As the executive summary of the report noted:
Some significant pieces of information in the vast stream of data being collected were overlooked, some were not recognized as potentially significant at the time and therefore not disseminated, and some required additional action on the part of foreign governments before a direct connection to the hijackers could have been established. For all those reasons, the Intelligence Community failed to fully capitalize on available, and potentially important, information.
Those findings would be confirmed and amplified by the 9/11 Commission in its final report released in July 2004.
But what neither report addressed were the allegations made at the time by a group of NSA employees, later joined by a former senior House Intelligence Committee staffer, that NSA director Michael Hayden killed a promising program that could have sorted through the available pre‐Sept. 11 data on the hijackers and potentially uncovered the plot well in advance.
Beginning in the late 1990s, a tiny group of NSA employees working in the agency’s Signals Intelligence Automation Research Center were tackling what has since become known as the “big data” problem. Phones and computers generate billions of pieces of electronic information every day. NSA was drowning data. In response, crypto‐mathematician Bill Binney, and his colleagues Kirk Wiebe and Ed Loomis, created a collection, analysis and dissemination program called Thinthread.
Describing it to New Yorker journalist Jane Mayer in 2011, Binney said, “The beauty of it is that it was open‐ended, so it could keep expanding” to keep up with the ever‐increasing volume of data flowing into the NSA. Binney and his team also gave Thinthread the ability to anonymize, segregate and encrypt the data of any American citizen whose communications were inadvertently swept up in the collection process. The idea was for U.S. courts to be the custodian of the encryption keys for data, which in Binney’s scheme would only be accessible via warrant.
NSA Director Michael Hayden had other ideas. He killed Thinthread in the fall of 2000 in favor of a far more expensive and untested system called Trailblazer, which turned into a boondoggle that wasted hundreds of millions of dollars without producing a single piece of actionable intelligence. Thinthread’s technology was turned into a mass surveillance tool with no constitutional protections for citizens’ communications.
Angry at the waste, fraud and abuse generated by Trailblazer, and confident that Thinthread could have thwarted the Sept. 11 attacks, Binney, Wiebe and Loomis filed a complaint with the Department of Defense Inspector General in late 2002. Joining them was former House Intelligence Committee staffer Diane Roark, who had tried unsuccessfully to get her boss, committee chairman Porter Goss, to investigate the Trailblazer fiasco and Hayden’s role in killing Thinthread. Helping them in the background was senior NSA executive Thomas Drake, who had continued to lobby for Thinthread’s deployment after Binney, Loomis and Wiebe retired from the NSA.
[DISCLOSURE — The author is one of the few people outside of NSA and the DoD IG to have reviewed the full classified IG report on the Thinthread/Trailblazer episode. I did so in my capacity as a House staffer while working for then‐Rep. Rush Holt in 2013 during his service on the National Commission on Research and Development in the United State Intelligence Community. Without disclosing classified details, I can say this: The report validated the allegations made by Drake, Binney, Loomis, Wiebe and Roark. I am currently seeking full declassification of that report.]
Drake went so far as to share the Thinthread story with the CJI investigators, but to no effect. I found no public evidence that the Joint Inquiry ever investigated Drake’s claims, or ever contacted Binney, Loomis, Wiebe or Roark. Neither did the 9/11 Commission, according to all five, who shared their recollections with the author. All of them would ultimately be investigated by the Department of Justice for allegedly leaking classified data related to Thinthread — an allegation that was never substantiated. Drake was indicted but the charges — were all dropped. In exchange, Drake pled out to a minor misdemeanor (having nothing to do with the original indictment or anything allegedly classified) under the Computer Fraud and Abuse Act for “exceeding authorized used of a government computer”. He was sentenced to one year probation and 240 hours of community service. At Drake’s sentencing, the presiding judge castigated the Justice Department for its misconduct in the case, but he levied no sanctions on government lawyers for wrongful prosecution.
Congress failed to conduct a thorough inquiry in which all of the relevant data offered by Drake, Binney, Loomis, Wiebe and Roark were examined. Instead, the House and Senate chose to wait to begin their flawed inquiry until after passing a bill that vastly and unnecessarily increased the government’s surveillance powers, and which ignored documented, credible allegations of malfeasance and dereliction of duty by the NSA leadership in the years leading up to Sept. 11.
Moreover, even after spending millions of dollars on two separate (but hardly exhaustive) Sept. 11‐related inquiries, Congress failed to heed the most important finding of both, that analytical, management, and information sharing failures, not collection shortfalls, were the real reasons why the attacks succeeded.
Ignoring this key finding, Congress repeatedly renewed the expiring provisions of the Patriot Act. The first such renewal occurred despite the publication on Dec. 16, 2005 of the first New York Times story describing Stellar Wind. Congress also took a provision from the law creating the new Director of National Intelligence and rolled it into the Patriot Act reauthorization, a change the ACLU said permitted “secret intelligence surveillance of non-U.S. persons who are not affiliated with a foreign organization” in order to go after alleged “lone wolf” terrorists. And while the language of the Patriot Act’s “business records” provision was altered in March 2006 to include the phrase “relevant to an authorized investigation” in an effort to narrow the scope of the government’s dragnet collection operation, as documents from the Snowden archive and partially declassified Foreign Intelligence Surveillance Court records would show, executive branch officials chose to interpret the phrase “relevant” in the broadest possible way.
The New York Times story did lead to a debate in Congress lasting more than a year over how to deal with Stellar Wind. The solution, passed in 2007, was the so‐called “Protect America Act” (PAA) — which simply legalized the illegal program. The ACLU deemed it the “Police America Act” and denounced the bill’s “bulk collection” language, which allowed the government to evade the Constitution’s individual, specific probable cause requirements and use a single warrant to collect information on potentially millions of people. Opponents were able to get a “sunset” provision inserted into the bill, but it was a pyrrhic victory. The bill that replaced it in 2008, the FISA Amendment’s Act (FAA), included the same “bulk collection” general warrant authority as the PAA, as well as no meaningful court oversight. Like the Patriot Act, the FAA would be renewed into the second decade of the 21st century.
A few months before Snowden went public, there were hints that the NSA’s post‐Sept. 11 surveillance activities were constitutionally dubious. In a March 2013 Senate Intelligence Committee hearing with Director of National Intelligence General James Clapper, Senator Ron Wyden of Oregon had the following exchange with America’s top spy:
So, what I wanted to see if you could give me a yes or no answer to the question: Does the NSA collect any type of data at all on millions, or hundreds of millions of Americans?”
Clapper: “No, sir.”
Wyden: “It does not?”
Clapper: “Not wittingly. There are cases where they could inadvertently, perhaps, collect, but not wittingly.”
Wyden: “All right. Thank you. I’ll have additional questions to give you in writing on that point, but I thank you for the answer.”
Both the general and Wyden knew Clapper’s answer was false, but Clapper refused to correct the record publicly until after the initial Snowden revelations appeared in the Guardian.
And the Patriot Act’s primary author, former House Judiciary Committee Chairman James Sensenbrenner, made it clear to executive branch officials a month after Snowden went public that the days of NSA and the Justice Department playing fast‐and‐loose word games to justify mass surveillance were over. At the end of a tense exchange with Deputy Attorney General James Cole in a July 2013 House Judiciary Committee hearing, Sensenbrenner said, “Let me tell you, as one who has fought Patriot Act fights usually against the people over on the other side of the aisle, Section 215 expires at the end of 2015, and unless you realize you have got a problem, that is not going to be renewed. There are not the votes in the House of Representatives to renew Section 215, and then you are going to lose the business record access provision of the Patriot Act entirely.”
But he didn’t wait until 2015 to make his point.
Later that same month, Sensenbrenner joined Tea Party favorite Rep. Justin Amash of Michigan and 203 other House colleagues on an amendment to the annual Defense Department spending bill that would have defunded the Sec. 215 warrantless surveillance program. Although the amendment failed by a mere 13 votes, its bipartisan nature (94 Republicans and 111 Democrats voted for it) sent what seemed to be a clear message: support for mass NSA surveillance was collapsing. And less than a month after that vote, Amash, Sensenbrenner, and other House members would learn that key information about the scope of NSA’s domestic spying under the Patriot Act’s Sec. 215 provision had been withheld from them by House Intelligence Committee leaders just before the 2011 Patriot Act renewal vote.
Amash said “It is not acceptable for the intelligence committee, or any other committee, to withhold critically important information pertaining to a program prior to the vote.” Had the true scope of the Sec. 215 telephone metadata program been understood by House members as a whole in early 2011, it is extremely unlikely the program would have been reauthorized in its original form, and possibly even killed altogether. House Intelligence Committee chairman Mike Rogers of Michigan, and his Democratic counterpart, Dutch Ruppersberger of Maryland, vehemently denied any deliberate attempt to withhold the reports in question.
During early 2013, NSA and Obama administration officials would be forced to backtrack on their sensational claim that the Sec. 215 program helped disrupt 54 terrorist plots. In fact, it played a minor and duplicative role in just one incident. Even NSA’s then‐number two leader, Chris Inglis, was forced to concede to the Senate Judiciary Committee in July 2013 that it’s “not the most important tool.” In fact, it was a constitutionally‐dubious electronic version of “security theater” that was simply vacuuming up the information of millions of innocent Americans.
Snowden’s revelations jump‐started the surveillance reform effort. By the fall of 2013, two proposals were circulating in the House. The Surveillance State Repeal Act, first introduced in early August 2013 by then‐Rep. Rush Holt, would have terminated both the Patriot Act and the FISA Amendments Act. [DISCLOSURE — I was the staffer who developed the bill for Rep. Holt]. The second, more modest proposal was offered by Sensenbrenner and called the USA Freedom Act. The bill was focused primarily on ending the existing Sec. 215 telephone metadata program, and included some FISA Court improvements.
As those two bills made their way through the legislative process, supporters of surveillance reform got their first and only court victory, in Dec. 2013. U.S. District Court Judge Richard Leon ruled that the government’s Sec. 215 telephone records collection program was unconstitutional.
Leon noted that FISA court judge Reggie Walton had previously “concluded that the NSA had engaged in ‘systemic noncompliance’ with [FISA court]-ordered minimization procedures” and “had also repeatedly made misrepresentations and inaccurate statements about the program to [FISA court] judges.”
“I cannot imagine a more ‘indiscriminate’ and ‘arbitrary invasion’ than this systematic and high‐tech collection and retention of personal data on virtually every single citizen for purposes of querying and analyzing it without prior judicial approval… Indeed, I have little doubt that the author of our Constitution, James Madison, who cautioned us to beware ‘the abridgement of freedom of the people by gradual and silent encroachments by those in power,’ would be aghast,” Leon said.
While he granted attorney Larry Klayman’s request for an injunction against the government’s program, Leon stayed his order pending the inevitable government appeal. [The case, as well as two others against NSA, remain on appeal today.]
While 2013 ended on a relative high note for surveillance reform supporters, 2014 would bring a string of legislative setbacks. Even a stinging report by a hand‐picked White House surveillance policy review group (which found the Sec. 215 program worthless) and a similar report by the federal Privacy and Civil Liberties Oversight Board (which stated the program had no legal basis) failed to produce meaningful changes in NSA domestic spying operations. And the hoped‐for legislative fixes either went nowhere or were eviscerated by the House Republican leadership. Indeed, many of USA Freedom Act’s original supporters ended up voting against the watered‐down version that eventually reached the House floor just before Memorial Day 2014.
Reformers were able to take some solace from a legislative victory in June 2014. Rep. Zoe Lofgren, D‐Calif., and Rep. Thomas Massie, R‐Ky., took the government “back door” ban language from the Holt bill and added language baring the government from using taxpayer dollars to search the stored emails of Americans absent a warrant to create an amendment they offered to the annual Pentagon spending bill. With the help of some privacy and civil liberties groups, such as FreedomWorks, the amendment passed by a whopping 293–123 — good enough to override an Obama veto.
But that victory would also be undone after the November 2014 elections, when GOP leaders in both chambers ensured the provision was not included in the final Defense Department spending bill. The final setback for reformers was the procedural death in the Senate of a revived (but still relatively weak) USA Freedom Act, offered by Senate Judiciary Committee chairman Patrick Leahy of Vermont. The vote to end debate on the bill and proceed to a final vote failed when Sens. Rand Paul of Kentucky, Chuck Grassley of Iowa, and Ben Nelson of Florida withheld their support.
This year began with both surveillance reformers and their opponents circling one date on their respective calendars: June 1, 2015. On this date, the Patriot Act’s Sec. 215 “business records,” “lone wolf” and “roving wiretap” provisions will expire unless Congress agrees to extend them. If public opinion on the topic is any indication, mass surveillance supporters have a tough job on their hands.
In March 2015, Pew released the results of its latest poll on attitudes on surveillance. Seventy percent of Republican or Republican‐leaning respondents said they were “less confident the surveillance efforts are serving the public interest.” Over half of Democrats or those leaning Democratic felt the same way. And of the 87 percent of adults who have heard of the surveillance programs, 34 percent had “taken at least one step to hide or shield their information from the government.” This is how the true costs of mass surveillance programs should be measured: not just in dollars, but in how they have eviscerated the Constitution’s free association, speech and privacy guarantees. The chilling effect of government surveillance is real, and the poll makes clear it is causing this country’s citizens to disconnect from one another, alter what they search for online, and even self‐censor. Our own government, not al Qaeda or ISIS, is responsible for this fear and subversion of constitutional rights that has produced these ominous changes.
A child born on September 12, 2001 has lived his or her entire life under the shadow of this surveillance state. Whether their full constitutional right to be free from warrantless search and seizure of their online communications will be restored remains to be seen. What is clear is that unless their elders force Congress to end the surveillance state, the generation born after Sept. 11, and all those who follow, will live in a country that would shock Madison, and the Founders.