Recently, NSA, NSA IG, and the Intelligence Community IG refused to disclose an estimate of the total interceptions of American citizens.
This diary shows where Congress can find baseline data to make an independent estimate. This diary uses open sources only.
Stop Reading if you Do Not Understand This:
The links provided are for information purposes only, do not necessarily reflect the position of the US government, and are not intended to provide information related to unlawful contractor, government, or individual activity outside FISA authority.
The cited budget documents are for discussion purposes only, and not intended to make a statement about those program managers' knowledge or connection with targeting against American civilians.
When the US government plans an interception program, that program includes studies to estimate budgets.
Budgets give insight into assumptions, planning factors, and other baseline data. These estimates help create an idea of what is required to do something.
For example, if you are planning to take a vacation, you might look at your automobile's gas mileage; then look at a map to examine the mileage; then examine the hotel costs.
Vacation Sample Estimate FactorsEach of the above factors are known, and can be independently estimated. When combined, it's possible to make an estimate.
Factor 1: Gas mileage
Factor 2: Distance
Factor 3: Lodging, Food
Total: $ _____
That is all that is done when planning: Just estimates.
I will point to various lines of public evidence showing you where these "estimates" related to domestic-interception should have been considered, documented, discussed, planned for, or reviewed.
The point is that there is a way to estimate the number of US citizens who have had their communications intercepted. This estimate is different than a legal question: Was that interception lawful or unlawful.
Government Intelligence Estimates
I'm going to show you some open sources related to some interesting planning and budgeting documents. These documents include estimates.
I will also show you that these planning and budgeting documents are available to Congress.
And I will show you that, although the public may not know for sure how many citizens have been monitored, government planners had to make some informed guesses about the interceptions when planning memory storage space.
Classified Programs: Provide Test Data, Planning Documents to Congress
Congress has access to baseline data. Although there may not be a simple answer -- yet -- as to how many citizens have been monitored, we do know one thing: Members of Congress have the power to ask for information related to the smaller pieces:
- How much money does the NSA need to store dataSample Language
- How were the planned data storage requirements different than the actual requirements
- What were the test results related to the NSA assumptions on storage capacity requirements
I'd like to show you how we know that Congress has access to some of the baseline information related to the total NSA activities.
By analogy, let's consider an important program related to undersea warfare, where Congress requested additional infromation:
The CommanderThe above shows two (2) sections. The first are the documents. The second is where the documents must be sent.
of the United States Special Operations Command may not make
any milestone B acquisition decisions with respect to a covered
element until a 30-day period has elapsed after the date on which
the Under Secretary of Defense for Acquisition, Technology, and
(1) conducts the assessment and determination under subsection
(b) for the covered element; and
(2) submits to the congressional defense committees a
(A) the determination of the Under Secretary with
respect to the appropriate acquisition category for the covered
(B) the validated requirements, independent cost estimate,
test and evaluation master plan, and technology
readiness assessment described in paragraphs (1) through
(4) of subsection (b), respectively.
(b) ASSESSMENT AND DETERMINATION.—With respect to each
covered element, the Under Secretary shall conduct an assessment
and determination of whether to treat the covered element as
a major defense acquisition program. Such assessment shall
(1) a requirements validation by the Joint Requirements
(2) an independent cost estimate prepared by the Director
of Cost Assessment and Program Evaluation;
(3) a test and evaluation master plan reviewed by the
Director of Operational Test and Evaluation; and
(4) a technology readiness assessment reviewed by the
Assistant Secretary of Defense for Research and Engineering.
In a nutshell, that's really all you need to know. It doesn't matter what the documents say. All you need to know is that there are similar documents for the NSA:
TestingThe issue really isn't that there's "no estimate," only that nobody in the US government wants to raise their hand and say, "We can help make an estimate."
We know from open sources that the NSA is building a facility [Link, wired] to store data.
Before money can be spent, someone in NSA has to approve a plan. That plan includes estimates for data storage, which is the same as an estimate for building capacity, software and hardware storage requirements, and technical support.
One disclosed program is called "Stellar Wind," which -- some believe -- treated the US as a foreign country, and vacuumed and stored data.
One interesting thing to notice about budgets and estimates is how they change. The changes tell us something interesting. The tell us how assumptions have changed, or new events have affected plans.
There are budget estimates available from before 9-11. After 9-11, estimates changed because the US government was going to do things differently. Before 9-11, there was no (apparent) data mining program; after 9-11, the data mining (supposedly) started.
So, we could compare the pre- and post-9-11 assumptions related to data-storage requirements. That change tells us something about how new Presidential direction may have adjusted the interceptions.
Before 9-11, the US had a baseline of requirements related to capacity and data storage growth. However, if the interceptions change, and start targeting -- and storing -- domestic targets, then this change can give us some insight into what the NSA was really doing.
Above, you read something called a TEMP or "test and evaluation master plan." When the government develops a weapon system, there is a TEMP developed to outline how the government will compare (a) what it wants; to (b) what it got.
To do that test, the government compares what it hopes to accomplish, with what the contractor or agency provides, and they ask: Did we get what we want?
A Temp is a long document. It has many requirements or factors listed. Not all things work perfectly, but things usually work out.
The reason for the TEMP is so that there is a plan everyone can work toward: The government, contractors, and the public, who is paying the bill.
As you can see related to the above references to the TEMP, Congressional committees can access a TEMP, or an independent cost estimate (ICE), and review whether the government -- people, contractors, others working for the President -- have a good plan.
I wanted to show you an example of how various government plans, tasks, and reports are managed. This link doesn't really tell us anything about the NSA, but its a good example of how a contract management plan is put together.
This plan is something you can look at and see that there are many smart people involved.
Most of them spend many hours each day thinking of solutions to very complicated problems. And they do good work. They also have to spend time preparing summary reports and documents for reviews.
Congress can ask the contractors for information. At the contracting facilities, there are government representatives who can gather information.
There are also reports that leaders inside the US government use when making plans. These documents also include estimates.
I wanted to show you some budget documents with numbers on them. Don't be scared. The numbers aren't important.
The point is that there are documents floating around with numbers on them, but they are only summaries.
The detailed documents have the baseline information related to estimates: How much capacity do we need to store this data; and how do these changes relate to what we originally planned.
Take a look at this document. It is a sample of how a planning document gets fit into a budget.
Look at page 15 of 21, and notice these words:
FY 2011 Base Plans:Those words mean that the budget included money for reviewing the technology options, then making a selection. That means that -- to make that selection -- the government looked at options presented, compared what was offered to what they needed, and made a decision.
- Conduct technology survey and selection."
To select, the government spends time developing some factors and criteria to compare what the government hopes to get, with what they think the contractors are going to give them.
It takes time to develop these lists. Those lists also include assumptions and estimates. The same estimates which Congress can access, review, and make independent decisions about.
One of the things we've learned about the NSA is that they are very good at doing what they're supposed to do: The can intercept information, and then forward that information to those who need it: Warfighters, leaders, and planners.
Take a look at this budget document, and you'll see something interesting, it relates to information sharing. When the government plans to store information, it considers not only the data storage requirements in the facility, but also the method to transfer that information:
Information Capacity PlanningInformation can only be "shared" if the existing information "sharing technology" is big enough, fast enough, and smart enough to handle that information.
From: CFBLNet is used to evaluate new technologies and to develop tactics, techniques and procedures that facilitate the transition of promising technologies and capabilities into operational multinational information sharing capability enhancements.
We're not saying that this activity is related to the NSA or targeting of Americn civilians.
This (sample) budget document shows us that there is money set aside to develop plans and rocedures to share information. Those plans include estimates. Those estimates relate to assumptions about capacity. Those estimates are documented. Those reports are available to Congress and independent estimators. Using these budget reports, and estimates in other test and acquisition data provided to Congress, it's possible to estimate how many civilians were targeted.
Conversely, if they "don't know," then there's "no basis" for the budget estimate. But that defies reason.
Many people would be involved with the decision to review this question: Does the existing information technology, storage, and channeling system have enough capacity to transmit this information related to the unplanned interceptions of American citizens?
Many people would be involved in reviewing the original interception plans; and then comparing the subsequent changes which involved increased targeting of American citizens.
There is also another aspect of the information collection process: Getting that information to decision makers, and helping analysts sift through that information.
Here is an example of a program designed to do just that: Forward information to decision makers, staff, and analysts:
P 1 of 8: "Key deliverables provided by JSAS include wide-ranging force structure assessments, course of action development for the Joint Force environment, analyses and studies to aid in decision-making, and other analysis efforts to implement timely, low-cost initiatives."This means that before the information-system is developed, there is money set aside to ensure that the leadership can access that information.
We're not saying that this activity is related to the NSA or targeting of Americn civilians.
This budget document is a sample document realted to providing leadership with information. Using baseline assumptions and estimates, the planning will set aside money to conduct analysis.
One required analysis after 9-11: How much additional capacity do we need to support targeting of American civilians; and do we have enough capacity to meet our schedule objectives when supporting decision makers, planners, analysts, and warfighters.
Going back to pre 9-11-days, there were certain assumptions about what information the leaders needed. Then things changed. Then there are new assumptions:
-How many domestic targets do we want to be able to track;Before money is spent on a final product, there are many people involved with making sure everyone knows what is really needed:
- How quickly do we want the analysts to get access to, and analyze the data;
- How much information do we want the leadership to have access to;
- How do we know when we get what we need.
- What are the time constraints;The above factors would have changed pre- and post-9-11. And Congressional staffs would have been involved with the reviews. Here is an example, and note the Congressional involvement:
- How quickly do we need to handle this data;
- What are the requirements to handle what types of data in terms of capacity, speed, storage, and integration
• Congressional General ReductionsPage 111 of 233 shows the NSA-interest areas by geography related to Communications Security. The document is available to Members of Congress, including the most recent updates.
• Congressional Directed Reductions
• Congressional Rescissions
• Congressional Adds
• Congressional Directed Transfers
Source: 1 of 8.
We're not saying that this activity is related to the NSA or targeting of Americn civilians.
Budget documents show us that Congress is involved with budgeting decisions for specific reasons: The Committees have information related to available and required capacity; and this information is known relative to a change in monitoring of American civilians after 9-11.
Page 148 of 233 shows some sample capacity for units.
These numbers from the 1980s are what we call, "baseline," because they were before 9-11. If there are changes after 9-11, then we might have a conversation: Is the change related to new targeting against a wider set of targets?
What we don't (publicly) know (for sure) is how satellites were changed, reconfigured, or integrated differently after 9-11. But the answers aren't important.
What are the baseline requirements of that satelliteThen the staff make budget recommendations, and, as needed, there's additional money to support the change in requirements and resources to increase monitoring of American citizens.
Do our new requirements require modification of the existing satellites
If we do not have enough capacity, what are our options?
Congressional staffers would have reviewed the NSA acquisition documentation related to the test plans, and made budbet decisions in the following areas:
-Do we have enough satellites to cover the coverage requirementsIt doesn't matter what the answers to these questions are. The point is that there were discussions after 9-11; defense planners and contractors were involved; many budget estimates included planning factors to support the targeting of American citizens; and these planning and budgeting assumptions are documented.
- How many more satellites do we need to cover the targeting requirements
- How many satellite ground stations do we need to cover the change in targeting against American citizens
Let's go through a specific example, and show you how a small piece of information in a public disclosure sheds light on what Congress would review related to capacity requirements to support targeting American citizens.
Here is a sample disclosure in Wired:
When construction is completed in 2013, the heavily fortified $2 billion facility in Bluffdale will encompass 1 million square feet.The total square footage corresponds to a budget decision related to:
Wired discloses information related to budgets, facilities, and square feet. Those are important factors. They come from estimates. Those estimates are related to changes in how NSA is targeting American civilians; and changes in data analysis, storage, retention, and transmission rates/volumes over the baseline.
Someone knows how many American civilians were and are being targeted. Those numbers form the basis for budget justifications for facility construction, maintenance, and electronic upgrades required to handle additional capacity.
RequirementsNSA doesn't create a data-collection system, get its budget approved by Congress, unless it can demonstrate that it can access that information. Find it. And not lose it.
- How much data-storage growth do we need
- How many years do we want to store data in this facility
- How will we distinguish between local and foreign sources of information
NSA must know how many people they are targeting -- on average, above original plans -- otherwise they would have us (absurdly) believe that they have no idea what they're doing or whether they know for sure whether the information they store is related to a domestic or foreign threat. That defies reason.
Rather, before the facility is funded, that facility has to be justified; and that justification fits within an overall "acquisition strategy" related to a larger weapon system support.
For example, once a weapon system -- like a gun, plane, boat, or truck -- is deployed, the leadership reviews how information will go from the collection point; through the information pipeline (analysts, cables, satellites, ground stations, leadership); then to the final warfighter.
Simple Data Collection StepsEverything is reviewed. There are estimates for distances, time, capacity, storage, targeting levels, surges, and emergency capacity. These factors are documented and known to Congressional staffs.
1. Collection: Information collected
2. Information sent through information pipeline- Storage: Information is saved, and is accessible3. Used by Warfigher
- Analysis: Analysts access the data
- Planner: Planners use analysts' results to plan
- Decision maker: Approves, adjusts, or makes plans
Someone makes an estimate of the number of American civilians to bet targeted; and that estimate forms the basis for budget justifications for facilities, technology purchases, and infrastructure support to deploy, support, and maintain satellites and ground stations used for interception, analysis, and planning.
Without that estimate, nobody would (Credibly) justify spending money. Those funds would go to a different program, but doesn't happen. There are solid, defendable requirements based on estimates of the most likely number of civilians to be targeted in a given budget cycle.
The issue is putting the information together.
The US government after 9-11 was caught with a problem: What do we do to find who did this; how do we protect the country; and what are we going to say to the public if this happens again?
FISA was crafted to provide the President with a specific time-limit to conduct surveillance; then, after that time passed, seek legal authority to continue the monitoring.
After 9-11, the DOJ OLC and President agreed with Congress to conduct surveillance of American citizens. Without required warrants. Beyond what FISA authorized. Without Court review. As. Required. By. Law.
Personnel in the intelligence and law enforcement community were concerned: The interception "program" was not lawfully within the FISA-authorized lanes.
The existing program documentation includes cost estimates, budgets, and assumptions for planning and testing related to the required capacity to store this additional information. These changes were above the planned baseline.
It is not difficult to estimate how many American civilians were targeted. By contrast, if we are to believe that there is a "difficult" time estimating this number, then we are to (foolishly) believe that the planning assumptions the government used to pass and approve budgets was based on some mystical experience, disconnected from plans or reality.
That defies reason.
Rather, one reason NSA wants to keep most of its information beyond the reach of FOIA is that it doesn't want to spend time disclosing its acquisition plans, information capacities, and targeting assumptions.
But the public isn't asking for disclosures about technology used to defend us. We're asking about the baseline data used to make plans about acquiring technology used to target American civilians: If you won't hold yourselves accountable to FISA as it was written, could you share with us how many American civilians you did target?
The US government doesn't want to give an answer because that answer is connected with many people who knew the planning assumptions used to budget for information collection, storage, processing, analysis, and use.
Every budget decision connected with the NSA's domestic surveillance activity was connected with informed decisions related to national defense, storage capacity, information processing capabilites, and national objectives to provide data and analysis within specified time periods.
However, these decisions were not (obviously) done within the FISA lanes. They were done in "another" manner.
Regardless whether the government wants to be held accountable for government-sanctioned FISA violations, what we do know is that the changes in the NSA-connected targeting, storage, processing, and transmission times relates (in some way) to adjustments in how American citizens were targeted before 9-11 in a non-combat manner; and after 9-11 in a combat-theater.
DOJ OLC memos were classified, in part, because they defined the US continent as a theater of combat, where the President was granted wide latitude to conduct warrantless surveillance.
Regardless the legal decisions, we know based on a cursory review of public documents, that the only way the US government -- Congress, courts, and Executive branch/contractors -- could have fielded a modified interception system was if they were jonitly involved with the information, assumptions, and baseline data related to targeting American civilians:
"How many civilians were targeted" isn't an unknown, it was part of the planning to adequately budget, test, deploy the interception system; and then manage the data, analyze it, and retain it for future use.
Congress has the baseline data it needs to make estimates. That baseline data was well disseminated, known, considered, and ultimately goes into the Defense Appropriations [Link, GPO, DoD Appropriations: Senate Report].
We're not talking about traditional Defense Appropriations. We're talking about weapon systems used to gather information, connected with the Senate/House Intelligence Committees, and related to joint decisions.
1. Don't fall for the ruse that "nobody knows" how many civilians were targeted. We're not talking exact figures. We're talking about estimates related to planning factors which were included in budget decisions related to technology acquisition, information storage, satellite support, and information pipelines to support analysts, warfighters, leaders, and decision makers. Congress has access to the baseline data, and could make an independent estimate.
2. The baseline data required to make an estimate -- about the number of civilians targeted -- is available in documents for testing, deploying, supporting, and operating an interception system designed and modified to monitor domestic targets. DOJ OLC memos show us that the legal community assumed there were domestic threats as a premise for justifying interception outside FISA.
Decide how solid of an answer you want. If you want 100% confidence that every possible domestic threat is identified, then you must assume that NSA and Congress worked together to monitor all electronic communications of ever every American; and then store that information on the off chance it might need it.
Decide whether you want Congress to disclosure the details of how they were convinced to approve a budget for NSA facilities, satellite interception, and other information technology support. Although Congress has the baseline data and assumptions within the various cost, test, and acquisition reports, Congress isn't obliged to disclose any of those details.
Assume that there were enhanced targeting protocols. As there were higher levels of communication between what were perceived to be greater threats from people who matched certain profiles, those communications were given greater emphasis.
This would not change the original assumption: That there was the option to look at communication by others who were domestically brought into the communication nexus. The question isn't what percentage of the public was targeted; but what percentage of your data does NSA still retain, use, and provide to law enforcement as "investigative leads".