That is no doubt true. Al Qaeda has demonstrated an ability to exploit the internet for its own purposes. Certainly its not much of a stretch, if any at all, to further assume that their knowledge is sufficient to be aware of the
risk of interception on land-line networks that use US routing. At this level, it isn't rocket science.
But, I have to reiterate a suspicion - not a belief, my knowledge of the program is insufficient to go that far - that we still don't know enough to fathom the full details of why this program is what it is. Risen's arguments make sense on a surface level, but only if there is more to it below the surface.
To try to get a bit below the surface, consider these comments (via
Ars Technica):
• Attorney General Alberto Gonzales, telling reporters why Bush didn't simply ask Congress to pass a law making the program clearly legal: "We've had discussions with members of Congress, certain members of Congress, about whether or not we could get an amendment to FISA, and we were advised that that was not likely to be - that was not something we could likely get, certainly
not without jeopardizing the existence of the program, and therefore, killing the program."
• President Bush, answering questions at Monday's press conference: "We use FISA still....But FISA is for long-term monitoring....There is
a difference between detecting so we can prevent, and monitoring. And it's important to know the distinction between the two....We used the [FISA] process to monitor. But also....we've got to be able to detect and prevent."
• Senator Jay Rockefeller, in a letter to Dick Cheney after being briefed on the program in 2003: "As I reflected on the meeting today, and the future we face, John Poindexter's TIA project sprung to mind, exacerbating my concern regarding the
direction the Administration is moving with regard to security, technology, and surveillance."
• Former Senator Bob Graham, from a
WP article: "I came out of the room with the full sense that
we were dealing with a change in technology but not policy," Graham said, with new opportunities to intercept overseas calls that passed through U.S. switches.
Taken individually, these comments are pretty innocuous, but together, pretty strong hints of new technology. Certainly, the government has been trying to use new technology, like database tech and voice recognition, for domestic surveillance for a long time, since well before the Bush administration came into office.
The domestic electronic surveillance ball really got rolling under the Clinton administration, with the 1994 Communications Assistance for Law Enforcement Act (CALEA). CALEA mandated that the telcos aid wiretapping by installing remote wiretap ports onto their digital switches so that the switch traffic would be available for snooping by law enforcement. After CALEA passed, the FBI no longer had to go on-site with wiretapping equipment in order to tap a line—they could monitor and digitally process voice communications from the comfort of the home office. (The FCC has recently ruled that CALEA covers VOIP services, which means that providers like Vonage will have to find a way to comply.)
CALEA opened up a huge can of worms, and (again via
Ars Technica), PGP creator Phil Zimmermann sounded the alarm back in 1999 about where the program was headed:
"A year after the CALEA passed, the FBI disclosed plans to require the phone companies to build into their infrastructure the capacity to simultaneously wiretap 1 percent of all phone calls in all major U.S. cities. This would represent more than a thousandfold increase over previous levels in the number of phones that could be wiretapped. In previous years, there were only about a thousand court-ordered wiretaps in the United States per year, at the federal, state, and local levels combined. It's hard to see how the government could even employ enough judges to sign enough wiretap orders to wiretap 1 percent of all our phone calls, much less hire enough federal agents to sit and listen to all that traffic in real time. The only plausible way of processing that amount of traffic is a massive Orwellian application of automated voice recognition technology to sift through it all, searching for interesting keywords or searching for a particular speaker's voice. If the government doesn't find the target in the first 1 percent sample, the wiretaps can be shifted over to a different 1 percent until the target is found, or until everyone's phone line has been checked for subversive traffic. The FBI said they need this capacity to plan for the future. This plan sparked such outrage that it was defeated in Congress. But the mere fact that the FBI even asked for these broad powers is revealing of their agenda."
Ring any bells for you?
The salient points that Zimmermann makes are these:
• In 1995, back when the Pentium Pro was hot stuff, the FBI requested the legal authorization to do very high-volume monitoring of digital calls.
• There's no way for the judicial system to approve warrants for the number of calls that the FBI wanted to monitor.
• The agency could never hire enough humans to be able to monitor that many calls simultaneously, which means that they'd have to use voice recognition technology to look for "hits" that they could then follow up on with human wiretaps.
It is entirely possible that the NSA technology at issue here is some kind of high-volume, automated voice recognition and fuzzy logic, neural network pattern matching system. Now, could all international calls be monitored with such a system, or anything like that? Maybe, maybe not. More likely, the NSA could very easily narrow down the amount of phone traffic that they'd have to a relatively small fraction of international calls with some smart filtering. First, they'd only monitor calls where one end of the connection is in a country of interest. Then, they'd only need the ability to do a roving random sample of a few seconds from each call in that already greatly narrowed pool of calls. As Zimmermann describes above, you monitor a few seconds of some fraction of the calls looking for "hits," and then you move on to another fraction. If a particular call generates a hit, then you zero in on it for further real-time analysis and possible human interception. All the calls can be recorded, cached, and further examined later for items that may have been overlooked in the real-time analysis.
In a recent press conference, Deputy Director for National Intelligence Michael Hayden said the following (via
Defensetech):
“And here the key is not so much persistence as it is agility. It's a quicker trigger. It's a subtly softer trigger. And the intrusion into privacy -- the intrusion into privacy is significantly less. It's only international calls. The period of time in which we do this is, in most cases, far less than that which would be gained by getting a court order.”
The "softer trigger" here is a phrase that's on a watch list, or a call with an abnormally high volume of a certain type of vocabulary. The "agility" bit is a reference to the technology's ability to move from call to call, taking small slices. That's also probably what's behind the claim that the technology is less intrusive than a traditional wiretap, because the time slices are very short.
This sounds pretty much like what has been described above. Moreover, its consistent with Risen's descriptions emphasizing the apparent importance NSA has attached to calls routed through the US switching systems. And yes, this kind of real-time voice recognition, crude semantic parsing and pattern matching is doable with today's technology, especially when you have a budget like the NSA.