from Wired Website
Digital Manipulation: Jesse
Lenz
The spring air in the small, sand-dusted town has a soft haze to it, and clumps of green-gray sagebrush rustle in the breeze.
Bluffdale sits in a bowl-shaped valley in the shadow of Utah’s Wasatch Range to the east and the Oquirrh Mountains to the west. It’s the heart of Mormon country, where religious pioneers first arrived more than 160 years ago.
They came to escape the rest of the world, to
understand the mysterious words sent down from their god as revealed on
buried golden plates, and to practice what has become known as “the
principle,” marriage to multiple wives.
The brethren’s complex includes a chapel, a
school, a sports field, and an archive. Membership has doubled since 1978 -
and the number of plural marriages has tripled - so the sect has recently
been looking for ways to purchase more land and expand throughout the town.
Like the pious polygamists, they are focused on deciphering cryptic messages that only they have the power to understand. Just off Beef Hollow Road, less than a mile from brethren headquarters, thousands of hard-hatted construction workers in sweat-soaked T-shirts are laying the groundwork for the newcomers’ own temple and archive, a massive complex so large that it necessitated expanding the town’s boundaries.
Once built, it will be more than five times the
size of the US Capitol.
And instead of listening for words flowing down from heaven, these newcomers will be secretly capturing, storing, and analyzing vast quantities of words and images hurtling through the world’s telecommunications networks.
In the little town of Bluffdale, Big Love and Big Brother have become uneasy neighbors.
and potentially most intrusive intelligence
agency ever.
Under construction by contractors with top-secret clearances, the blandly named Utah Data Center is being built for the National Security Agency.
A project of immense secrecy, it is the final piece in a complex puzzle assembled over the past decade. Its purpose: to intercept, decipher, analyze, and store vast swaths of the world’s communications as they zap down from satellites and zip through the underground and undersea cables of international, foreign, and domestic networks.
The heavily fortified $2 billion center should be up and running in September 2013.
Flowing through its servers and routers and stored in near-bottomless databases will be all forms of communication, including the complete contents of private emails, cell phone calls, and Google searches, as well as all sorts of personal data trails - parking receipts, travel itineraries, bookstore purchases, and other digital “pocket litter.”
It is, in some measure, the realization of the
“total information awareness” program created during the first term of the
Bush administration - an effort that was killed by Congress in 2003 after it
caused an outcry over its potential for invading Americans’ privacy.
The mammoth Bluffdale center will have another important and far more secret role that until now has gone unrevealed. It is also critical, he says, for breaking codes.
And code-breaking is crucial, because much of the data that the center will handle:
...will be heavily encrypted.
According to another top official also involved with the program, the NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US.
The upshot, according to this official:
For the NSA, overflowing with tens of billions of dollars in post-9/11 budget awards, the cryptanalysis breakthrough came at a time of explosive growth, in size as well as in power.
Established as an arm of the Department of Defense following Pearl Harbor, with the primary purpose of preventing another surprise assault, the NSA suffered a series of humiliations in the post-Cold War years. Caught off-guard by an escalating series of terrorist attacks - the first World Trade Center bombing, the blowing up of US embassies in East Africa, the attack on the USS Cole in Yemen, and finally the devastation of 9/11 - some began questioning the agency’s very reason for being.
In response, the NSA has quietly been reborn.
And while there is little indication that its
actual effectiveness has improved - after all, despite numerous pieces of
evidence and intelligence-gathering opportunities, it missed the
near-disastrous attempted attacks by the underwear bomber on a flight to
Detroit in 2009 and by the car bomber in Times Square in 2010 - there is no
doubt that it has transformed itself into the largest, most covert, and
potentially most intrusive intelligence agency ever created.
It has established listening posts throughout the nation to collect and sift through billions of email messages and phone calls, whether they originate within the country or overseas. It has created a supercomputer of almost unimaginable speed to look for patterns and unscramble codes.
Finally, the agency has begun building a place to store all the trillions of words and thoughts and whispers captured in its electronic net. And, of course, it’s all being done in secret.
To those on the inside, the old adage that NSA stands for Never Say Anything applies more than ever.
A swath of freezing fog blanketed Salt Lake City on the morning of January 6, 2011, mixing with a weeklong coating of heavy gray smog.
Red air alerts, warning people to stay indoors unless absolutely necessary, had become almost daily occurrences, and the temperature was in the bone-chilling twenties.
At the city’s international airport, many inbound flights were delayed or diverted while outbound regional jets were grounded.
But among those making it through the icy mist was a figure whose gray suit and tie made him almost disappear into the background. He was tall and thin, with the physique of an aging basketball player and dark caterpillar eyebrows beneath a shock of matching hair.
Accompanied by a retinue of bodyguards, the man
was NSA deputy director Chris Inglis, the agency’s highest-ranking
civilian and the person who ran its worldwide day-to-day operations.
There, in a white tent set up for the occasion, Inglis joined Harvey Davis, the agency’s associate director for installations and logistics, and Utah senator Orrin Hatch, along with a few generals and politicians in a surreal ceremony. Standing in an odd wooden sandbox and holding gold-painted shovels, they made awkward jabs at the sand and thus officially broke ground on what the local media had simply dubbed “the spy center.”
Hoping for some details on what was about to be built, reporters turned to one of the invited guests, Lane Beattie of the Salt Lake Chamber of Commerce.
Did he have any idea of the purpose behind the new facility in his backyard?
For his part, Inglis simply engaged in a bit of double-talk, emphasizing the least threatening aspect of the center:
While cybersecurity will certainly be among the areas focused on in Bluffdale, what is collected, how it’s collected, and what is done with the material are far more important issues.
Battling hackers makes for a nice cover - it’s easy to explain, and who could be against it?
Then the reporters turned to Hatch, who proudly described the center as,
And then there was this anomaly:
In fact, the official who’d originally introduced the data center, at a press conference in Salt Lake City in October 2009, had nothing to do with cybersecurity.
It was Glenn A. Gaffney, deputy director
of national intelligence for collection, a man who had spent almost his
entire career at
the CIA. As head of collection for the intelligence
community, he managed the country’s human and electronic spies.
The plans for the center show an extensive security system:
Inside, the facility will consist of four 25,000-square-foot halls filled with servers, complete with raised floor space for cables and storage. In addition, there will be more than 900,000 square feet for technical support and administration.
The entire site will be self-sustaining, with fuel tanks large enough to power the backup generators for three days in an emergency, water storage with the capability of pumping 1.7 million gallons of liquid per day, as well as a sewage system and massive air-conditioning system to keep all those servers cool.
Electricity will come from the center’s own
substation built by Rocky Mountain Power to satisfy the 65-megawatt power
demand. Such a mammoth amount of energy comes with a mammoth price tag -
about $40 million a year, according to one estimate.
As a result of this “expanding array of theater
airborne and other sensor networks,” as a 2007 Department of Defense report
puts it, the Pentagon is attempting to expand its worldwide communications
network, known as the Global Information Grid, to handle yottabytes (1024
bytes) of data. (A yottabyte is a septillion bytes - so large that no one
has yet coined a term for the next higher magnitude.)
In terms of scale, Eric Schmidt, Google’s former CEO, once estimated that the total of all human knowledge created from the dawn of man to 2003 totaled 5 exabytes.
And the data flow shows no sign of slowing.
In
2011 more than 2 billion of the world’s 6.9 billion people were connected to
the Internet. By 2015, market research firm IDC estimates, there will be 2.7
billion users. Thus, the NSA’s need for a 1-million-square-foot data
storehouse. Should the agency ever fill the Utah center with
a yottabyte of
information, it would be equal to about 500 quintillion
(500,000,000,000,000,000,000) pages of text.
This includes password-protected data, US and foreign government communications, and noncommercial file-sharing between trusted peers.
With its new Utah Data Center, the NSA will at last have the technical capability to store, and rummage through, all those stolen secrets.
The question, of course, is how the agency defines who is, and who is not, “a potential adversary.”
Before yottabytes of data from the deep web and elsewhere can begin piling up inside the servers of the NSA’s new center, they must be collected.
To better accomplish that, the agency has undergone the largest building boom in its history, including installing secret electronic monitoring rooms in major US telecom facilities.
Controlled by the NSA, these highly secured spaces are where the agency taps into the US communications networks, a practice that came to light during the Bush years but was never acknowledged by the agency.
The broad outlines of the so-called warrantless-wiretapping program have long been exposed - how the NSA secretly and illegally bypassed the Foreign Intelligence Surveillance Court, which was supposed to oversee and authorize highly targeted domestic eavesdropping; how the program allowed wholesale monitoring of millions of American phone calls and email.
In the wake of the program’s exposure, Congress passed the FISA Amendments Act of 2008, which largely made the practices legal.
Telecoms that had agreed to participate in the
illegal activity were granted immunity from prosecution and lawsuits. What
wasn’t revealed until now, however, was the enormity of this ongoing
domestic spying program.
William Binney was a senior NSA crypto-mathematician largely responsible for automating the agency’s worldwide eavesdropping network. A tall man with strands of black hair across the front of his scalp and dark, determined eyes behind thick-rimmed glasses, the 68-year-old spent nearly four decades breaking codes and finding new ways to channel billions of private phone calls and email messages from around the world into the NSA’s bulging databases.
As chief and one of the two cofounders of the
agency’s Signals Intelligence Automation Research Center, Binney and his
team designed much of the infrastructure that’s still likely used to
intercept international and foreign communications.
Instead it chose to put the wiretapping rooms at key junction points throughout the country - large, windowless buildings known as switches - thus gaining access to not just international communications but also to most of the domestic traffic flowing through the US.
The network of intercept stations goes far beyond the single room in an AT&T building in San Francisco exposed by a whistle-blower in 2006.
The eavesdropping on Americans doesn’t stop at the telecom switches.
To capture satellite communications in and out of the US, the agency also monitors AT&T’s powerful earth stations, satellite receivers in locations that include Roaring Creek and Salt Creek.
Tucked away on a back road in rural Catawissa, Pennsylvania, Roaring Creek’s three 105-foot dishes handle much of the country’s communications to and from Europe and the Middle East.
And on an isolated stretch of land in remote Arbuckle, California, three similar dishes at the company’s Salt Creek station service the Pacific Rim and Asia.
The former NSA official held his thumb and forefinger close together: “We are that far from a turnkey totalitarian state.”
Binney left the NSA in late 2001, shortly after the agency launched its warrantless-wiretapping program.
Binney says Stellar Wind was far larger than has been publicly disclosed and included not just eavesdropping on domestic phone calls but the inspection of domestic email.
At the outset the program recorded 320 million calls a day, he says, which represented about 73 to 80 percent of the total volume of the agency’s worldwide intercepts. The haul only grew from there.
According to Binney - who has maintained close
contact with agency employees until a few years ago - the taps in the secret
rooms dotting the country are actually powered by highly sophisticated
software programs that conduct “deep packet inspection,” examining Internet
traffic as it passes through the 10-gigabit-per-second cables at the speed
of light.
Any communication that arouses suspicion,
especially those to or from the million or so people on agency watch lists,
are automatically copied or recorded and then transmitted to the NSA.
Once a name is entered into the Narus database, all phone calls and other communications to and from that person are automatically routed to the NSA’s recorders.
He adds,
And when Bluffdale is completed, whatever is
collected will be routed there for storage and analysis.
As of 2007, AT&T had more than 2.8 trillion records housed in a database at
its Florham Park, New Jersey, complex.
After he left the NSA, Binney suggested a system for monitoring people’s communications according to how closely they are connected to an initial target.
The further away from the target - say you’re just an acquaintance of a friend of the target - the less the surveillance.
But the agency rejected the idea, and, given the massive new storage facility in Utah, Binney suspects that it now simply collects everything.
And the agency is gathering as much as it can.
Thus, as data like bookstore receipts, bank
statements, and commuter toll records flow in, the NSA is able to paint a
more and more detailed picture of someone’s life.
According to Adrienne J. Kinne, who worked both before and after 9/11 as a voice interceptor at the NSA facility in Georgia, in the wake of the World Trade Center attacks,
Even journalists calling home from overseas were included.
Kinne found the act of eavesdropping on innocent fellow citizens personally distressing.
In secret listening rooms nationwide, NSA software examines
every email, phone call, and tweet as they zip
by.
But there is, of course, reason for anyone to be distressed about the practice.
Once the door is open for the government to spy on US citizens, there are often great temptations to abuse that power for political purposes, as when Richard Nixon eavesdropped on his political enemies during Watergate and ordered the NSA to spy on antiwar protesters.
Those and other abuses prompted Congress to enact prohibitions in the mid-1970s against domestic spying. Before he gave up and left the NSA, Binney tried to persuade officials to create a more targeted system that could be authorized by a court.
At the time, the agency had 72 hours to obtain a legal warrant, and Binney devised a method to computerize the system.
But such a system would have required close coordination with the courts, and NSA officials weren’t interested in that, Binney says.
Instead they continued to haul in data on a grand scale.
Asked how many communications - ”transactions,” in NSA’s lingo
- the agency has intercepted since 9/11, Binney estimates the number at
“between 15 and 20 trillion, the aggregate over 11 years.”
He and another former senior NSA analyst, J. Kirk Wiebe, tried to bring the idea of an automated warrant-approval system to the attention of the Department of Justice’s inspector general.
They were given the brush-off.
Sitting in a restaurant not far from NSA headquarters, the place where he spent nearly 40 years of his life, Binney held his thumb and forefinger close together.
There is still one technology preventing untrammeled government access to private digital data: strong encryption. Anyone - from terrorists and weapons dealers to corporations, financial institutions, and ordinary email senders - can use it to seal their messages, plans, photos, and documents in hardened data shells.
For years, one of the hardest shells has been the Advanced Encryption Standard, one of several algorithms used by much of the world to encrypt data.
Available in three different strengths - 128 bits, 192 bits, and 256 bits - it’s incorporated in most commercial email programs and web browsers and is considered so strong that the NSA has even approved its use for top-secret US government communications.
Most experts say that a so-called brute-force
computer attack on the algorithm - trying one combination after another to
unlock the encryption - would likely take longer than the age of the
universe. For a 128-bit cipher, the number of trial-and-error attempts would
be 340 undecillion (1036).
That kind of cryptanalysis requires two major ingredients: super-fast computers to conduct brute-force attacks on encrypted messages and a massive number of those messages for the computers to analyze.
The more messages from a given target, the more likely it is for the computers to detect telltale patterns, and Bluffdale will be able to hold a great many messages.
According to the official, these experts told then-director of national intelligence Dennis Blair,
It was a candid admission. In the long war
between the code breakers and the code makers - the tens of thousands of
cryptographers in the worldwide computer security industry - the code
breakers were admitting defeat.
Dubbed the High Productivity Computing Systems program, its goal was to advance computer speed a thousand-fold, creating a machine that could execute a quadrillion (1015) operations a second, known as a petaflop - the computer equivalent of breaking the land speed record.
And as with the Manhattan Project, the venue chosen for the supercomputing program was the town of Oak Ridge in eastern Tennessee, a rural area where sharp ridges give way to low, scattered hills, and the southwestward-flowing Clinch River bends sharply to the southeast. About 25 miles from Knoxville, it is the “secret city” where uranium- 235 was extracted for the first atomic bomb. A sign near the exit read: what you see here, what you do here, what you hear here, when you leave here, let it stay here.
Today, not far from where that sign stood, Oak Ridge is home to the Department of Energy’s Oak Ridge National Laboratory, and it’s engaged in a new secret war.
But this time, instead of a bomb of almost
unimaginable power, the weapon is a computer of almost unimaginable speed.
But in reality there would be two tracks,
It was an expensive undertaking, but one the NSA
was desperate to launch.
The supercomputer center was named in honor of George R. Cotter, the NSA’s now-retired chief scientist and head of its information technology program.
Not that you’d know it.
At the DOE’s unclassified center at Oak Ridge, work progressed at a furious pace, although it was a one-way street when it came to cooperation with the closemouthed people in Building 5300.
Nevertheless, the unclassified team had its
Cray
XT4 supercomputer upgraded to a warehouse-sized
XT5. Named Jaguar for its
speed, it clocked in at 1.75 petaflops, officially becoming the world’s
fastest computer in 2009.
The NSA’s machine was likely similar to the unclassified Jaguar, but it was much faster out of the gate, modified specifically for cryptanalysis and targeted against one or more specific algorithms, like the AES.
In other words, they were moving from the
research and development phase to actually attacking extremely difficult
encryption systems. The code-breaking effort was up and running.
The reason?
In addition to giving the NSA access to a tremendous amount of Americans’ personal data, such an advance would also open a window on a trove of foreign secrets.
While today most sensitive communications use the strongest encryption, much of the older data stored by the NSA, including a great deal of what will be transferred to Bluffdale once the center is complete, is encrypted with more vulnerable ciphers.
breaking a key encryption algorithm - opening up
hoards of data.
That, he notes, is where the value of Bluffdale, and its mountains of long-stored data, will come in.
What can’t be broken today may be broken tomorrow.
The danger, the former official says, is that
it’s not only foreign government information that is locked in weaker
algorithms, it’s also a great deal of personal domestic communications, such
as Americans’ email intercepted by the NSA in the past decade.
The AES made its first appearance in 2001 and is expected to remain strong and durable for at least a decade. But if the NSA has secretly built a computer that is considerably faster than machines in the unclassified arena, then the agency has a chance of breaking the AES in a much shorter time.
And with Bluffdale in operation, the NSA will
have the luxury of storing an ever-expanding archive of intercepts until
that breakthrough comes along.
They cited the necessity to keep up with and surpass China and Japan.
The reason was clear:
But the real competition will take place in the classified realm.
To secretly develop the new exaflop (or higher) machine by 2018, the NSA has proposed constructing two connecting buildings, totaling 260,000 square feet, near its current facility on the East Campus of Oak Ridge.
Called the Multiprogram Computational Data Center, the buildings will be low and wide like giant warehouses, a design necessary for the dozens of computer cabinets that will compose an exaflop-scale machine, possibly arranged in a cluster to minimize the distance between circuits.
According to a presentation delivered to DOE employees in 2009, it will be an “unassuming facility with limited view from roads,” in keeping with the NSA’s desire for secrecy.
And it will have an extraordinary appetite for electricity, eventually using about 200 megawatts, enough to power 200,000 homes.
The computer will also produce a gargantuan
amount of heat, requiring 60,000 tons of cooling equipment, the same amount
that was needed to serve both of the World Trade Center towers.
That project, due in 2013, will upgrade the Jaguar XT5 into an XK6, codenamed Titan, upping its speed to 10 to 20 petaflops. Yottabytes and exaflops, septillions and undecillions - the race for computing speed and data storage goes on.
In his 1941 story “The Library of Babel,” Jorge Luis Borges imagined a collection of information where the entire world’s knowledge is stored but barely a single word is understood.
In Bluffdale the NSA is constructing a library on a scale that even Borges might not have contemplated.
And to hear the masters of the agency tell it,
it’s only a matter of time until every word is illuminated.
|