[Infowarrior] - Pre-9/11 records help flag suspicious calling

Wed May 31 12:02:56 EDT 2006

Pre-9/11 records help flag suspicious calling
Updated 5/22/2006 11:46 PM ET
By John Diamond and Leslie Cauley, USA TODAY
http://www.usatoday.com/news/washington/2006-05-22-nsa-template_x.htm

WASHINGTON ‹ Armed with details of billions of telephone calls, the National
Security Agency used phone records linked to the Sept. 11, 2001 attacks to
create a template of how phone activity among terrorists looks, say current
and former intelligence officials who were briefed about the program.

The template, the officials say, was created from a secret database of phone
call records collected by the spy agency. It has been used since 9/11 to
identify calling patterns that indicate possible terrorist activity. Among
the patterns examined: flurries of calls to U.S. numbers placed immediately
after the domestic caller received a call from Pakistan or Afghanistan, the
sources say.

USA TODAY disclosed this month that the NSA secretly collected call records
of tens of millions of Americans with the help of three companies: AT&T,
Verizon and BellSouth. The call records include information on calls made
before the Sept. 11 attacks.

Verizon and BellSouth released statements last week denying they had
contracts with the NSA to provide the call information. A Verizon spokesman
said the company's statement did not include MCI, the long-distance company
that Verizon acquired in January.

The "call detail records" are the electronic information that is logged
automatically each time a call is initiated. For more than 20 years, local
and long-distance companies have used call detail records to figure out how
much to charge each other for handling calls and to determine problems with
equipment.

In addition to the number from which a call is made, the detail records are
packed with information. Also included: the number called; the route a call
took to reach its final destination; the time, date and place where a call
started and ended; and the duration of the call. The records also note
whether the call was placed from a cellphone or from a traditional "land
line."

"They see everything," says Sergio Nirenberg, director of systems
engineering at Science Applications International Corp., a Fortune 500
research and engineering company that works with the federal government.
Nirenberg said he does not have direct knowledge of the NSA database.

The disclosure of the call record database has raised concerns among
lawmakers, such as Sen. Ron Wyden, D-Ore., that the records give the
government access to information about innocent Americans. President Bush
has insisted that intelligence efforts are only "focused on links to
al-Qaeda and their known affiliates."

The intelligence officials offered new insight into one way the database of
calls is used to track terrorism suspects.

The officials, two current U.S. intelligence officials familiar with the
program and two former U.S. intelligence officials, agreed to talk on
condition of anonymity. The White House and the NSA refused to discuss the
template or the program.

Using computer programs, the NSA searches through the database looking for
suspicious calling patterns, the officials say. Because of the size of the
database, virtually all the analysis is done by computer.

Calls coming into the country from Pakistan, Afghanistan or the Middle East,
for example, are flagged by NSA computers if they are followed by a flood of
calls from the number that received the call to other U.S. numbers.

The spy agency then checks the numbers against databases of phone numbers
linked to terrorism, the officials say. Those include numbers found during
searches of computers or cellphones that belonged to terrorists.

It is not clear how much terrorist activity, if any, the data collection has
helped to find.

Not every call record contains the same level of detail. Depending upon how
a business has its phone system set up, the call detail records might not
register complete information on an outgoing call, Nirenberg says.

The records might note only the general number of the business, not the desk
extension or, in the case of a hotel, the room extension. Incoming calls
that don't go through the switchboard and are dialed directly would have
complete call detail records, Nirenberg says.

Not all local calls generate a call detail record, Nirenberg says. But
that's not to say that phone companies can't create a record for local
calls.

"It's just a matter of whether they enable that function" that allows that
to happen, he says. Cellphone calls, on the other hand, create call detail
records in almost every case.

Toll calls ‹ meaning those that aren't technically long-distance but still
cost extra ‹ also generate call detail records, he says. "If they charge you
separately for it, they have a call detail record," Nirenberg says.

The current and former intelligence officials say that the point of the
database is to create leads. The database enables intelligence analysts to
focus on a manageable number of suspicious calling patterns, they say.