Free @War: The Rise of the Military-Internet Complex by Shane Harris

fusion center that was set up in Iraq six years later. Contact chaining was also the same method of analysis that the soldier-spy team at Balad used to hunt down Iraqi insurgents and terrorists. The system was even used on targets in Iraq before the first US boots hit the ground. In 2003, prior to the United States–led invasion, Bush authorized the NSA to spy on members of the Iraqi Intelligence Service whom the CIA had determined were engaged in terrorist activity that threatened the United States. (The same claim was later used to help publicly justify the United States’ case for war, along with the CIA’s conclusion that Iraq had been manufacturing and stockpiling chemical weapons. Both claims were later proven false. The NSA stopped spying on the Iraqi Intelligence Service under the Stellar Wind program in March 2004.)
    As the months passed, NSA’s contact chaining became more automated. Analysts developed tools that would send alerts about new people in the chain that they might want to examine. Anyone who had direct contact with an individual already on the NSA’s list could be reported to the FBI or the CIA. Usually, the analysts would move out two hops from a target. It was up to them to determine whether the information was reportable—that is, whether the names of people they were finding in their digital nets could be included in intelligence reports and sent around the government. This was a crucial step. If an analyst discovered that an e-mail or a phone number was connected to a US citizen or a legal resident, the law usually demanded that he stop the analysis and obtain a warrant before going any further. If a communication of one of these so-called US persons was referred to even tangentially in an intelligence report, the NSA was supposed to use an anonymous designation: “US Person 1,” for instance. This process, called minimization, was meant to keep innocent Americans’ names from ending up in covert intelligence reports and being associated with terrorists or spies. It was also meant to prevent the NSA from building dossiers on Americans.
    But it wasn’t data on Americans that the NSA was most curious about. What Hayden called “the real gold of the program” was the entirely foreign communications that the NSA intercepted as they passed through telecommunications lines and equipment in the United States. The agency could spy on the world without leaving home.
    From the start of the program until January 2007, the NSA collected content from 37,664 telephone and Internet selectors, of which 92 percent were foreign, according to a report by the agency’s inspector general. This does not account for metadata collection, but as with content, that too was mostly focused on foreign targets. Precisely what portion of the mix was represented by Iraqi communications is unknown. But by the time the 2007 surge began, NSA had put in place the spying infrastructure to collect every piece of electronic data going in and out of the country—every phone call, every text message, every e-mail and social media post. The infrastructure of Stellar Wind, with its pipes and monitoring equipment connected to the switching stations and offices of the United States’ biggest telecommunications providers, gave the NSA several entry points into the global network. From there it could scan and copy communications. And it could also launch cyber attacks. The spying paths created by Stellar Wind equipment for electronic eavesdropping were the same ones used to provide access to Iraqi phone and computer networks and implant malware.
    Few people have ever known—and it has never been publicly reported—that the key to winning the war in Iraq was a spying program set up to win the war on terror. It was a network of cyber surveillance meant to keep tabs on Americans that allowed US forces to track down Iraqi insurgents.
    Â 
    When this massive intelligence-processing