The NSA preferred a much more expensive system of bulk collection of foreign data. That was a fatal choice as it deprived the NSA of understanding what it was monitoring and this permitted the planning of 9/11 to escape them, not to mention the surveilling of American citizens, which is unconstitutional.
William Binney was the Technical Director of America’s National Security Agency (the NSA) who resigned immediately after 9/11 for reasons he explains in this exchange. He came to the UK to speak at an Oxford Union debate and I met up with him and Duncan Campbell the next day, 21 February 2014. We had a fascinating, lengthy conversation cum interview, which was transcribed by Ties Ramekers. Most of the discussion by Duncan and me has been stripped out, the material has been reordered and then approved by Binney for publication.
William Binney was the Technical Director of America’s National Security Agency (the NSA) who resigned immediately after 9/11 for reasons he explains in this exchange. He came to the UK to speak at an Oxford Union debate and I met up with him and Duncan Campbell the next day, 21 February 2014. We had a fascinating, lengthy conversation cum interview, which was transcribed by Ties Ramekers. Most of the discussion by Duncan and me has been stripped out, the material has been reordered and then approved by Binney for publication. I want to thank Duncan especially for arranging the meeting.
On the first anniversary of Edward Snowden’s revelations, openDemocracy intends to expand its in-depth exploration of the significance of surveillance for the future of humanity across the globe. This exchange follows on from yesterday’s with General Michael Hayden who was the Director of the NSA when William Binney resigned.
I’m interested in surveillance and whether there really is effective mass surveillance taking place. It is said that you helped to develop how it could be done but then resigned from the National Security Agency (the NSA) when they started to apply collecting data on Americans. So could we begin with an introduction?
I worked in the Army Security Agency during the Vietnam War, from 1965 to 70 then joined the NSA. I started out doing traffic analysis for them. This evolved into data system analysis and cryptography systems and code analysis and I became the NSA technical director in mid ’97 running an operations centre with about 6,000 analysts doing reporting and analysis for NSA.
Does that involve breaking encryption?
It’s more like designing systems to manage or solve problems. I had to know the technologies involved and the systems involved. I got away from breaking systems to designing systems to defining the issues to solve. Part of that, I guess, was leveraging all the background I had in cryptology and codes and data systems.
You began doing this before the internet existed?
Oh yeah, there’s nothing different here. I mean, all of this social networking goes back to the Civil War in the United States. It’s the technique that the Pinkertons used to reconstruct the Confederate spy network in Washington. They would look who visited who and put together the relationships of people visiting one another. That was a social network. The same principle as if they were phoning each other, or emailing. In the World Wars it became ‘network reconstruction’, and after that it became ‘contact chaining’, now, label-wise its evolved into social networking.
But something profound about the way we humans relate has changed with the internet.
Actually, the only difference I saw was everything becoming standard. The world was adopting one standard. That made all the analysis and dealing with the data much easier. Because once you had the standard and you solved the problem for the standard, you solved it for the world.
Easier? One of the arguments used to defend mass surveillance is that the days of having to break into say a Soviet naval frequency is over, the internet allows much more anonymizing, and therefore it is harder and you need to track more. Also the net is leading to a transformation of the way we relate to each other as human beings.
That’s from a human interactive perspective. The cryptologist’s perspective is different. It’s how do I solve these things? If everything is being made standard, that makes it a lot easier. Take for example the public switch telephone network. This divides the globe into nine zones, with numbering scheme allows you to determine anywhere in the world who is communicating with whom. This is all run by machines with automatic switches, so the numbers tell you the connection from end to end. That’s how caller ID works. It is the same with the fibre optic networks and the use of internet across them, it’s a simple matter of the international standards of assigned internet protocol numbers, IP version 4 and 6. Version 4 is a 32 total bit set of 4 numbers, from 0 to 255. 6 is a 4x32 set so it’s a much larger. Blocks are allocated to just five zones, subdivided down to countries and then service providers who assign the device number. It is the same as routing for the public switch telephone network. Every device on the network has a machine access code. Almost two billion machines are on the network now, something like that. All are numbered which gives you the ability to trace it all.
The volume of activities and communications between people has certainly changed. But from the cryptologist’s side, everything is standard so I can manage it so much easier. In the analogue world, every country was different. Within every country services were different. Whether it was the police, the military, navy, army, air force, all those things were different. You had to deal with so many different things, and each of them had their own systems, so you had to solve each of them. So it was much more complex and more difficult to work with. Now we have a standard for the entire world. I have solved the standard? Then I have solved the whole world. That is the cryptology part.
But between the 1980s and now the magnitude has changed hugely.
Yes, the magnitude is a different thing, the magnitude is a big change: the volume of data. But the standardisation has made it so much easier to deal with the volume. That’s why when we solved this problem in the 90s, we said ‘volume, velocity, variety’: volume means you get more information to look at, to find more data about your target. Velocity: you get it faster. Variety: you get more aspects of it. All those things were positive, and all those things we leveraged.
And you set about trying to capture this?
When Ed Loomis took over the SARC [the Signals Intelligence Automation Research Center] in 1997, that’s when we started. Ed was working on data acquisition, and I was waiting for Ed to show that it was going to be productive. These people at the NSA had no concept of what was out there in the world. They were still working with T1s and OC3s, you know. That was it. We had to address the input of data. I was looking at stem 64s and things like that which were going to expand. In ’97 it was starting to succeed and I started the effort to do the back end of the programme: stem 1, stem 2, stem 4, stem 16, stem 64. We were aiming at ten gigabit lines. We simply felt that if we could do one fibre, we’d just rack and stack the rest of them one at a time in parallel.
I’m losing you, when you say one fibre, do you mean picking up an optic fibre?
Yeah, taking the entire fibre, 155 megabits a second. We solved it in ’98. And that is where I’m going to tell you my little story (laughs). So we developed it to the point that it could run globally. We had access, of course Duncan knows this, from Bad Aibling. So we thought, “Gee, let’s throw this out there”, and we said, “Guys, why don’t you look at this and tell us what you think”. A tech guy there who was a friend of ours, said: “This is really so great, we gotta put the whole thing on the site”. So he did it on a Friday afternoon without changing the selection, which meant that anything would come through. All he did was replace the software. It started Friday night, and Saturday morning the chief information officer had to call in all kinds of people. He said: “What the hell is going on? The entire database is about to crash.” (laughs). They were being stuffed by so much data from this one site that they couldn’t handle it.
On late Saturday morning, they stopped input on the whole site, they stopped it. I came in Monday morning and when I heard I laughed my ass off. I’d made the point. I just thought it was funny as shit. It almost brought down the entire storage to make these people realise how stupid they’d been and how much was out there.
So you began bulk surveillance of everyone’s data?
In a nutshell, this is what happened. We worked out how to view large volumes of internet messages. Two things stared you in the face: that we would be swamped by the amount and that we would be surveilling American citizens, which is unconstitutional. If you want a good detailed account, and there is a lot of detail, read Jane Mayer on Thomas Drake; he is a a true hero (New Yorker, 23 May 2011). She sets it out. So instead of this we developed an automated process that would bring out relevant issues like phone calls to Afghanistan, while ignoring as much as possible and hiding any American activity, unless very specifically triggered. You could say that the algorithms were designed to access everything yet focus in real time only on what was relevant before collecting and storing data. I can’t say more about this as I am under contract making a film about it with an Austrian film maker. The NSA preferred a much more expensive system of bulk collection of foreign data. That was a fatal choice as it deprived the NSA of understanding what it was monitoring and this permitted the planning of 9/11 to escape them. After 9/11 the NSA went over to bulk surveillance of US citizens as well, using some of our methodology. I retired immediately while trying to warn Congress and the Supreme Court this was unconstitutional, but I could not take any documentation with me. We have had to wait for Snowden for this proof.
There is a lot to understand here! You’re concerned about identifying terrorists and attacks on America.
Right. And you were there during 9/11?
What was your reaction when it happened?
We’d failed. Very simple, we failed. I took my father-in-law to an eye doctor appointment, so I was waiting in the waiting room, while he was getting examined, watching TV, and they showed the pictures. The first plane hit the tower. And I said: “We failed”.
Did you know immediately it was Al-Qaida?
They were large planes hitting easily missed buildings in bright sunlight. What is important is that they had been openly planning it. They emailed the date in a pictogram. They used codes for the targets: the towers were ‘town centre’, the Capitol building was ‘law’, the White House was ‘fine arts’. They were using codes.
You’re saying 9/11 was preventable?
Oh absolutely. We developed code to automatically recognize events, so when those guys came in from the West coast, we would have reported things electronically to everybody who needed to know. It would have picked up all the phone calls they made back to Yemen, no problem. All seven of them, I think they were. I mean, the data was there, but people couldn’t get to it. That was the problem. Our code and rule-based systems would have alerted us automatically as these guys were known targets.
There was no excuse for missing 9/11. None. They had all the data to see it coming, solve it and stop them… and they didn’t do it. It was incompetence. That was the reason we failed. The same reason right now we failed to get the bombers in Boston, the shooter at Fort Hood, the Times Square bomber, just in the United States now. The same reason we couldn’t get those, is the same reason we didn’t get 9/11: incompetence.
But since 9/11 they have created the current system of surveillance that Snowden has revealed, justified as a response to 9/11, to prevent it happening again. Is the incompetence happening now still the same as the incompetence before 9/11?
It is all red herring based. Every argument they use to do it is a red herring.
Can you explain that? Because you would have thought, well, now, with so much being done, it must be at the very least a different kind of incompetence.
No, it’s the same. All it depends on is a human recognising something. That’s where they fail. I mean, you can’t collect terabytes every day and expect humans to find data that’s important out of terabytes. That’s why they have issued the White House big data initiative, which is soliciting industry to come up with algorithms that will automatically go through and find important information in large databases, so that people can look at what’s important. But we solved this fifteen years ago saying there’s no point in collecting it all. It swamps your capacity to identify what you need to know. And it is unconstitutional in its consequences. What they are really doing is stacking up information about everyone for later law-enforcement, it is not primarily about terrorism.
But I’m puzzled by this, it struck me that what is lacking is human intelligence. I thought that what was going wrong at the moment was too much reliance on machines.
It’s the exact reverse. The problem is that people can’t manage volume, and also inconsistencies between analysts, they don’t all necessarily have the same global understanding of the problem, so they don’t all look at it the same way. That’s another factor, which has to do with human frailty and inconsistency - and fatigue working mounds of data. That’s why you can’t depend on people. You have to do most of the analysis automatically by code. That’s my entire thesis prior to 9/11, in fact going back all the way to the 80s, which is when I started this automation stuff. You have to use automation to get the necessary data to the people who are involved.
For operational effectiveness you need a focussed attack on known targets and things that fall into close proximity to them and their social network. This forms a zone of suspicion. It is based on some rules - like, if you have a satellite phone and you’re in the mountains of Afghanistan or in the jungles of Colombia, and it’s highly likely that you’re a terrorist, or a dope dealer. If you frequently visit sites that advocate jihad, or violence against the US, that also would define zones of suspicion. This is the opposite of taking in the entire world, which is what they’re doing. You only take in those zones with a focused selection of information. The issue is the selection of data, not the collection of data.
Collection kills their analysis, because it buries them in so much data. When you do a selective approach, a focused attack, that makes a rich environment for the analysts, and it also gets to a point where volume is manageable. Otherwise it’s not manageable, that’s the problem.
Hence also a budget of $10 billion?
That’s only the NSA fraction. That doesn’t count the SIGINT arms of the military, army, navy, air force, and marines.
Which comes to nearly $55 billion?
That or between $80 and $100 billion for all agencies in the intelligence community
The counterargument from General Hayden is that they have to “make volume our friend”. Starting with metadata.
And they have a clear history of not being able to do that. So they should say there’s something wrong in what we’re doing.
We’ve been going for metadata since I’ve started in 1965. Metadata was the key from the very beginning. The term means data about data. When some engineers came forward with a list of 250 different items of metadata, I looked at them and said: “Gee, that’s nice, that must be engineering metadata”. For us, in analysis, we had thirteen total forms of metadata that we used, that’s it. That’s what we could use for a meaningful interpretation of communications.
If you can integrate all the different metadata, you’re phone is now registering your position, so you’re getting positional metadata with your messages then you start to map someone’s life.
Plus who they relate to, and the type of thinking they have: you can begin to see what they are thinking, as you see those relationships, who they relate to, what these people are all about, what their profession is, if they have a career in, like, medicine, where we can see the kind of things they’re doing. You can even predict the things that they are going to do, which we’ve done, from metadata relationships.
Arms transfers, smuggling, a future offensive by a military, all that.
Duncan Campbell: Some of my work is to do forensic analysis for defendants when their computers have been seized by the police and simply looking at their web transactions as stored on their computer, you see what they are thinking, it’s like you can look inside their minds.
So are you saying, Bill, that it does work? Because up to now you’re saying that they’re just building this huge, massive apparatus of surveillance, which is of no functional purpose whatsoever as it can’t see the terrorist culprits coming.
It is for law enforcement. That’s the purpose of it. The FBI, the DEA, [Drug Enforcement Administration], the Inland Revenue and all their affiliates in countries around the world: they’re using this data for law enforcement. In his interview with you General Hayden says the NSA databases are just about surveillance for foreign intelligence purposes, not law enforcement and this is why it is not like the Stasi. Technically this might even be true about the NSA but it is not being frank about the whole system because law enforcement agencies access and use the databases that the NSA builds. This is a central point as to why the system of surveillance as a whole is so threatening.
OK, but first explain what you think they are actually doing and how it works.
From what I see, and I haven’t been there for twelve years, looking at the Snowden documentation that is coming out on the internet side there is the Upstream programme which is paired with the PRISM programme. There is a slide showing Upstream and PRISM with the comment on the side, ‘you should use both’.
The Upstream is the bulk collection in real time, based on fibre taps and all the other implants they had around the entire world, over 50,000 implants according to a Dutch newspaper, I think it was. That’s the basic data input for near real time acquisition of data. The PRISM is a backup that at the end of the day goes in and says, give me all the data and we’ll fill in the gaps that we didn’t get in the Upstream collection. It’s like filling the missing parts.
Are they scooping up everything?
Yes. Content, everything. On everybody. US citizens, everybody.
You use the metadata to pull the content. There is another slide that maps what they say they are doing.
Duncan Campbell: You can see it as four major databases, two for DNI and two for DNR. DNI stands for Dial Number Recognition, that is phones, and DNI for Digital Network Intelligence, that is the internet. Each has a metadata database is held as a separate thing, because it can be much more effectively searched in its structured data, and that can then be used to pull up content. So you have the phone stuff that is ordinarily collected, one database for content, one for metadata, of everything in the world. Then, any kind of digital communication, which of course are multifarious, they can range from a message, to a video, to a website accession… that has both content and metadata again, so there’s two databases for that.
Access is global?
Access to them is global. It’s the same with Google, they do the same thing. They have eight different banks around the world. When you do a Google query you get results coming back from those eight different banks. It’s like a distributed query.
So anybody the NSA has given access to these databases can access them all over the world?
The NSA lines are encrypted, so you’d have to use equipment that’s connected in that line. It’s supposed to be a closed line, they think it’s closed, it might not be. You know what I mean. It’s like the Pentagon when they had that virus a year or so ago and detected pings to it on the regular web. They said ‘Well, we had the virus in the Pentagon, somebody brought it in on a thumb drive but we didn’t lose any data because our system is closed, so it didn’t do any damage. That means they have an isolated network, which is how the NSA worldwide network works. But they detected a connection of this virus on the web. It’s like a short set of codes that I send to the implant that I have just put in the system that tells the virus to activate and collect data in your system and send it back to me.
You’re saying the Pentagon network is not closed?
No, it is. But they detected the pings to it on the regular web. Which means that an attempt is being made to compromise it and solicit information. Of course they can trace the route it came from, I’m sure they know, but they didn’t say.
Duncan Campbell: One suspects China.
So what you’re saying is that everything is surveyed? Everything is tracked? And it may not even be secure?
Yes, that’s right. And in most cases everything is stored. Recorded and stored.
Well, the metadata is there from October 2001 on. For the content…
Also… International goes much further back.
Is it the case that every phone call I’ve made, and every text email I’ve made, since the nineties when we started openDemocracy, even though I’ve lost them or more important deleted them on my own systems, is stored?
If you want a backup, then you should just send a note asking them to just send you a copy saying ‘I’ve lost them, please, I’ll pay you for it’! Take a look at the slide:
Marina and Mainway hold the metadata for phone and messages with conventional links to a person and a communication. Fallout probably distributes metadata to and from Marina and Mainway. According to commercial advertisements for analysts, It seems about 12,000 analysts are working on this Mainway sector. Conveyance probably separates clear speech from encrypted voice, which is then stored in Nucleon. So far as emails are concerned and digital content, Scissors probably uses the metadata to accesses content in Pinwale.
The important thing which you can see mapped is that while the NSA is doing all this, creating the databases within the dotted line, the FBI and DITU, the Digital Interception and Technology Unit, are accessing them. And along with them the DEA, the Drug Enforcement Agency and its SOD, its Special Operations Division and they pull in the CIA, the IRS [Internal Revenue Service], and others.
And that would be a technical barrier, without that they couldn’t get to it.
No, they wouldn’t have access to a terminal that has access to get to the data. They use the metadata as the index of the content. That’s what I’m saying, when you build all the relationships with social networks going all over the world, then I can point to you, everybody you called, everybody you emailed, and I can pull that out and say: give me all the content that goes with that, that’s all indexed with those relationships.
There’s a paradox here, you started by saying that this system was going to be overwhelmed with data, that it’s failing and continues to fail, and now you’re describing a chilling system which seems to be working very effectively.
Only on a target basis, manually targeted. See, the problem is the vast majority. Unless you know about the target to begin with. The problem is, you can only use the programme to get the data about something you know, when everything you don’t know is the threat - like the bomber in Boston, the shooter in Fort Hood, the Times Square bomber.
You are saying that these NSA databases are a threat to people who they should not be a threat to, but are not identifying the people who are a threat.
Precisely… it is all very disgusting, if you look at it. If you think about it too much.
You are suggesting that the FBI and others access the databases at will?
Senator Diane Feinstein compromised the secrecy saying, as a member of the Senate’s Judiciary Committee, that hundreds of people have been prosecuted, when she emphasized the importance of the programme to keep it going [for an account of this episode see here]. Robert Mueller when he was the Director of the FBI also compromised knowledge of his access to the content database.
Yes, he said he had access to “past emails”. It was in his testimony to the Senate Judiciary Committee. You can look it up.
[Note by AB: I did. He was in front of the Federal Bureau of Investigation Oversight Committee, March 30, 2011, 41-45 minutes into the recording. FBI Director Robert Mueller is testifying in response to a question by Senator Herb Kohl about the Fort Hood shooting on 5 November 2009, when US Army Major Nidal Malik Hasan, shot 13 fatally and wounded many more on the US Army base in Texas. Senator Kohl asked Mueller what new procedures had been introduced that could “head off another Fort Hood”. The FBI Director answered,
“What we found as a result of Hasan’s attack on the day was that there are gaps we had to fill. Immediately afterwards we looked at our procedures and we found that we could do a much better job in information sharing with DOD [Department of Defence]… we have a formalized process whereby we sit down and go through all the cases whether DOD cases or our cases that may touch on DOD so that we have before us both a full review of those cases that impact DOD. Secondly we have put in place technological improvements relating to the capabilities of the database to pull together past emails and future ones as they come in… (my italics)]
What in effect follows from what Feinstein says and what we know is that, as there are no prosecutions openly based on evidence that they got from this programme, they use parallel constructions, which means they perjure themselves in court.
Duncan Campbell: It also creates a real and contingent perception undermining all our criminal justice systems in the UK as well.
The point is that they can’t use evidence obtained from NSA and introduce it into the court, because it was acquired without a warrant. If they tried, the case would be thrown out immediately. What they do is what they call a ‘parallel construction’. They know that the evidence is from the NSA and then use standard legal processes to acquire information, assembling the data they need to arrest this person, which they substitute for the NSA material.
And if they find that evidence what is the problem?
First, it’s called perjury. It’s lying to the court as to what they did. It’s also denying the constitutional right of the defendant to challenge discoveries of the originally assembled data. They deny them that constitutional right in our country. I don’t know how it is here, with your laws.
We have no constitutional rights.
There are three things here: They’re violating the constitutional rights of the defendant in our country; then inside the law enforcement agencies they are creating a culture that regards it as legitimate to create evidence and this can lead to false evidence, as I know from my own experience; finally they are abusing their access to the databases for political ends, for example against the Tea Party, or the Occupy groups.
The Tea Party?
Yes, the IRS is holding up a bunch of Tea Party groups that want to become tax exempt 501(C)(3)s, I think it has to be social but they can be politically active with the remainder, it means that people can contribute to them and they can use the money in a tax-efficient way. So what the IRS is doing is preventing them from getting tax-free status. And they’re targeting them because they’re associated with the Tea Party. They are using the network metadata because that tells them who is involved in the Tea Party. They just don’t approve. They keep asking new questions. In an investigation some of them were discussing some of the questions they were asked, such as “What was my relation with this other person?” And we have to ask. My question was: “how the hell does the IRS know that they have a relationship at all?"
And with the Occupy movement what are the charges?
That does not matter it’s how they targeted them. Find out who is in the movement, who are the key leaders, and take them out. Have the police go in and remove them. They can see into Occupy now, ‘Hey, we want to do something about these guys’. They have been given a sacrosanct space beyond normal judicial supervision. They actually developed the capabilities and the systems, to be used by law enforcement to drive agendas. That is how they got General Petraeus and got the emails of General Allen.
But a woman alerted the FBI because she felt she was being ‘cyber-stalked’ and they found a trail that led to Petraeus.
Well, the justification for them should be to address the person who says that she was stalked. And who was that? That was not Petraeus. So where is the probable cause to take all of Petraeus’ emails? Or, for that matter, where is the probable cause or justification of any kind, for looking into General Allen’s emails? When you call some girl sweetheart or something like that? The justification was pretty simple to me, I looked at it and said: these two guys were both commanders in Afghanistan, and this was before the election. President Obama was saying that he has beaten Al-Qaida down, and these two guys knew that they were resurging. Petraeus was CIA chief and he was saying that, and so was Allen over in command in Afghanistan. These people were not following the White House line, so they had to go. The reason I think they were targeted, was because they wanted to get rid of them. Dissent in the ranks. You couldn’t have your CIA director saying something different than the White House. So how do you get rid of them? You have the FBI go through the database that NSA is collecting on everybody, go through all their emails and find something that will embarrass them. Do you think they themselves kept the thousands of emails with their girl friends?
Right, well rather than pursue that just now, can we go back briefly to how it all began after 9/11. You were there in the NSA at the head of a huge team of analysts.
I was not supposed to know about it, because I was too much of a straight-head.
What rank were you in the NSA?
I was pretty much maxed out there. It was a senior level executive, which is like a general. I saw the equipment arrive. They came in and told me they were taking in all the AT&T billing data of every US citizen in the country, about 320 million records of US to US communications every day. They started about four days after 9/11. They had to order the equipment to get this stuff going and the equipment started coming in in the last week of September, first week of October. My people had it all put together by the second week of October and that’s when they started pulling the data. But they made the decision within four days after 9/11.
I went straight to the Intelligence Committee of the House. This is all in the Jane Mayer article I told you about. I saw Diane Roark, who was on senior staff member in charge of the NSA account. So I went to her and I said, look, they are doing this. They are spying on everybody in the United States. She went to see the Committee Chairman and Nancy Pelosi the ranking Democrat. They told her to go talk to General Hayden. He told them that he had a presidential authority and Pelosi and the Chairman knew this as he had briefed them. They were two of the first four people that were briefed on the programme in early October 2001. That’s why Nancy Pelosi when she was Speaker of the House said impeaching George W. Bush was off the table, because she was culpable of this programme right from the beginning. If she had impeached George Bush, George would have said ‘impeach yourself too, you’re part of it’. That’s the leverage he had against her.
The entire purpose of the House Intelligence Committee and the FISA court, they were all created after the Church Committee in the 1970s with the specific purpose, to oversee all of the intelligence agencies and ensure that they would not spy on US citizens. Well, here they were, starting to spy on every US citizen in the country. So that’s a direct violation of the charter they were formed on, the reason they were formed…
Roark told me the President is behind this. I said I think we should try to see the Chief Justice of the Supreme Court, Rehnquist. We had a contact who knew his daughter, so Diane wrote a letter requesting an audience with him, for a very important reason, we didn’t say exactly what and gave it to his daughter. We know his daughter got it, and we know that his office got it. But we assume they called the House Intelligence Committee staff and asked ‘Why is this person requesting a meeting?’ And they said: ‘don’t even bother, it’s nonsense’, or some excuse, so that didn’t happen.
You then decided to leave?
Of course, as soon as they started it. It took me two and a half weeks to get out of there. I found out the second week of October, by the 31st I was out. It was a totalitarian process. I could recognise it immediately. I had spent decades watching how the systems of the Soviet Union worked. I could not be part of doing something similar to my own country. Obviously this came from the White House and it was a waste of time at NSA, they all agreed to it from the highest level down. They wouldn’t commit crimes of this magnitude without that kind of approval. So that was it. I’m out.
If the President authorised it, it was legitimised.
Well, it’s not legitimised. They attempted to make it legal by passing a law but you can’t pass a law that will make an unconstitutional act legal.
General Hayden is saying that he was operating under a presidential directive.
He didn’t have that in writing though…
You’re talking about October 2001
Yeah, October 4th.
It wasn’t in writing?
That’s right. Put it in writing and it is an impeachable offence against the Constitution, evidence of a high crime or misdemeanour. It was a verbal order that came through Vice-President Cheney. The point is, that everyone in NSA, from the deputy director downwards, was not allowed to see any documentation of the programme. They were told that there was an Attorney General’s opinion. I don’t think General Hayden had a copy if he saw it, it was held in a safe by David Addington in Cheney’s office, the Vice President’s office. They never had in writing an authorisation to do domestic spying. That’s impeachable.
So you’re saying that when General Hayden says he was acting with authority, was acting on verbal authority, and never had it in writing?
And never asked for it in writing?
Wrong. His council did. Went down there to Addington and asked for a copy of it. But did not get one, I think you will find.
Where does this get us to now, because when you spoke at the Oxford Union you said it would take ten to fifteen years for the system to work.
To work in terms of a code that would automatically pull it all together is hard: how to fuse all the graphs, how to fuse all the relationships, how to make a composite chart of all the things that you do and connect all electronic activities in a timeline?
They aren’t there yet?
Indeed, they’re having trouble merging data. They’re also having trouble making an automated analysis of the data. They are working on it. There is time to stop them. But there is only one way to do this. You have to stop the collection of the data.
[Update June 2015: See here for a video of Dick Chaney on how the surveillance programme started]
openDemocracy published an exchange with General Michael Hayden yesterday.