National Security

Meet the Spies Doing the NSA's Dirty Work

This obscure FBI unit does the domestic surveillance that no other intelligence agency can touch.

With every fresh leak, the world learns more about the U.S. National Security Agency's massive and controversial surveillance apparatus. Lost in the commotion has been the story of the NSA's indispensable partner in its global spying operations: an obscure, clandestine unit of the Federal Bureau of Investigation that, even for a surveillance agency, keeps a low profile.

When the media and members of Congress say the NSA spies on Americans, what they really mean is that the FBI helps the NSA do it, providing a technical and legal infrastructure that permits the NSA, which by law collects foreign intelligence, to operate on U.S. soil. It's the FBI, a domestic U.S. law enforcement agency, that collects digital information from at least nine American technology companies as part of the NSA's Prism system. It was the FBI that petitioned the Foreign Intelligence Surveillance Court to order Verizon Business Network Services, one of the United States' biggest telecom carriers for corporations, to hand over the call records of millions of its customers to the NSA.

But the FBI is no mere errand boy for the United States' biggest intelligence agency. It carries out its own signals intelligence operations and is trying to collect huge amounts of email and Internet data from U.S. companies -- an operation that the NSA once conducted, was reprimanded for, and says it abandoned.

The heart of the FBI's signals intelligence activities is an obscure organization called the Data Intercept Technology Unit, or DITU (pronounced DEE-too). The handful of news articles that mentioned it prior to revelations of NSA surveillance this summer did so mostly in passing. It has barely been discussed in congressional testimony. An NSA PowerPoint presentation given to journalists by former NSA contractor Edward Snowden hints at DITU's pivotal role in the NSA's Prism system -- it appears as a nondescript box on a flowchart showing how the NSA "task[s]" information to be collected, which is then gathered and delivered by the DITU.

But interviews with current and former law enforcement officials, as well as technology industry representatives, reveal that the unit is the FBI's equivalent of the National Security Agency and the primary liaison between the spy agency and many of America's most important technology companies, including Google, Facebook, YouTube, and Apple.

The DITU is located in a sprawling compound at Marine Corps Base Quantico in Virginia, home of the FBI's training academy and the bureau's Operational Technology Division, which runs all the FBI's technical intelligence collection, processing, and reporting. Its motto: "Vigilance Through Technology." The DITU is responsible for intercepting telephone calls and emails of terrorists and foreign intelligence targets inside the United States. According to a senior Justice Department official, the NSA could not do its job without the DITU's help. The unit works closely with the "big three" U.S. telecommunications companies -- AT&T, Verizon, and Sprint -- to ensure its ability to intercept the telephone and Internet communications of its domestic targets, as well as the NSA's ability to intercept electronic communications transiting through the United States on fiber-optic cables.

For Prism, the DITU maintains the surveillance equipment that captures what the NSA wants from U.S. technology companies, including archived emails, chat-room sessions, social media posts, and Internet phone calls. The unit then transmits that information to the NSA, where it's routed into other parts of the agency for analysis and used in reports.

After Prism was disclosed in the Washington Post and the Guardian, some technology company executives claimed they knew nothing about a collection program run by the NSA. And that may have been true. The companies would likely have interacted only with officials from the DITU and others in the FBI and the Justice Department, said sources who have worked with the unit to implement surveillance orders.

"The DITU is the main interface with providers on the national security side," said a technology industry representative who has worked with the unit on many occasions. It ensures that phone companies as well as Internet service and email providers are complying with surveillance law and delivering the information that the government has demanded and in the format that it wants. And if companies aren't complying or are experiencing technical difficulties, they can expect a visit from the DITU's technical experts to address the problem.

* * *

Recently, the DITU has helped construct data-filtering software that the FBI wants telecom carriers and Internet service providers to install on their networks so that the government can collect large volumes of data about emails and Internet traffic.

The software, known as a port reader, makes copies of emails as they flow through a network. Then, in practically an instant, the port reader dissects them, removing only the metadata that has been approved by a court.

The FBI has built metadata collection systems before. In the late 1990s, it deployed the Carnivore system, which the DITU helped manage, to pull header information out of emails. But the FBI today is after much more than just traditional metadata -- who sent a message and who received it. The FBI wants as many as 13 individual fields of information, according to the industry representative. The data include the route a message took over a network, Internet protocol addresses, and port numbers, which are used to handle different kinds of incoming and outgoing communications. Those last two pieces of information can reveal where a computer is physically located -- perhaps along with its user -- as well as what types of applications and operating system it's running. That information could be useful for government hackers who want to install spyware on a suspect's computer -- a secret task that the DITU also helps carry out.

The DITU devised the port reader after law enforcement officials complained that they weren't getting enough information from emails and Internet traffic. The FBI has argued that under the Patriot Act, it has the authority to capture metadata and doesn't need a warrant to get them. Some federal prosecutors have gone to court to compel port reader adoption, the industry representative said. If a company failed to comply with a court order, it could be held in contempt.

The FBI's pursuit of Internet metadata bears striking similarities to the NSA's efforts to obtain the same information. After the 9/11 terrorist attacks, the agency began collecting the information under a secret order signed by President George W. Bush. Documents that were declassified Nov. 18 by Barack Obama's administration show that the agency ran afoul of the Foreign Intelligence Surveillance Court after it discovered that the NSA was collecting more metadata than the court had allowed. The NSA abandoned the Internet metadata collection program in 2011, according to administration officials.

But the FBI has been moving ahead with its own efforts, collecting more metadata than it has in the past. It's not clear how many companies have installed the port reader, but at least two firms are pushing back, arguing that because it captures an entire email, including content, the government needs a warrant to get the information. The government counters that the emails are only copied for a fraction of a second and that no content is passed along to the government, only metadata. The port reader is designed also to collect information about the size of communications packets and traffic flows, which can help analysts better understand how communications are moving on a network. It's unclear whether this data is considered metadata or content; it appears to fall within a legal gray zone, experts said.

* * *

The DITU also runs a bespoke surveillance service, devising or building technology capable of intercepting information when the companies can't do it themselves. In the early days of social media, when companies like LinkedIn and Facebook were starting out, the unit worked with companies on a technical solution for capturing information about a specific target without also capturing information related to other people to whom the target was connected, such as comments on posts, shared photographs, and personal data from other people's profiles, according to a technology expert who was involved in the negotiations.

The technicians and engineers who work at the DITU have to stay up to date on the latest trends and developments in technology so that the government doesn't find itself unable to tap into a new system. Many DITU employees used to work for the telecom companies that have to implement government surveillance orders, according to the industry representative. "There are a lot of people with inside knowledge about how telecommunications work. It's probably more intellectual property than the carriers are comfortable with the FBI knowing."

The DITU has also intervened to ensure that the government maintains uninterrupted access to the latest commercial technology. According to the Guardian, the unit worked with Microsoft to "understand" potential obstacles to surveillance in a new feature of Outlook.com that let users create email aliases. At the time, the NSA wanted to make sure that it could circumvent Microsoft's encryption and maintain access to Outlook messages. In a statement to the Guardian, Microsoft said, "When we upgrade or update products we aren't absolved from the need to comply with existing or future lawful demands." It's the DITU's job to help keep companies in compliance. In other instances, the unit will go to companies that manufacture surveillance software and ask them to build in particular capabilities, the industry representative said.

The DITU falls under the FBI's Operational Technology Division, home to agents, engineers, electronic technicians, computer forensics examiners, and analysts who "support our most significant investigations and national security operations with advanced electronic surveillance, digital forensics, technical surveillance, tactical operations, and communications capabilities," according to the FBI's website. Among its publicly disclosed capabilities are surveillance of "wireline, wireless, and data network communication technologies"; collection of digital evidence from computers, including audio files, video, and images; "counter-encryption" support to help break codes; and operation of what the FBI claims is "the largest fixed land mobile radio system in the U.S."

The Operational Technology Division also specializes in so-called black-bag jobs to install surveillance equipment, as well as computer hacking, referred to on the website as "covert entry/search capability," which is carried out under law enforcement and intelligence warrants.

The tech experts at Quantico are the FBI's silent cybersleuths. "While [the division's] work doesn't typically make the news, the fruits of its labor are evident in the busted child pornography ring, the exposed computer hacker, the prevented bombing, the averted terrorist plot, and the prosecuted corrupt official," according to the website.

According to former law enforcement officials and technology industry experts, the DITU is among the most secretive and sophisticated outfits at Quantico. The FBI declined Foreign Policy's request for an interview about the unit. But in a written statement, an FBI spokesperson said it "plays a key role in providing technical expertise, services, policy guidance, and support to the FBI and the intelligence community in collecting evidence and intelligence through the use of lawfully authorized electronic surveillance."

In addition to Carnivore, the DITU helped develop early FBI Internet surveillance tools with names like CoolMiner, Packeteer, and Phiple Troenix. One former law enforcement official said the DITU helped build the FBI's Magic Lantern keystroke logging system, a device that could be implanted on a computer and clandestinely record what its user typed. The system was devised to spy on criminals who had encrypted their communications. It was part of a broader surveillance program known as Cyber Knight.

In 2007, Wired reported that the FBI had built another piece of surveillance malware to track the source of a bomb threat against a Washington state high school. Called a "computer and Internet protocol address verifier," it was able to collect details like IP addresses, a list of programs running on an infected computer, the operating system it was using, the last web address visited, and the logged-in user name. The malware was handled by the FBI's Cryptologic and Electronic Analysis Unit, located next door to the DITU's facilities at Quantico. Wired reported that information collected by the malware from its host was sent via the Internet to Quantico.

The DITU has also deployed what the former law enforcement official described as "beacons," which can be implanted in emails and, when opened on a target's computer, can record the target's IP address. The former official said the beacons were first deployed to track down kidnappers.

* * *

Lately, one of the DITU's most important jobs has been to keep track of surveillance operations, particularly as part of the NSA's Prism system, to ensure that companies are producing the information that the spy agency wants and that the government has been authorized to obtain.

The NSA is the most frequent requester of the DITU's services, sources said. There is a direct fiber-optic connection between Quantico and the agency's headquarters at Fort Meade, Maryland; data can be moved there instantly. From the companies' perspective, it doesn't much matter where the information ends up, so long as the government shows up with a lawful order to get it.

"The fact that either the targets are coming from the NSA or the output goes to the NSA doesn't matter to us. We're being compelled. We're not going to do any more than we have to," said one industry representative.

But having the DITU act as a conduit provides a useful public relations benefit: Technology companies can claim -- correctly -- that they do not provide any information about their customers directly to the NSA, because they give it to the DITU, which in turn passes it to the NSA.

But in the government's response to the controversy that has erupted over government surveillance programs, FBI officials have been conspicuously absent. Robert Mueller, who stepped down as the FBI's director in September, testified before Congress about disclosed surveillance only twice, and that was in June, before many of the NSA documents that Snowden leaked had been revealed in the media. On Nov. 14, James Comey gave his first congressional testimony as the FBI's new director, and he was not asked about the FBI's involvement in surveillance operations that have been attributed to the NSA. Attorney General Eric Holder has made few public comments about surveillance. (His deputy has testified several times.)

The former law enforcement official said Holder and Mueller should have offered testimony and explained how the FBI works with the NSA. He was concerned by reports that the NSA had not been adhering to its own minimization procedures, which the Justice Department and the FBI review and vouch for when submitting requests to the Foreign Intelligence Surveillance Court.

"Where they hadn't done what was represented to the court, that's unforgivable. That's where I got sick to my stomach," the former law enforcement official said. "The government's position is, we go to the court, apply the law -- it's all approved. That makes for a good story until you find out what was approved wasn't actually what was done."

Photo: Chip Somodevilla/Getty Images

Investigation

Scuttled at Sea

How maritime unions sunk America’s food aid reform.

As members of the U.S. House and Senate meet this week to hammer out a farm bill, they are likely to consider changes to the way the United States delivers food aid to hungry and impoverished nations. The debate will reprise an intense legislative battle that flared in June when food aid reforms were proposed in the House.

That struggle had a startling and little-noticed result: a plan to reshape the way in which the United States delivers half of the world's food aid was dealt a decisive blow by a small but determined group of maritime unions.

Unlike other developed nations, which purchase most food aid in the regions that receive it, the United States buys food from American farms, ships it on American vessels, and gives away much of the goods gratis for humanitarian groups to distribute. Although the Government Accountability Office has concluded that this system is "inherently inefficient" and can be harmful to farmers in recipient nations, for decades the setup has been politically untouchable. A powerful coalition including agriculture companies, the military, the shipping industry, and humanitarian aid groups ensured that any changes were dead on arrival in Congress.

But when an amendment to the farm bill seeking to shift up to half of U.S. food aid to local and regional purchases abroad emerged in Congress in June, the tide appeared to be turning.

The Obama administration estimated it could reach up to four million more people for the same price by purchasing half of its food aid overseas. Big agriculture was mostly indifferent, with Cargill and the National Farmers Union endorsing the broad strokes of reform. The Pentagon gave its blessing, saying maritime readiness would not be harmed. Humanitarian groups were already on board, having turned en masse against the current system, arguing that flooding poor countries with cheap foods was harmful to local farmers.

"It felt different," said Gawain Kripke, policy director for the aid group Oxfam America, which advocated in favor of the amendment. "We never really had a piece of legislation to rally around."

There was one remaining sector that stood squarely in the path of the reform: the shipping industry and maritime unions. With fewer allies but undiminished resolve, maritime groups sent letters, organized phone calls, and lobbied vigorously their allies in Congress.

"We did a lot of aggressive advocacy," said Ed Wytkind, the president of the Transportation Trades Department of the AFL-CIO, an umbrella group that represents 32 transport worker unions. "We've spoken very, very forcefully to some of our friends on Capitol Hill who don't seem to understand the issue as well as we wish they did."

As the vote approached, the shipping unions told Congress that the reform would destroy American jobs and gut the nation's military sealift capacity. Their message was repeated among House members as they prepared on June 19 to cast their votes.

"When I was on the floor the chatter among members was 'You know, unions oppose this,'" said a Democratic congressional staffer, who asked to remain anonymous.

When the votes were counted, the amendment had been defeated by a slim margin of 220 to 203. But unlike Congress's frequent party-line showdowns, these results reflected an unlikely set of opposing coalitions. Both Republicans and Democrats split nearly evenly on the reform. The top-ranking members of each party to cast votes, Eric Cantor (R-VA) and Nancy Pelosi (D-CA), supported the proposal and went down in defeat. The 94 Democrats that opposed the measure included leading liberals such as George Miller (D-CA) and James Clyburn (D-SC).

Shipping dollars and congressional votes

Current members of the U.S. House of Representatives who received at least $10,000 in contributions in the 2012 election cycle from two leading maritime unions and a lobby group backed by both unions and shipping companies, along with their votes on the Royce-Engel amendment to reform U.S. food aid policy.

While more Republicans voted against the measure than Democrats, Kripke of Oxfam America said it was the Democratic votes that provided the crucial margin.

"Where we lost the thing is that we really underperformed among labor Democrats, among progressive Democrats," Kripke said. "I think that when the unions and the AFL affiliates came in was really influential."

The maritime unions' success in persuading nearly half of Democrats to oppose a measure expanding the reach of food aid was not only a product of phone calls and effective lobbying. (A send-up by the Daily Show on the plight of "the most vulnerable among us" focused on the role of shipping companies.)

According to an analysis by the Center for Public Integrity, two leading maritime unions, the Marine Engineers Beneficial Association and the AFL Transportation Trades Department, and a maritime group backed by both unions and shipping companies, USAMaritime, contributed more than three quarters of a million dollars to members of the current House of Representatives in the 2012 election cycle. Members who received contributions from these groups voted 83 to 29 in opposition to the measure, along with five who did not vote.

Members who received more than $10,000 from these groups opposed the amendment at a rate of seven to one: the vote among these top beneficiaries of shipping unions' contributions was 28 to 4, with three not voting.

The Center for Public Integrity reached out to 10 House members, both Republicans and Democrats, who were among the top recipients of maritime unions' contributions. Only the office of Elijah Cummings (D-MD), a vocal opponent of the reform, agreed to discuss his views. Staffers for Cummings said the changes would deplete American sealift capacity in the event of a military or trade war, and that Cummings listened closely to maritime unions as he did to all constituencies affected by congressional policies. 

‘One of the worst ways to give food aid'

As fighting raged in Syria and Somalia earlier this year, local populations began to suffer from hunger. The United States pledged tens of millions of dollars in aid to each country, but the violence made it impossible for  food aid administrators to ship American foods into their communities.

The current system mandates that only about 20 percent of overall food aid may be delivered as cash vouchers or purchased locally, according to the U.S. Agency for International Development (USAID). When those funds ran out, USAID had to make a painful choice. Cash aid to Somalia was scaled back to help address the explosion of need in Syria.

"We are having to make choices," said Nancy Lindborg, the assistant administrator for USAID in charge of food aid programs.

Lindborg said the current hard limits on cash aid force USAID to choose between regions where security and logistics make it impossible to deliver food: Syria, Somalia, the Democratic Republic of Congo, and the Sahelian region of Africa.        

Humanitarian aid groups say that distributing American foods in poor countries can also undercut the market for local agriculture and harm long-term sustainability. Massive deliveries of American crops in the wake of Haiti's 2010 earthquake undermined local farmers, the Center for Public Integrity reported, and a 2013 study in Malawi found that commoditized food aid was a disincentive for local agriculture.

A third major concern is that the system's inefficiency leads fewer hungry or disaster-stricken communities to receive aid. A 2007 report by the GAO found that 65 percent of funds allocated to America's largest food aid program were being spent on shipping and business costs rather than food, and described the practice of allowing humanitarian groups to sell food aid to generate cash as "an inherently inefficient use of resources."

 

Dirk Salomons, the director of the Program for Humanitarian Affairs at Columbia University's School of International and Public Affairs, said that the most important factor in effective food aid delivery is having flexibility to respond to the circumstances. "You should have the freedom to make an assessment and do the best response for the situation," Salomons said. "That assessment is really what's at the heart of it."

Currently, 80 percent of American food aid must be shipped from the United States. The proposed reform would have allowed the U.S.'s largest food aid program, called Food for Peace, to procure up to 45 percent of aid in affected regions, but did not create a minimum requirement.

Supporters of the current system question whether local food purchases would be vulnerable to corruption or logistically unfeasible.

"I'm trying to figure out where the regional food purchasing is available," said Rep. John Garamendi (D-CA) at a congressional hearing in April. "Presumably, there's a shortage of food in that area, so what is the region?" 

But reformers take issue with this argument, noting that regional procurement can draw from a wider area than a specific locality, and that hunger is frequently caused not by an absence of food but by the inability of significant segments of the population to access that food.

This debate was partially addressed in a 2009 GAO study, which compared the results of a small local procurement program within USAID with the majority of aid that is shipped from America. It found that local procurement in sub-Saharan Africa cost 34 percent less than in-kind food aid, while aid in Latin America cost roughly the same with each approach. Reformers say this demonstrates that food availability is not an impediment to more efficiently purchasing aid in or near the affected regions.

A shift toward more local procurement has been endorsed by both George W. Bush and Barack Obama, as well as by advocates on both sides of the political spectrum.

"If U.S. taxpayers are going to provide funding for food aid for poor and hungry people around the world, then those taxpayer dollars should be spent in the most efficient way possible," said Brett Schaefer, a senior research fellow at the Heritage Foundation.

Raj Patel, a food activist and scholar at the University of California, Berkeley who helped organize the 1999 protests in Seattle, said that food purchases are needed more by farmers in the developing world than in America's grain belt.

"Everyone can agree that one of the worst ways to give food aid is to buy the food in the U.S. and ship it in U.S. carriers and then give it away for free [to aid groups]," Patel said. "But when you get the U.S. farmers and shippers to the table that consensus vanishes."

 

The jobs and security debate

The loudest debate about food aid reform in Congress focuses on its impact at home. Opponents of the reform emphasize American jobs and military readiness.

"You can't look at this thing as if you're just debating the Food for Peace program," said Wytkind of the AFL Transportation Trades Department.  "The debate has to be more comprehensive."

A statement by USAMaritime notes that "over 33,000 Americans' jobs depend upon the transportation of U.S. food aid alone."

This figure has been called into question. When congressional supporters of food aid reform asked the Pentagon how many shipping jobs in the U.S.-flag fleet  would be lost, it estimated that only 360 to 495 mariners on a total of eight to 11 ships would be affected. Wytkind noted that this figure does not consider the multiplier effects of the initial jobs being lost, nor the broader threat posed to the U.S. shipping industry as a whole.

The other main argument against the changes is that they would reduce military sealift capacity by driving U.S.-flagged commercial ships known as the merchant marine out of business. Advocates of the current system say that in Iraq and Afghanistan, 90 percent of shipping supplies were carried by the merchant marine. 

"If you start hollowing out the U.S. merchant marine, and you start with eight to 10 ships, its going to call into question whether merchant marine operators have a viable future in the U.S.," Wytkind said.

This contention is also disputed. Since 1996, the United States has had a Maritime Security Program that subsidizes U.S.-flagged commercial ships to remain militarily viable, funded at $186 million in FY 2012. A 2010 study by Christopher Barrett of Cornell University found that 70 percent of ships that were subsidized through the food aid program were not militarily useful, and the ones that were militarily useful were already subsidized by the Maritime Support Program.

"They basically double dip," Barrett said of the ships that are qualified for activation by the military. "They're able to collect the premium you get for hauling cargo ... and they collect payment under Maritime Security Program."

The Pentagon's letter to Congress stated that the reform "will not impact U.S. maritime readiness and national security."

This debate reopened last week, as the House and Senate began to conference on the farm bill, the original vehicle for the proposed reforms. President Obama has declared the farm bill a top priority and urged Congress to move past the rancor of the government shutdown to approve it, while House Republicans are calling for further reductions in government spending.

Food aid reform advocates are trying to get part of the changes that were rejected in June back into the farm bill or the FY 2014 budget. Their current goal is for USAID to have the option of spending up to 20 percent of the Food for Peace program, in addition to the 20 percent of overall food aid that is available through other programs, on cash aid or local purchases.

But shipping unions and their allies question why the struggling merchant marines should be a target for reductions, and are gathering their strength to ensure that enough liberal Democrats line up once again to sink the proposal.

"We're not shy," Wytkind said. "All these battles are all about the same issue, when you start getting into reform debates like this. They're about whether we're going to have a viable U.S. transportation industry that supports good middle-class jobs."

 

Kevork Djansezian/Getty Images