|A SIGINT Agency Has to Look Like Its Target|
A SIGINT Agency Has to Look Like Its Target
Statement for the record by Lieutenant General Michael V. Hayden, USAF Director, National Security Agency/Chief, Central Security Service, Before the Joint Inquiry of the Senate Select Committee on Intelligence and the House Permanent Select Committee on Intelligence. Washington D.C., October 17, 2002. Source: NSA.
Chairman Graham, Chairman Goss, and distinguished members of the Intelligence Committees, thank you for this opportunity to address you today. On behalf of the National Security Agency (NSA), I wish to extend our profound sympathy to the families of the victims and to the survivors of this terrible attack.
We know our responsibilities for American freedom and security at NSA. Our workforce takes the events of September 11, 2001 very personally. By the very nature of their work, our people deeply internalize their mission. This is personal.
Shortly after the attacks on the World Trade Center and the Pentagon, our director of Signals Intelligence (SIGINT) visited and calmed an emotionally shattered counterterrorism (CT) shop. That shop is located near the top floor of one of our high-rise buildings.
For obvious reasons we had tried to move as many folks as possible into the adjacent lower buildings but we could not afford to move the CT shop. When I visited them later that afternoon, not only were they hard at work, they were defiantly tacking up blackout curtains to mask their location. Americans should be proud of these dedicated men and women who serve in the front lines of the war against terrorism.
This inquiry is very important, and it has played an important role for us and for the country in determining why al-Qa’ida was able to attack on that day with little warning and how we can better detect and defeat these kinds of operations in the future. Since April, we have hosted your staff in office spaces at our headquarters. We have shared data with them and—in response to their requests—have made available over 2,750 documents, some 15,000 pages of material, and arranged over 200 face-to-face meetings. We have assigned some of our best people to work full time with them. We have done this because—like you—we are committed to finding the full story of what led up to September 11th and to eliminating systemic problems that hamper our ability to aggressively collect against terrorists.
My goal today is to provide you and the American people with as much insight as possible into three questions:
- (a) What did NSA know prior to September 11th,
- (b) what have we learned in retrospect, and
- (c) what have we done in response?
I will be as candid as prudence and the law allow in this open session. If at times I seem indirect or incomplete, I hope that you and the public understand that I have discussed our operations fully and unreservedly in earlier closed sessions.
You well know the fragility of all that we do and how efforts measured in millions of dollars and thousands of man-years are turned to naught overnight when a story about communications intercepts appears in the press. Such leaks make the intelligence challenges that we face just that much more difficult and costly. A setback of inestimable consequences in the war against terrorism occurred when Usama bin Laden and his key lieutenants stopped using a phone following 1998 press reports of our intercepts.
You are also well aware that the nation’s SIGINT effort has successfully thwarted numerous terrorist attacks in the past. While our successes are generally invisible to the American people, everyone knows when an adversary succeeds. NSA has had many successes, but these are even more difficult to discuss in open session.
- What Did NSA Know Prior to September 11?
So, to the first question: What did NSA know prior to September 11th? Sadly, NSA had no SIGINT suggesting that al-Qa’ida was specifically targeting New York and Washington, D.C., or even that it was planning an attack on U.S. soil. Indeed, NSA had no knowledge before September 11th that any of the attackers were in the United States.
I have briefed the committees on one area where our performance—in retrospect—could have been better. Ms. Hill referred to this in her September 20, 2002 testimony: "Unbeknownst to the CIA, another arm of the intelligence community, the NSA, had information associating Nawaf al-Hazmi with the Bin Laden network. NSA did not immediately disseminate that information, although it was in NSA’s database." This was not some culturally based "failure to share."
As you know, one of our "value added" activities is sorting through vast quantities of data and sharing that which is relevant, in a usable format, with appropriate consumers. In this case, we did not disseminate information we received in early 1999 that was unexceptional in its content except that it associated the name of Nawaf al-Hazmi with al-Qa’ida. This is not to say that we did not know of and report on him and other individuals. We did. In early 2000, at the time of the meeting in Kuala Lumpur, we had the al-Hazmi brothers, Nawaf and Salim, as well as Khalid al-Mihdhar, in our sights. We knew of their association with al Qa'ida, and we shared this information with the community. I've looked at this closely. If we had handled all of the above perfectly, the only new fact that we could have contributed at the time of Kuala Lumpur was that Nawaf's surname (and perhaps that of Salim, who appeared to be Nawaf’s brother) was al-Hazmi.
There is one other area in our pre-September 11th performance that has attracted a great deal of public attention. In the hours just prior to the attacks, NSA did obtain two pieces of information suggesting that individuals with terrorist connections believed something significant would happen on September 11th. This information did not specifically indicate an attack would take place on that day. It did not contain any details on the time, place, or nature of what might happen. It also contained no suggestion of airplanes being used as weapons. Because of the processing involved, we were unable to report the information until September 12th.
To put this into some perspective, throughout the summer of 2001 we had more than 30 warnings that something was imminent. We dutifully reported these, yet none of these subsequently correlated with terrorist attacks. The concept of "imminent" to our adversaries is relative; it can mean soon or simply sometime in the future.
These two reports have become somewhat celebrated so I would like to dwell on them for a moment longer. I will set aside the damage done to intelligence sources and methods when unauthorized information enters the public domain. I will also set aside the impact on the workforce I represent when something it has legitimately kept secret from our adversaries suddenly leaps into the media.
What is missing is a sense of how SIGINT is done. Thousands of times a day, our front-line employees have to answer tough questions like: Who are the communicants? Do they seem knowledgeable? Where in the conversation do key words or phrases come? What is the reaction to these words? What world and cultural events may have shaped these words? (You may recall that Ahmad Shah Masood, head of the Northern Alliance, was killed the day before.) How much of the conversation is dominated by these events and are any of the phrases tied to them?
And, if you were responsible for the management (or oversight) of NSA, you would have to ask other questions like: Where was the information collected? Were any of the communicants targeted? How many calls a day are there from this location? In what languages? Hazzar? Urdu? Pashto? Uzbek? Dari? Arabic? Is there a machine that can sort these out by language for you, or do you have to use a human? If there is such a machine—does it work in a polyglot place where one conversation often comprises several languages? How long does it take NSA to process this kind of material? (After all, we are not the intended recipients of these communications). Does our current technology allow us to process it in a stream or do we have to do it in batches? When the data is processed, how do we review it—oldest to newest or newest first? And aside from how we normally process it, did the sequence change at 08:46 a.m. on September 11th? Without explaining the context in which SIGINT operates, unauthorized disclosures do not inform public discourse; they misshape it.
That summarizes what NSA knew about the hijackers prior to September 11th. We have diligently searched our repositories and we will continue to do so. We will, of course, provide your staff with any and all relevant information we uncover.
- What Has NSA Learned in Retrospect?
Now let me now address the second question. What have we learned in retrospect? The primary lesson is that NSA was indeed on the right path—a path of transformation. Congressional leaders told me at our first meeting more than three years ago that the Agency had fallen behind and was in danger of irrelevance. The challenge was above all technological. As one Congressional leader put it, "You need to hit a home run your first time at bat." The volume, variety and velocity of human communications make our mission more difficult each day. A SIGINT agency has to look like its target. We have to master whatever technology the target is using. If we don’t, we literally don’t hear him; or if we do, we cannot turn the "beeps and squeaks" into something intelligible.
We had competed successfully against a resource-poor, oligarchic, technologically inferior, and overly bureaucratic nation state. Now we had to keep pace with a global telecommunications revolution, probably the most dramatic revolution in human communications since Gutenberg’s invention of movable type.
To be sure, we were still producing actionable SIGINT—in some ways the best we had ever produced—but we were accessing and processing a smaller portion of that which could and should have been available to us. To put it succinctly, we did not know what we did not know. Public commentary on this usually comes at us in the form of "the Agency has failed to keep up with technology." Actually, we have made substantial progress but I would agree that we have a long way to go.
We are digging out of a deep hole. NSA downsized about onethird of its manpower and about the same proportion of its budget in the decade of the 1990s. That is the same decade when packetized communications (the e-communications we have all become familiar with) surpassed traditional communications. That is the same decade when mobile cell phones increased from 16 million to 741 million—an increase of nearly 50 times. That is the same decade when Internet users went from about 4 million to 361 million—an increase of over 90 times. Half as many landlines were laid in the last six years of the 1990s as in the whole previous history of the world. In that same decade of the 1990s, international telephone traffic went from 38 billion minutes to over 100 billion. This year, the world’s population will spend over 180 billion minutes on the phone in international calls alone.
It was clear to us that we had to recapitalize if we were to keep up.
The danger was not that SIGINT would go away, but that it would cease to be an industrial strength source of American intelligence.
It would, we feared, begin to resemble an intelligence boutique: limited product line, limited customer set, and very high unit prices. 22. By the end of the 1990s—with a budget that was fixed or falling and demands from our customers that were unrelenting—we attempted to churn about $200 million per year in our program. This meant taking money away from current, still active, still producing activities and investing those dollars in future capabilities. $200 million per
year was far short of what we needed and, in fact, I could make only about one-third of that number stick as our program went through the Executive Branch and the Congress.
I went public with an aspect of this dilemma in an interview with CBS News that aired on "60 Minutes II" in February 2001. David Martin was pressing me about our technological challenge and he was using al-Qa’ida and Usama bin Laden as his examples. I pointed out that al-Qa’ida did not need to develop a telecommunication system. All it had to do was harvest the products of a three trillion dollar a year telecommunications industry—an industry that had made communications signals varied, global, instantaneous, complex, and encrypted. During that interview, David asked me for an assessment, specifically about al-Qa’ida. I told him: "David, it's a dangerous world out there. I can't guarantee you—in fact, I would refuse to guarantee you— that even if we were at the top of our game, ill things won't happen to Americans. These are very dedicated, very dangerous adversaries.
And we work very hard against them and they obviously work very hard to protect themselves against us."
Shortly after September 11th, I had a meeting of my senior leaders. I asked them the following question: Is there any part of our transformation roadmap that we should change as a result of the
attacks? Unanimously, they responded, "No, but we need to accelerate these changes." With the money the President has requested and Congress has provided, we have done just that. We still have much to do but these committees know better than most the performance of NSA in the current war. I know in my heart that this level of sustained excellence would not have been possible without the business process, organizational, personnel, and operational changes we have set in place and you have supported.
- What Has NSA Done in Response?
The final issue—what have we done in response—will allow me to give some specifics although I may be somewhat limited by the demands of classification. I will use some of the terms that Congress has used with us over the past year.
It was heartening, for example, to hear Congress echo the phrase of our SIGINT Director, Maureen Baginski, in the belief that we need to be "hunters rather than gatherers." She believed and implemented this strategy well before September 11th, and then she applied it with a vengeance to al-Qa’ida after the attacks.
Another part of our strategy for nearly three years has been a shift to a greater reliance on American industry. We have been moving along this path steadily and we have the metrics to show it. As you know, in project GROUNDBREAKER we have already outsourced a significant portion of our information technology so that we can concentrate on mission. We have partnered with academia for our systems engineering. I have met personally with prominent corporate executive officers. (One senior executive confided that the data management needs we outlined to him were larger than any he had previously seen). Three weeks ago we awarded a contract for nearly $300 million to a private firm to develop TRAILBLAZER, our effort to revolutionize how we produce SIGINT in a digital age. And last week we cemented a deal with another corporate giant to jointly develop a system to mine data that helps us learn about our targets. In terms of "buy vs. make" (the term Congress has used), we spent about a third of our SIGINT development money this year making things ourselves. Next year the number will be 17%.
Congress has also said that we had listened in on "large volumes of phone calls from the part of the world where al-Qa’ida was located…but didn’t focus on al-Qa’ida." That is, frankly, uncorrect.
Ms. Hill gives NSA good marks in her report for being aware of the Director of Central Intelligence’s declaration of war on al-Qa’ida.
We were focusing on al Qa’ida. But did we have enough linguists and analysts focused on the problem? Clearly we could have used more, but if these hearings were about a war that had broken out in Korea or a crisis in the Taiwan Straits, if we had been surprised by conflict in South Asia, if we had lost an aircraft over Iraq, or if American forces had suffered casualties in Bosnia or Kosovo—in any of these cases, I would be here telling you that I had not put enough analysts or linguists against the problem. We needed more analysts and linguists across the Agency—period.
In that light, Congress has criticized us for a "failure to recruit," especially to recruit linguists and analysts. Let me try to present the facts on that. NSA recruiting for the decade of the 1990s was indeed minimal. The Agency accomplished the downsizing that was imposed on it in the easiest and most humane way possible—it shut the front door. But as these committees know, we turned the "recruiting corner" in 2000, and 2001 was actually a record year for Agency recruiting, the best in over a decade. On one day alone in February of 2001 we interviewed some 1,700 applicants. Before the attack in September 2001 we had brought more than 600 new people on board. By September 11th, we had reached a pause in our hiring. We had already reached the legally authorized personnel levels you had set.
With your help we have sustained our recruiting efforts in 2002. Well over 800 people have come on board this year and our goal for next year—if Congress gives us the additional billets we have requested—will be 1,500. NSA has received over 73,000 resumes since the 11 September attacks, and we have been very aggressively seeking the best and the brightest. We know we have
a rare opportunity to shape the path of American cryptology for the 21st century.
I want to end by focusing on some comments made in recent hearings about NSA’s "unwillingness" to share information. I need to be clear on this point. We are a SIGINT agency. Our mission in life is to provide information to all source analysts, military commanders, policy makers and others in the U.S. government. Our only measure of merit is the quality and quantity of information that we push out the door every day. As we speak, NSA has over 700 people—not
producing SIGINT—but sitting in our customers’ spaces explaining and sharing SIGINT.
There have been some special concerns raised about our willingness to share SIGINT with law enforcement. The fact is that NSA provides a significant amount of SIGINT to law enforcement every day. FBI headquarters routinely receives some 200 reports daily from us. When this is further distributed within FBI, the recipients may not realize it is SIGINT because it is handled in such a way as to protect sources and methods from being disclosed.
Much has been said in these hearings about a "wall" between intelligence and law enforcement. I will speak only of NSA but I think it fair to say that—historically—we have been able to be more agile in sharing information with some customers (like the Department of Defense) than we have with others (like the Department of Justice). This is not something that we created or chose. For very legitimate reasons, Congress and the courts have erected some barriers that make the sharing with law enforcement more careful, more regulated.
As a practical matter, we have chosen as a people to make it harder to conduct electronic searches for a law enforcement purpose than for a foreign intelligence purpose. This is so because law enforcement electronic searches implicate not only 4th Amendment privacy interests, but also 5th Amendment liberty interests. After all, the purpose of traditional law enforcement activity is to put criminals behind bars.
There is a certain irony here. This is one of the few times in the history of my Agency that the Director has testified in open session about operational matters. The first was in the mid 1970s hen one of my predecessors sat here nearly mute while being grilled by members of Congress for intruding upon the privacy rights of the American people. Largely as a result of those hearings, NSA is governed today by various executive orders and laws and these legal restrictions are drilled into NSA employees and enforced through oversight by all three branches of government.
The second open session was a little over two years ago and I was the Director at that time. During that session the House intelligence committee asked me a series of questions with a single unifying theme: How could I assure them that I was safeguarding the privacy rights of those protected by the U.S. constitution and U.S. law? During that session I even said—without exaggeration on my part or complaint on yours—that if Usama bin Laden crossed the bridge from Niagara Falls, Ontario to Niagara Falls, New York, U.S. law would give him certain protections that I would have to accommodate in the conduct of my mission. And now the third open session for the Director of NSA: I am here explaining what my Agency did or did not know with regard to 19 hijackers who were in this country legally.
When I spoke with our workforce shortly after the September 11th attacks, I told them that free people always had to decide where to draw the line between their liberty and their security, and I noted that the attacks would almost certainly push us as a nation more toward security. I then gave the NSA workforce a challenge: We were going to keep America free by making Americans feel safe again.
Let me close by telling you what I hope to get out of the national dialogue that these committees are fostering. I am not really helped by being reminded that I need more Arabic linguists or by someone second-guessing an obscure intercept sitting in our files that may make more sense today than it did two years ago. What I really need you to do is to talk to your constituents and find out where the American people want that line between security and liberty to be.
In the context of NSA's mission, where do we draw the line between the government's need for CT information about people in the United States and the privacy interests of people located in the United States? Practically speaking, this line-drawing affects the focus of NSA's activities (foreign versus domestic), the standard under which surveillances are conducted (probable cause versus reasonable suspicion, for example), the type of data NSA is permitted to collect and how, and the rules under which NSA retains and disseminates information about U.S. persons.
These are serious issues that the country addressed, and resolved to its satisfaction, once before in the mid-1970's. In light of the events of September 11th, it is appropriate that we, as a country, readdress them. We need to get it right. We have to find the right balance between protecting our security and protecting our liberty. If we fail in this effort by drawing the line in the wrong place, that is, overly favoring liberty or security, then the terrorists win and liberty loses in either case.
Thank you. I look forward to the committees’ questions.
- Biography of Lieutenant General Michael V. Hayden