NSA eavesdropping: How it might work

Attorney General Gonzales plays it mum, but others offer insights into the agency's surveillance options.

This is the second in a two-part series. Part one appeared Monday: A survey asking telecommunications and Internet companies if they cooperated with the National Security Agency.

WASHINGTON--Even a panel of determined senators couldn't convince Attorney General Alberto Gonzales to divulge much about how the massive surveillance program conducted by the National Security Agency actually works.

Gonzales told a Senate committee on Monday that he was not "here to discuss the operational details of that program or any other classified activity." He refused to answer a series of questions such as the number of people who have been wiretapped, the safeguards put into place, and how many NSA analysts are involved in the operation.

News.context

What's new:
General Alberto Gonzales refused to divulge much about how the massive surveillance program conducted by the National Security Agency actually works.

Bottom line:
A series of interviews reveals how the program may work, including buddying up to a company with access to cables, tapping transoceanic cables on land and even underwater.

More stories on the NSA program

But a series of interviews of technical experts by CNET News.com during the last few weeks may shed some light on how the program--authorized by President Bush soon after Sept. 11, 2001--works in practice.

It's hardly a secret that the NSA specializes in electronic surveillance, called communications intelligence in the vernacular of spies. Author James Bamford's 1982 book, "The Puzzle Palace," documented how the NSA created hundreds of "intercept stations"--ultrasophisticated, hypersensitive radio receivers designed to pluck both military signals and civilian telephone calls out of the air.

That worked well enough when the bulk of international communications were transmitted by bouncing them off satellites. Today, however, an undersea web of fiber-optic cables spans the globe--and those carry the vast majority of voice and data that leave the United States.

Jim Hayes, president of the Fiber Optic Association, a California-based professional organization, says 99 percent of the world's long-distance communications travel through fiber links. The remaining 1 percent, he says, are satellite-based, mainly in places like Africa, South America and less developed parts of Asia.

It's easiest to tap those underwater cables when they make landfall instead of trying to do it underwater, analysts say.

Alberto Gonzales
Credit: Anne Broache
Attorney General Alberto Gonzales
fields questions from senators on
Monday.

"On land, it's not nearly as difficult," said Tim Chovanak, a defense consultant who specializes in network taps and digital forensics. "The easiest thing to do would be to somehow get an agreement with a provider and just simply co-exist in a building, one of the main fiber stations, (peering) points or whatever. In other words, work out something with either a long-haul provider or with an employee."

A survey conducted by CNET News.com and published Monday found not one provider willing to acknowledge participation, with backbone providers being among the most reticent. An article in USA Today on Monday said AT&T, MCI and Sprint were cooperating with the NSA. In addition, AT&T is facing a class action lawsuit filed this week that alleges cooperation with the NSA in violation of federal law.

If a backbone provider cooperated, it would be legally tricky. Under federal law, any person or company who helps someone "intercept any wire, oral, or electronic communication"--unless specifically authorized by law--could face criminal charges. Even if cooperation is found to be legal, it could be embarrassing to acknowledge opening up customers' private communications to the perusal of a spy agency. From a technical perspective, though, a provider's willing cooperation would make tapping a cinch--at least for an organization with the resources and determination of the NSA. Undersea fibers in use today tend to run in the single to hundreds of gigabits-per-second range, according to a prepared by TeleGeography Research, which amounts to a manageable amount of traffic that could be forwarded to a surveillance station through a second fiber-optic cable and archived for future analysis.

Videos:
Click here to Play

No warrant required
Attorney General Alberto Gonzales testifies.

Click here to Play

Is NSA spying legal?
Sen. Patrick Leahy
attacks NSA spying.


Click here to Play

Examining wiretaps
Sen. Arlen Specter
quizzes Gonzales.

What remains unclear are the physical locations of the NSA's backdoor into the telecommunications network. One possibility is that the taps are near where the submarine cable makes landfall, which would lend credence to the Bush administration's claims of tapping only international traffic. Another is that they're all over the U.S., but are programmed to pay attention only to traffic with a source or destination Internet address that's overseas.

"If you're talking about how many messages or how much bandwidth went through, if you're talking about monitoring the nature of the traffic or actually inspecting the payload, those are all possible," said John Jay, manager of application engineering at fiber and network hardware maker Corning, speaking about intercepts in general. "It's almost always done after the (light) signal is converted back to an electronic medium."

Phill Shade, a network engineer for WildPackets who is the company's director of international support services, says such interception would be easy, at least for the NSA. WildPackets sells network analysis software.

An eavesdropper could just "take something off the shelf and use it to make copies of traffic and just save the copies," Shade said. "Our software captures packets; the data recorder stores terabytes of information. We use it for forensic analysis and troubleshooting networks. When you call back and say, 'I was hacked Tuesday night at 11:30,' we look back and see what was going on Tuesday night."

Making sense of that massive volume of data is not exactly trivial. While it may be easy to perform keyword searches and identify flagged names and phone numbers, detailed analysis typically takes human intervention. "For the near future, at least, our ability to gather info through various surreptitious and open means is going to be a lot better than our ability to analyze it," said Richard Hunter, vice president of executive programs at Gartner Group.

Straddling international data links
Because of the way that the Internet backbone and the telecommunication network are structured, NSA operatives likely would not have to leave the country to install taps. The vast majority of Internet traffic is routed through switches on American soil, which can be directly monitored with (or without) the cooperation of backbone providers.

"The U.S. does continue to play a major role in connecting the regions of the world together," said Alan Mauldin, a researcher for the firm TeleGeography, which tracks global Internet traffic. "For example, Internet traffic going between Latin America and Asia or Latin America and Europe is entirely routed through the U.S."

In 2005, an estimated 94 percent of that "inter-regional" traffic passed through U.S. switches, Mauldin said. Many other communications links run around in the U.K., a country that has a history of sharing communications intelligence with U.S. spy agencies.

NSA Click

That's a boon to the NSA, which reportedly carries out its surveillance activities in a "wholesale" way. That means it potentially scoops up millions of phone calls and e-mail messages and feeds the data to its supercomputers--considered some of the most powerful and plentiful in the world--to comb for red flags and people on a so-called watch list.

The agency also likely employs what some experts call "pattern analysis"--that is, screening calls and e-mails not so much for their content but for hints about the identities of the callers and e-mailers and their contacts. Particularly valuable: data such as how long the call lasts, to whom and what geographic location the communication is being sent, and what time of day it occurs.

Published reports point to the active participation of telecommunications companies. In his book titled "State of War," New York Times reporter James Risen says the NSA has "extremely close relationships with both the telecommunications and computer industries." The Los Angeles Times reported that AT&T has opened its customer information database to the NSA; AT&T says it does not comment on matters of "national security."

If the participating companies developed cold feet because of congressional scrutiny or class-action lawsuits, however, the NSA could conduct land-based wiretaps without the companies' participation, consultant Chovanak said. "There are things you can do without working with the providers," he said. "Every six miles on a fiber, there are tap points, and about every 50 miles there are repeaters, which are frequently going to be located in a small building in the middle of nowhere."

Tapping fiber a tricky business
Another option is more clandestine: listening in on a fiber-optic cable without inside help. For many years such a feat was considered to be virtually impossible--mainly because the strands of fiber are so fine that any tampering might disrupt the signal and prevent it from arriving at its intended destination.

That can be done by bending the fiber, to cause some light to leak, or by physically splicing into it. "It's very hard to do that without the recipient realizing the signal is being intercepted," said Corning's Jay, who estimates that it's difficult but not impossible. "It's hard to do without breaking the fiber... It's hard to imagine doing that in a way that doesn't greatly risk damaging the fiber."

Tapping copper cables, on the other hand, is far easier. When a phone wire or other electrical conductor carries a current, an electrical field is generated around the conductor. It's possible for a sufficiently sensitive device to measure the fields without actually splicing into the metal of the conductor. (Optical fiber doesn't generate electrical fields.)

Shade, the WildPackets engineer, said that "fiber-optic splitters are readily available on the commercial market." But he cautioned that any would-be eavesdropper must be extremely careful not to break the fiber strands.

"I think that's where a lot of the perception that fiber is untappable came from, was the difficulty of successfully handling the fiber without breaking it or seriously degrading its performance, because fiber is very temperamental," he said. "It's not like good old phone cable that you just throw down on the ground."

Experts say such a task requires extreme skill. "I would put myself on the side of those who say it's not so easy" to splice into fiber cables, said Ira Jacobs, a professor of electrical engineering at Virginia Tech. "I can access the individual fiber, I don't have to break the fiber and physically put in a tap. If I bend the fiber, I can get some leakage, but I have to access the fiber, I have to strip away other parts of the cable. It is not easy to do in a nonintrusive way."

The difficult task of underwater tapping
Tapping fiber cables while they're underwater transforms an already delicate process into one requiring exquisite surgical precision and skill.

The Wall Street Journal reported in May 2001 that the Navy had decided to spend 5 years and $1 billion to retrofit the USS Jimmy Carter submarine to make it capable of conducting fiber taps on the high seas. Specialized surface ships used by cable companies to repair breaks already have such facilities.

Making that task even more difficult is the high-voltage electrical cable that accompanies the fiber core and powers signal amplifiers dotted along the floor of the ocean. If water touches the electrical conductor during the splicing process, it could cause a huge short-circuit and set off alarms.

"You've got high energy in that fiber, so the capsule that the submarine uses is specifically designed to insulate the piece of cable that's being worked on and allows them to more effectively work on the power cables that are off limits," said Seth Page, the chief executive of Oyster Optics, which sells products to protect against optical tapping. "Because the last thing you want to do is accidentally open a power cable."

That's why the NSA probably reserves underwater, submarine-based tapping for cables that do not make landfall in the U.S.--such as the one linking the Middle East with India and Pakistan, Page believes. Underwater taps "can definitely happen, and I guarantee you it does happen from a higher level military point of view, such as for sensitive information coming out of China and Russia," he said.

Close
Drag
Autoplay: ON Autoplay: OFF