, Snowden only disclosed a portion of the iceberg. There are more – and possibly more dangerous – NSA programs than those he has revealed. Second and more importantly, there is, in a certain sense, nothing completely new about the recent abuse of power emanating from Fort Meade, Maryland. Though government classification of documents, and the inherently arcane nature of espionage – and especially signals intelligence, the NSA’s specialty – limits how much of the terrain we can see, enough is known about the history of the U.S. intelligence community to feel a sense of expectation. In a way, the current mania of the NSA is a fitting conclusion to generations of paranoia, power hunger, incompetence and abuse by the entire U.S. intelligence community (and their foreign partners).
Nevertheless, like many others, I found the steady outpouring of new details about the NSA’s surveillance and cyberwar programs – and the absurd secrecy and hypocrisy surrounding them – left me increasingly anxious and angry about the apotheosis of the surveillance state. It’s hard to keep up: from the Bush-era revelations about warrantless wiretapping to the Obama-era disclosures from Wikileaks and Snowden, the sheer range and scope of the intelligence community’s eavesdropping makes the subject daunting and, perhaps, has induced fatalism in many Americans. To make sense of it all, it is helpful to revisit the work of the most reliable guide to all things NSA, James Bamford, and to read his latest contributions.
Bamford, author of four finely researched volumes on the history of the NSA and its pre-1952 signals intelligence predecessors dating back to the First World War, is THE expert on the agency. Since 1982, when he published The Puzzle Palace, Bamford has doggedly pursued as much information as possible about what the secretive agency – often referred to as No Such Agency – does, how, and why. Through Freedom of Information Act requests and interviews with current and former NSA officials, he follows the trail of an agency dedicated to concealment. The cover of The Puzzle Palace depicts an ear, the symbol of eavesdropping, and he often writes there and in subsequent books about the NSA turning its “ear” this way and that as it seeks to listen in on international – and, increasingly, domestic – communications. A thoughtful profile of Bamford earlier this summer by Alexander Nazaryan for The New Yorker notes that even his earliest writings warned of the NSA’s indifference to legal restraints and its voracious appetite for as much information as it could possibly get, even if it meant violating its charter by spying on Americans. By 2008, Bamford had published a scathing takedown of the agency’s exploitation of 9/11, The Shadow Factory. Written shortly after Alexander had succeeded General Michael Hayden, the book makes only a few brief references to the new director of the agency. However, in three articles published in 2012-13 – two for Wired and one for The New York Review of Books – Bamford has zeroed in on Alexander and the behemoth that his agency has become.
Bamford, though described by Nazaryan as “a slightly mischievous character,” is ideally suited to offer this introduction to Alexander in his June 2013 contribution to Wired:
…. Never before has anyone in America’s intelligence sphere come close to his degree of power, the number of people under his command, the expanse of his rule, the length of his reign, or the depth of his secrecy. A four-star Army general, his authority extends across three domains: He is director of the world’s largest intelligence service, the National Security Agency; chief of the Central Security Service; and commander of US Cyber Command. As such, he has his own secret military, presiding over the Navy’s 10th Fleet, the 24th Air Force, and the Second Army.
The massive expansion of Alexander’s cyber warfare resources has been illustrated by one of Snowden’s latest revelations. At the end of August, we learned that in 2011 alone, the United States “carried out 231 offensive cyber-operations,” mostly aimed at such adversaries as Russia, China, Iran, and North Korea. Despite American claims that China is threatening the stability of the world with its hacking, the United States remains the most prolific in cyber warfare. Alexander has used the specter of a devastating cyberattack – what former CIA Director and Secretary of Defense Leon Panetta calls “a cyber Pearl Harbor” – on the United States as principal justification for amassing control over so much data and erecting such a formidable institutional edifice. One can only sigh, perhaps, at the inevitability that someone like Alexander would respond to the drop off of actual global terrorism against American interests by invoking a new, frightening-sounding if vague bogeyman. As a bureaucratic strategy, the use of cyber threats to justify ever-growing “cyberspace operations” budgets for both the NSA and the Department of Defense has been a signature success. At a time when sequestration has hit other intelligence agencies, Alexander has been able to spend more and more.
The NSA’s massive expansion of the headquarters at Fort Meade and several facilities across the country and its enlistment of “cyberattack teams” has, in turn, been very good for certain businesses. “What’s good for Alexander,” writes Bamford, “is good for the fortunes of the cyber-industrial complex, a burgeoning sector made up of many of the same defense contractors who grew rich supplying the wars in Iraq and Afghanistan.” With $30 billion being spent annually on cybersecurity the bonanza shows no signs of slowing down, as companies build or expand vast facilities and hire armies of “attack and penetration consultants.” Snowdens abound.
What Alexander has done is to persuade Washington that the best defense against this threat is a great offense. Established in 2009 by the Pentagon, US Cyber Command has become a key part of Alexander’s realm. As he explained recently during congressional testimony, “I would like to be clear that this team, this defend-the-nation team, is not a defensive team.” Cyber Command has over 14,000 personnel. The goal has been to “dominate cyberspace” the same way the United States armed forces “dominate air and space.” That dominance, of course, comes at the expense not only of other countries, but of American citizens who value even a modicum of privacy.
For all his personal blandness (he “more closely resembles a head librarian than George Patton. His face is anemic, his lips a neutral horizontal line… Some combat types had a derisive nickname for him: Alexander the Geek”), Alexander embodies and is responsible for a number of disturbing tendencies that make apathy no longer an option. Bamford quotes a “senior intelligence official” familiar with the NSA’s recent success at code-breaking: “Everybody’s a target; everybody with communication is a target.” The NSA is getting better and better at reading even the encrypted information of both governments and individual citizens in the United States and abroad. To store all of the data the NSA is swiping, it has erected the Utah Data Center at a staggering cost of $2 billion. This heavily protected facility “will become, in effect, the NSA’s cloud.” It will take in data from American spy satellites, overseas listening posts and a series of perhaps ten to twenty NSA domestic listening posts, “secret monitoring rooms in telecom facilities throughout the US.” (Bamford notes that these secret rooms, called “switches,” have not been a secret for some time, as the practice dates back to the immediate aftermath of 9/11, but the NSA refuses to acknowledge their existence.) The data then becomes fodder for “NSA code breakers, data-miners, China analysts, counterterrorism specialists, and others” at Fort Meade and beyond. As ever, Bamford captures the drama:
Flowing through its servers and routers and stored in near-bottomless databases will be all forms of communication, including the complete contents of private emails, cell phone calls, and Google searches, as well as all sorts of personal data trails – parking receipts, travel itineraries, bookstore purchases, and other digital “pocket litter.” It is, in some measure, the realization of the “total information awareness” program created during the first term of the Bush administration – an effort that was killed by Congress in 2003 after it caused an outcry over its potential for invading Americans’ privacy.
Menacing, all-encompassing systems of information gathering are unsettling, to be sure, but so, too, is the human failure. Bamford strongly doubts Alexander’s ambitious programs are protecting Americans. If the NSA is so much better as a result of its recent buildup, why did it fail to catch “the near-disastrous attempted attacks by the underwear bomber on a flight to Detroit in 2009 and by the car bomber in Times Square in 2010?” Congressional critics have argued the agency gives misleading statements that exaggerate the impact the programs have had in counterterrorism. Those who are familiar with the basics of how, historically, espionage works find it difficult to take NSA claims at face value. As Kenneth Roth, director of Human Rights Watch and a former prosecutor has argued, when U.S. intelligence has disrupted specific plots, the success has been “not because of the mass collection of our metadata but through more traditional surveillance of particular phone numbers or e-mail addresses – the kinds of targeted inquiries that easily would have justified a judicial order allowing review of records kept by communications companies.”
Fittingly, I’m writing this in downtown Atlanta, Georgia. Bamford has pointed to this city as the corporate home of “one of the most secretive” of the defense contractors to rise alongside Alexander’s empire. His Wired essay on Alexander singles out, as an extreme example of the “cyber-industrial complex,” Endgame Systems, which is located in Midtown at 817 West Peachtree Street. Such defense contractors, according to Bamford, sell the services Alexander’s conception of cyberwar requires, recruiting “cyberwarriors [who] play offense and defense,” “computer network attack specialists,” “attack and penetration consultants.” Endgame, a startup created in 2008, “is transparently antitransparent.” Wikileaks disclosed an internal email quoting the company’s desire to stay that way: “We don’t ever want to see our name in a press release.” Endgame is, however, too flush with capital and too important a player to go wholly unnoticed. Why?
Endgame is developing ways to break into internet-connected devices through chinks in their antivirus armor. Like safecrackers listening to the click of tumblers through a stethoscope, the “vulnerability researchers” use an extensive array of digital tools to search for hidden weaknesses in commonly used programs and systems, such as Windows and Internet Explorer. And since no one else has ever discovered these unseen cracks, the manufacturers have never developed patches for them.
Endgame also serves to NSA, Cyber Command, the CIA and British intelligence “a unique map showing them exactly where their targets are located. Dubbed Bonesaw, the map displays the geolocation and digital address of basically every device connected to the Internet around the world, providing what’s called network situational awareness.” For millions of dollars, Endgame can give its clients the capability of pinpointing seemingly complete information on foreign targets – such as government agencies in China – and to find in their defenses “the equivalent of a back door left open.”
The high stakes this represents worries even intelligence officials, who debate the extent to which “the buying and selling of such a subscription by nation-states could be seen as an act of war.” Bamford quotes Mike Jacobs, a former top NSA official who thinks it is, indeed: “In my opinion, these activities constitute acts of war, or at least a prelude to future acts of war.” Jacobs, noting the complete lack of regulation or oversight of this development and sale of cyberweapons, says “It should be illegal. I knew about Endgame when I was in intelligence. The intelligence community didn’t like it, but they’re the largest consumer of that business.” Bamford concludes that by buying the services of a firm like Endgame, “the spy agencies are helping drive a lucrative, dangerous, and unregulated cyber arms race, one that has developed its own gray and black markets.” Endgame and its competitors could choose to sell their cyberweapons to anyone, including adversarial nations like Iran or to terrorists, a prospect Alexander himself has called his “greatest worry.” I would add that even if Endgame and others remain committed to selling only to the Americans and to American allies, the danger remains that the manic drive for offensive cyberweapons might well provoke a real war. That it would have begun shrouded in such secrecy and as a result of a corporate profit strategy would make the disaster all the greater.
Endgame’s website (http://www.endgamesystems.com/) implores potential clients to “Visualize Risk, Create Opportunity.” It doesn’t offer much detail on what, exactly, Endgame does, or how to interact with its personnel. It does give us cyberwarfare with a human face on the “Meet the Team” page, which cutely mingles personal details (“Telvis is a lover of hard problems and loud music”) with a fairly conventional rundown of the executive management, albeit one stuffed with national security connections, capped by the membership on the Board of Directors, which includes former NSA Director Lt. General Kenneth A. Minihan. The retired Lt. General seems to have been swayed by the gusher of capital pouring into Endgame in the last several months. Chris Rouland, “co-founder and founding CEO,” is a Georgia Tech grad whose previous experience includes, reassuringly, a stint as Vice President at Lehman Brothers.
America’s economic recovery remains sluggish, the nation might yet default on its debt, but the times they are a-booming for firms such as Endgame that make themselves indispensable within the cyberwar complex. With a report this week listing sixteen firms (including Endgame) among those reaping “eight-figure venture capital deals directed at tech security firms in the past 20 months,” we seem to have a self-reinforcing mechanism at work. It is said that Snowden’s revelations have, ironically, increased the value of the services of these shadowy firms that offer “solutions” to corporate and national security planners worried about their cyber vulnerabilities. While it’s nice to see a bull market for at least one sector of the American economy, one might fail, however, to accept the Panglossian assurance from the chief marketing officer at one of these cash-rich security start-ups: “The cybersecurity market is in a renaissance period that should enable the good guys to leapfrog the bad guys in prevention and detection capabilities.” Such a claim belies not only the improbability that cash or technology alone will best “the bad guys” overseas, but also the enormous risks to American civil liberties posed by the wild west, anything goes lack of regulation and oversight that has created countless Snowdens, snooping on citizens without scrutiny at the behest of the NSA.
Ultimately, where is all of this NSA growth – in numbers, money, facilities, and scope of reach in pursuit of American and foreign data – leading the nation? How, at this juncture, could the genie even be put back into the bottle as far as the restoration of constitutional protections for individuals? As a matter of national security, how much could General Alexander’s empire have helped, given the frustrations U.S. foreign policy has repeatedly faced over the last several years, such as America’s eroding influence, especially in the Middle East? What is to become of the empire when the emperor retires, as Alexander is expected to do next year? Answers are needed, but to get them requires openness to asking the questions, and that has been sorely lacking, not least due to Alexander’s personal contributions to the institutionally ingrained NSA secrecy fetish. It’s time, as Bamford suggests, for sustained congressional investigations of Snowden’s claims “or an independent body, like the 9/11 Commission.” What we do not need is someone like Alexander, inscrutable and unaccountable, amassing such power and wielding it under a cloak of secrecy.
Larry Grubbs is a senior lecturer in the History Department at Georgia State University, and the author of Secular Missionaries: Americans and African Development in the 1960 (University of Massachusetts Press, 2010).