In the annals of national security, the Obama administration will long be remembered for its unprecedented crackdown on whistleblowers. Since 2009, it has employed the World War I–era Espionage Act a record six times to prosecute government officials suspected of leaking classified information. The latest example is John Kiriakou, a former CIA officer serving a thirty-month term in federal prison for publicly identifying an intelligence operative involved in torture. It’s a pattern: the whistleblowers are punished, sometimes severely, while the perpetrators of the crimes they expose remain free.
The hypocrisy is best illustrated in the case of four whistleblowers from the National Security Agency: Thomas Drake, William Binney, J. Kirk Wiebe and Edward Loomis. Falsely accused of leaking in 2007, they have endured years of legal harassment for exposing the waste and fraud behind a multibillion-dollar contract for a system called Trailblazer, which was supposed to “revolutionize” the way the NSA produced signals intelligence (SIGINT) in the digital age. Instead, it was canceled in 2006 and remains one of the worst failures in US intelligence history. But the money spent on this privatization scheme, like so much at the NSA, remains a state secret.
The story goes back to 2002, when three of the whistleblowers — Loomis, Wiebe and Binney — asked the Pentagon to investigate the NSA for wasting “millions and millions of dollars” on Trailblazer, which had been chosen as the agency’s flagship system for analyzing intercepted communications over a smaller and cheaper in-house program known as ThinThread. That program was invented by Loomis, one of the NSA’s top software engineers, and Binney, a legendary crypto-scientist, both of whom began working for the NSA during the Vietnam War. But despite ThinThread’s proven capacity to collect actionable intelligence, agency director Gen. Michael Hayden vetoed the idea of deploying the system in August 2001, just three weeks before 9/11.
Hayden’s decisions, the whistleblowers told The Nation, left the NSA without a system to analyze the trillions of bits of foreign SIGINT flowing over the Internet at warp speed, as ThinThread could do. During the summer of 2001, when “the system was blinking red” with dangerous terrorist chatter (in former CIA Director George Tenet’s famous words), they say the agency failed to detect critical phone and e-mail communications that could have tipped US intelligence to Al Qaeda’s plans to attack.
“NSA intelligence basically stopped in its tracks when they canceled ThinThread,” says Wiebe, sitting next to Binney at an Olive Garden restaurant just a stone’s throw from NSA headquarters in Columbia, Maryland. “And the people who paid for it were those who died on 9/11.”
The NSA Four are now speaking out for the first time about the corporate corruption that led to this debacle and sparked their decision to blow the whistle. In exclusive interviews with The Nation, they have described a toxic mix of bid-rigging, cronyism and fraud involving senior NSA officials and several of the nation’s largest intelligence contractors. They have also provided an inside look at how Science Applications International Corporation (SAIC), the government’s fourth-largest contractor, squandered billions of dollars on a vast data-mining scheme that never produced an iota of intelligence.
“That corruption was the heart of our complaint — the untold treasure spent on a program that never delivered,” Drake explained to me one morning in Bethesda, Maryland, across the street from the local Apple Store where he now works. He wants it understood that the NSA Four’s case was not primarily about President Bush’s warrantless domestic surveillance program, as outrageous as that was. “Some in the press think we blew the whistle on Trailblazer because, oh, it violated people’s rights,” he said. “Well, it didn’t violate anybody’s rights, or create any intelligence, because it never delivered anything.”
But there’s a direct link between their case and domestic spying: the technology developed at the NSA to analyze foreign SIGINT — including programs created for ThinThread — was illegally directed toward Americans when the agency radically expanded its surveillance programs after the 9/11 attacks. In response, Drake, Wiebe and Binney have taken to the media to expose and denounce what they say is a vast and unconstitutional program of domestic surveillance and eavesdropping.
By using the NSA to spy on American citizens, Binney told me, the United States has created a police state with few parallels in history: “It’s better than anything that the KGB, the Stasi, or the Gestapo and SS ever had.” He compared the situation to the Weimar Republic, a brief period of liberal democracy that preceded the Nazi takeover of Germany. “We’re just waiting to turn the key,” he said.
James Bamford, the world’s foremost authority on the NSA, said Americans should take Binney seriously. “Remember, he was the equivalent of a general because of his rank” at the NSA, he said. “In terms of going public with their names and faces,” the NSA Four rank as the most important whistleblowers in NSA history, he added. “Obviously, I think they’re very credible.” Because of their experience in some of the NSA’s most secret programs, the NSA Four are “indispensable” to understanding the agency’s unconstitutional operations, said Jameel Jaffer, deputy legal director for the ACLU. “NSA is an extraordinarily powerful agency with sophisticated technology that is poorly understood by many experts. It operates behind a veil of secrecy that is penetrated only occasionally by whistleblowers like these.”
In 2011, the Pentagon’s Office of the Inspector General (OIG) declassified parts of its 2005 audit of Trailblazer and ThinThread, which was triggered by the NSA Four’s complaint. Its report severely admonished the NSA for “wasting” its resources on Trailblazer (the amounts are redacted). It also found that the agency had overlooked fraud and abuse and “modified or suppressed” studies that put ThinThread in a positive light.
The NSA, the Office of the Inspector General concluded, “disregarded solutions to urgent national security needs.” And in a chilling comment that foreshadowed the government’s persecution of the whistleblowers, the OIG noted twice that some of the NSAers and contractors who came forward were in great fear of retaliation. “Many people we interviewed asked not to be identified for fear of management reprisal,” it stated.
The OIG report is the government’s only public response to the extraordinary charges made by the whistleblowers. The NSA would not comment on any aspect of this story. Neither would SAIC or any of the other contractors involved with Trailblazer. Eventually, one intelligence source responded to the most serious charge, but only if promised anonymity. “Essentially, what they’re saying is that we missed 9/11,” said a former high-ranking government official with intimate knowledge of the NSA’s SIGINT capabilities. “That’s absolutely bizarre. I mean, how hard is it to prove a negative? The only way I can respond is to violate a sacred oath I take very seriously, and I won’t do that.”
In fact, none of the whistleblowers were convicted of leaking classified information. Yet all have paid dearly for speaking out. “This is all about retaliation, reprisals, revenge and retribution,” said Jesselyn Radack, the Government Accountability Project lawyer who represents the whistleblowers before the OIG. She describes the charges against Drake as ludicrous. “Tom was not charged with disclosing classified material but retaining information for possible disclosure,” she told me.
In 2010, Eric Holder’s Justice Department indicted Drake on ten felony counts, including five under the Espionage Act, based primarily on Drake’s conversations with a single reporter. Those charges were dropped in 2011 after he pleaded guilty to a misdemeanor charge of exceeding the authorized use of a computer. The FBI’s investigation of the other three ended at the same time. But like Drake, they lost their security clearances and thus their ability to work in intelligence.
None of the whistleblowers have any doubt about who is responsible for the intelligence failures. “No NSA director did as much damage to the agency as Gen. Michael V. Hayden,” Binney told me. Hayden is now a principal with the Chertoff Group, the intelligence advisory company led by former Homeland Security Secretary Michael Chertoff. His primary job there is advising government agencies and corporations about cybersecurity, which keeps him in constant contact with the NSA. The press office at the Chertoff Group never responded to my requests to interview Hayden, so I tracked him down myself. In February, after he made an appearance at George Washington University, I asked Hayden if the NSA would have been better off not wasting “hundreds of millions of dollars” on Trailblazer and going with its in-house system, ThinThread. In his first public comments on Trailblazer since 2005, Hayden admitted that the NSA and its contractors “overreached.” The agency “outsourced how we gathered other people’s communications,” he said. “And that was a bridge too far for industry. We tried a moonshot, and it failed.” But he wouldn’t comment on ThinThread (which, as Drake wryly pointed out to me, “did get to the moon”).
Last October, at a conference on cybersecurity at the National Press Club, I asked Hayden about the whistleblowers’ charges regarding the NSA’s domestic surveillance program. At the mention of the term “whistleblowers,” he suppressed a smile. “As a former NSA director, I can tell you there is no workforce in the federal government more conscientious” about privacy and Fourth Amendment rights, he told me, avoiding any direct mention of his critics from the agency. “But that’s a trusting sort of thing, and I realize it doesn’t have much purchase in America.” The public, he added, must understand that the agency “has a problem. To be good, NSA needs to be powerful, and frankly it needs to be a bit secret.” The message was clear: people like the NSA Four should stay quiet.
But here’s the irony: Even though Trailblazer failed, the massive enterprise it created set the model for the wholesale privatization of national security work after 9/11. As I described in my 2008 book Spies for Hire, this tsunami of taxpayer largesse reached into every nook and cranny of the intelligence-industrial complex that had slowly been built over the 1980s and ’90s to service the vast CIA and Pentagon needs for surveillance, reconnaissance and advanced IT. In the end, a handful of contractors earned at least $1.2 billion from Trailblazer, and probably several billion more, since huge amounts were squeezed from other parts of the NSA, including its detachments in the Army, Navy and Air Force. “It was a feeding frenzy,” recalls Drake.
One incident in particular crystallized the greed and hubris that gripped the NSA’s top officials at the time. It happened right after the 9/11 catastrophe, when Samuel Visner, a former SAIC executive who ran Trailblazer for the agency’s SIGINT division, held a meeting with contractors working on ThinThread (one of them still works inside the NSA; he is the source for this anecdote). Now that Trailblazer was the NSA’s chosen SIGINT project, the contractors were worried that they would be cut out of the money loop. But Visner assured them that, in the wake of the attacks, their worries were gone.
“We can milk this thing all the way to 2015,” he said, according to separate accounts by Drake, Binney and Wiebe, who heard it directly from the contractor. “There’s plenty to go around.” In 2003, Visner returned to SAIC as a director of its Intelligence, Security and Technology Group. Visner is now a vice president in charge of cybersecurity policy at CSC, one of the NSA’s most valued contractors (neither CSC nor Visner would comment).
Trailblazer marked a dramatic shift for the agency, away from small, government-led research projects that hired contractors only for specific functions to huge projects run by contractors who answer only to the senior leadership of the NSA. Since its origins during the Cold War, the NSA had led the world in encryption, computer and voice-processing technologies. But all of its development work was done by an elite corps of government scientists and mathematicians. Until the 1980s, “virtually everything was done in-house,” says Loomis, who spent much of his career in the agency’s telecommunications and computer services directorate. “As for contracting for development,” he added, “that did not happen.”
That began to change around the turn of the century, when the NSA was forced to wrestle with enormous technological changes. For most of its existence, the agency had been focused on radio and microwave signals traveling through the atmosphere. The telecom revolution and the Internet altered the game forever. Suddenly the NSA was deluged with digitized cellphone traffic and e-mail flowing across fiber-optic cables that were almost impossible to intercept. It was an “explosion,” Hayden told me at George Washington University. “And if you’re a signals intelligence organization — we eavesdrop, right? — if your technology isn’t the technology of the target, then guess what you are? Deaf!” Hayden was appointed director in 1999, when the agency was struggling to figure a way out of this conundrum.
His solution was to turn away from the NSA’s historic legacy and privatize. “Hayden made a fateful choice,” says Drake. “If we’re not going to make it, we’re going to buy it. That was the mantra.” Hayden couched his plan as “transformation.” Trailblazer, its centerpiece, involved turning the NSA’s most precious asset, SIGINT analysis, over to the private sector, from the development to the operations stage. The idea was to use cutting-edge technologies to analyze intercepted cellphone and e-mail traffic for clues to plots against the country. But Drake, who had extensive experience as a contractor and in the private sector, says it was flawed from the start.
In the early 1990s, after a stint in Air Force intelligence and the CIA, Drake was assigned to a top-secret NSA project called MINSTREL that was digitizing intercepted voice communications. But he came in as a contractor and his actual employer was the now-defunct GTE Government Systems. There, he encountered his first corruption, including massive cost overruns and fraud; in 1992, he reported GTE to the Pentagon hotline. “That’s how I became a whistleblower,” he told me (MINSTREL, like Trailblazer, was canceled without becoming operational). Drake later worked inside the NSA for Booz Allen Hamilton and other contractors before finding work in the late 1990s as a private consultant in Silicon Valley. He returned to the NSA in 2001 as a member of the agency’s senior executive service. As a result of these experiences, Drake knew that hiring big corporations to develop new technologies ran against the grain of the information revolution. Trailblazer “was an industrial-age model so inappropriate for the digital age,” he said. The model of innovation in the computer industry was “very small teams, skunk teams, developing the next critical applications. And here we were going in the completely opposite direction.”
That’s because corporations — and their moles inside the NSA — ran Trailblazer from the start. The fix began in 2000, when Hayden hired Bill Black, a wily NSAer who had worked at the highest levels of SIGINT in Europe as Hayden’s deputy. For the previous three years, from 1997 to 2000, he’d been working for SAIC, then a rising San Diego defense contractor with extensive contacts in the intelligence community. Black’s new job at the NSA was to carry out Hayden’s “transformation” plan by siphoning business to companies like his. To get the Trailblazer contract up and running, Black hired one of his closest associates from SAIC: Sam Visner, who had left the NSA in the mid-1990s to work as a contractor.
Visner was a true believer. His father had been a scientist on the Manhattan Project during World War II, and according to his former associates, he saw Trailblazer as the twenty-first-century equivalent of the atomic bomb needed to win the “war on terror.” Hayden’s hiring of him and Black, the whistleblowers say, set the stage for SAIC winning the Trailblazer contract.
In April 2001, the NSA awarded the first part of the contract to SAIC, Booz Allen Hamilton, Lockheed Martin and TRW, which was absorbed into Northrop Grumman in 2002. Their job was to “define the architecture, cost, and acquisition approach” for the project, according to a 2001 NSA press release. The results of their deliberations were announced in September 2002, when the NSA, as recommended by the companies, awarded the prime contract, called the Technology Demonstration Platform, to SAIC. It was initially worth $280 million. SAIC’s team included Northrop Grumman, Boeing and CSC — the company where Visner now works.
By this time, Drake was a senior “change leader” reporting to Maureen Baginski, who was the agency’s director of signals intelligence and number three in the hierarchy, behind Hayden and Black. Drake sat in on many of the Trailblazer meetings and claims the concept setup was a scam. He told me that the four companies agreed secretly that the prime contract would go to SAIC, while they would divvy up big chunks of the subcontracting among themselves. Later, as a material witness for the Pentagon’s OIG, he provided investigators with hundreds of documents relating to the bidding and award process for Trailblazer; they remain classified, and Drake can talk about them only indirectly. Most crucial, he says, were statements he collected from NSA officials showing that agency leaders had told their procurement office to hand the award to SAIC. “The orders came from the very top,” Drake says. “They just ensured it was weighted in a way to award it to SAIC and its subcontractors. That was the deal.”
I went over these details with a government procurement analyst who once worked for the Pentagon’s OIG and has had access to classified contracts. He could not comment on the record because of his current position in government, but was shocked at the evidence of collusion. “That’s the fraud, waste and abuse right there,” he said. “You’re steering the contract to a favored client. That’s blatant and outright favoritism. The impropriety is apparent.”
The primary showcase for Trailblazer was a large building leased by Northrop Grumman in the “National Business Park” next to the NSA. There the agency and its contractors showed their system off to congressional overseers and intelligence leaders. The sessions took on increasing urgency after 9/11. “Basically, they took one whole portion of their facility to turn into a demonstration room, a showcase,” Drake recalls. “But that’s all it was: show and tell, a dog and pony show. Very large screens, fancy computers stacked up, a director’s place in the middle. But I have to tell you, there was nothing behind it.” Congress and the NSA finally agreed. After millions of dollars in cost overruns, Trailblazer was quietly terminated in 2006 by the current NSA director, Gen. Keith Alexander.
If Trailblazer was a massive corporate boondoggle, ThinThread was the embodiment of the “skunk team” approach that had made the NSA the crown jewel of US intelligence. It cost less than $3 million, was small enough to be loaded onto a laptop, and included anonymization software that protected the privacy rights of US persons guaranteed in the 1978 Foreign Intelligence Surveillance Act (FISA). And while Trailblazer employed hundreds of contractors, ThinThread was the work of less than a dozen NSA employees and a handful of contractors.
It came out of the NSA’s SIGINT Automation Research Center, or SARC, where Loomis was director of R&D. In the late 1990s, he began working on tackling the Internet and the rapidly growing use of cellphones and e-mail. “I knew more and more intelligence and law enforcement targets would be making use of these cheap commodity electronics,” Loomis told me, sitting in the living room of his Baltimore home. “So I jumped in with both feet.”
The genius of the group was Bill Binney, Loomis’s deputy at SARC. An amiable man who suffers from diabetes, Binney joined the NSA in 1966 while in the Army and began working as a civilian in 1970. In 1997, he was named technical director of SARC’s World Geopolitical and Military Analysis Reporting Group. “That’s when I started looking at the world,” Binney told me.
While the NSA brass and their corporate advisers believed the Internet could be tamed only by a massive corporate-run program, Binney found that cracking it was relatively simple. The secret was in the numbering system established by telecom providers: every phone has a number, every e-mail has an address, and every computer linked to the Internet has a unique identifier. The encryption systems from the past were “so much more complex,” he says. “This was simple shit.”
ThinThread was basically three programs. The front end, analyzing incoming streams of Internet traffic, had been developed by Loomis. “It could take massive amounts of input and reassemble it in a sensible order,” he says. “And then, with a minimum amount of bandwidth requirements, could provide it to whoever was interested in a particular topic and do it while accommodating all privacy concerns that are required by FISA.” The middle portion was the anonymization software that hid the identities of US persons until there was sufficient evidence to obtain a warrant (Trailblazer had no built-in FISA protections). The back end, built by Binney, was the most powerful element of the system. It translated the data to create graphs showing relationships and patterns that could tell analysts which targets they should look at and which calls should be listened to. Best of all, “it was fully automated, and could even be remotely controlled,” Binney says.
But there was another crucial difference with the Trailblazer model: ThinThread did its automated analysis at the point of interception; Trailblazer downloaded everything flowing over the Internet and analyzed it after the fact with key words and phrases. “Trailblazer made no distinction up front,” says Binney. “They didn’t try to determine ahead of the interception what to listen to. They just took it all.” This model of “taking it all” remains the NSA’s modus operandi, and it is why, Binney and Wiebe say, the agency is building a massive data center in Utah.
The ThinThread prototype went live in the fall of 2000 and, according to my sources, was deployed at two top-secret NSA listening posts. One was the Yakima Research Station in Washington State, which gathers electronic communications from the Asia-Pacific region and the Middle East. The other was in Germany and focused primarily on Europe. It was also installed at Fort Meade. In addition, several allied foreign intelligence agencies were given the program to conduct lawful surveillance in their own corners of the world. Those recipients included Canada, Germany, Britain, Australia and New Zealand. “ThinThread was basically operational,” says Binney. “That’s why we proposed early deployment in January 2001.”
As ThinThread was being tested, word spread throughout the intelligence community that the NSA had a “cheap Trailblazer” that could help with surveillance. One day, Charlie Allen, a legendary figure who was head of collections for the entire intelligence community under George Tenet, came to see it. Black, Baginski and Visner were given demonstrations as well. “But Hayden never visited the SARC,” says Binney. “Not once.” Yet on August 20, 2001 — “at 4:30 in the afternoon,” Loomis says, reading from his notes of the meeting — Baginski informed him that ThinThread would not become operational. Why? “It would have made Trailblazer meaningless,” says Binney.
During this time, Binney and Wiebe, who was working on the ThinThread team as a SIGINT analyst, were called in to describe their system to congressional oversight committee staff, in particular a GOP staffer named Diane Roark. Long concerned about the NSA’s technical problems, she demanded that it keep ThinThread alive and provided funds to keep it going (she declined to be interviewed).
According to the whistleblowers, the 2002 intelligence budget, which was signed by President Bush, included $9 million for ThinThread and an order to Hayden to install it at eighteen sites around the world considered the most critical for counterterrorism. But the NSA, they say, defied the spending directive (ironically, considering what happened after 9/11, Hayden’s general counsel told Loomis that ThinThread did not meet the agency’s FISA requirements).
Then came the shock of 9/11. With the entire intelligence community frantically working to find who was responsible, the SARC team tried to persuade Baginski to put ThinThread into operation. “With each passing day,” Wiebe e-mailed her on October 8, “more and more information is coming out regarding the facts re what Al Qaeda is using for communications, yet the only relevant weapon in your arsenal continues to sit on the sidelines 27 days after the events of September 11.” Baginski, who is now the CEO of Summit Solutions, a contractor specializing in SIGINT interception, told me, “I’m not going to talk about it.”
But she did take action. According to Drake, Baginski approved a plan to plug ThinThread’s automated analysis system into an enormous NSA database called PINWALE that included records of thousands of cellphone calls and e-mails. They found actionable intelligence — links between individuals and organizations — that had not previously been discovered or had not been shared before 9/11. Drake, who was ThinThread’s program manager by this time, still can’t talk specifics because the information remains classified; but he insists it could have alerted US intelligence to the 9/11 plot. “And that’s what caused them to finally shut ThinThread down, because of the severe embarrassment it could have caused,” he told me.
In the weeks after the attacks, NSAers became aware that Hayden had changed the rules of engagement by throwing out the warrants required for surveillance of US persons. As the public was to learn in December 2005, when the secret wiretapping was exposed in The New York Times, the NSA was sifting through oceans of cellphone and e-mail traffic from AT&T, Verizon and other carriers. This massive data-mining program was given a secret code name: Stellar Wind. It came as a shock to many NSA employees. “People came to me and said, ‘My God, they’re pointing our system toward the United States,'” recalls Drake. For Binney, the last straw came when he learned that the graphing software he had developed for ThinThread had been attached to the NSA’s database to begin the “hot pursuit” of Al Qaeda suspects — but without the privacy restraints he and Loomis had built in. “They took the graphing software and began tracking relationships on a gargantuan scale,” he told me. “They considered it domestic intelligence.”
On October 31, 2001, seven weeks after 9/11, Binney and Wiebe walked out the NSA’s doors for the last time. “I couldn’t take the corruption anymore,” Binney told me. Loomis left too, taking a job with a nearby contractor. In September 2002, they signed an official letter of complaint to the Pentagon OIG that was joined by Roark, the House staffer. Drake, who stayed on at the NSA until 2008, testified as a material witness. When the OIG released its report in 2005, it exonerated the whistleblowers. The NSA, it concluded, was developing a “less capable long-term digital network exploitation solution that will take longer and cost significantly more to develop” than ThinThread.
After they left the NSA, Binney, Wiebe and Loomis were granted permission to form a company and sell the analytical skills they had developed for the NSA and ThinThread to other government agencies. But they quickly found they’d been blackballed. All three told me the NSA contacted every agency approached by the whistleblowers — including the Army Intelligence and Security Command and the National Reconnaissance Office — and persuaded them not to do business with the three. “We’ve been denied untold hundreds of thousands of dollars in potential income as a result,” Wiebe told me. The three are considering a lawsuit against the NSA officials responsible. But redress is going to be difficult: in late March, Binney and Wiebe were informed by the Pentagon’s inspector general that their 2012 request for an investigation into reprisals against whistleblower and a review of their clearances had been rejected. “The alleged personnel actions occurred…over a decade ago” and are “outside the scope of whistleblower provisions”of US law, the OIG said in a letter made available by their attorney, Jesselyn Radack (Drake’s complaint is still outstanding).
Meanwhile, the NSA Four watch in grim fascination as the crackdown on whistleblowers continues, and Congress and the Supreme Court approve laws legalizing the surveillance state they’ve spoken out against. They see some hope in President Obama’s recent order extending legal protections to intelligence whistleblowers. But like other observers, they are waiting to see if its implementation will have any effect. Without real protections, they say, accountability is impossible. “When you permit something like Trailblazer and no heads roll except for the whistleblowers, what kind of message does that send to the American public?” asked Loomis.
Despite the recent setback, Binney and Wiebe remain determined to speak out against the surveillance state. “I’m trying to stir shit up,” Binney told me. “I’m hoping they charge me, because that would get me into court and I could really talk about this in the open.” Drake, for his part, has become a leading voice for civil liberties; on March 15 he delivered a powerful speech about whistleblowing at the National Press Club. Speaking in the same room where General Hayden haughtily dismissed his case last fall, he slammed a government that “prefers to operate in the shadows and finds the First Amendment a constraint on its activities.” The act of “taking off the veil of government secrecy has more often than not turned truth-tellers and whistleblowers into turncoats and traitors,” who are then “burned, blacklisted and broken by the government on the stake of national security,” he said. “And yet I was saved by the First Amendment, the court of public opinion and the free press — including the strengths and growing resilience of the alternative media.” Those rights of expression, he added, “are the very cornerstone of all our liberties and freedoms.” And that may be the most important lesson of all.
This article was reported in partnership with The Investigative Fund at The Nation Institute, now known as Type Investigations.