- Evidence shows surveillance has disrupted at least half a dozen plots
- An intercepted e-mail helped foil a plot against New York subway trains
- Intercepted coded e-mails were cited in Danish and trans-Atlantic plots
- Much of the world's e-mail goes through servers in the United States
As arguments rage about the proper balance between civil liberties and national security, a survey of recent terror cases shows that intercepted communications have often provided investigators with vital clues.
According to court documents and other testimony, at least half a dozen major plots have been disrupted in the past five years thanks to such surveillance. Controversy was ignited after the Guardian newspaper in Britain and the Washington Post in the United States reported that the U.S. National Security Agency was monitoring e-mail.
On September 6, 2009, an e-mail was sent from a Yahoo account in Pakistan to another Yahoo address in Colorado. The massive data-gathering computers of the NSA in Fort Meade, Maryland, and at GCHQ, the UK's signals intelligence agency, instantly logged the time -- 7:14 a.m. EDT -- and recipient, because the sender was someone known to U.S. and UK security services.
He was known as "Ahmad," and he had been on the radar of British intelligence since a suspected al Qaeda cell had been uncovered in Manchester earlier that year, according to senior U.S. counterterrorism officials.
The mystery was the recipient, who had the address firstname.lastname@example.org. Whoever it was lived in the Denver area. Who in Colorado was in touch with a man suspected to be a handler for al Qaeda?
Within two hours, njbzaz replied, "Listen I need a amount of the one mixing of (flour and ghee oil) and I do not know the amount."
Minutes later, he sent a follow-up: "Plez reply to what I asked u right away. the marriage is ready flour and oil."
He appeared to be asking for clarification on the quantities of chemicals needed to make a bomb. Flour had frequently been part of the mixture in al Qaeda bombs in the West.
U.S. authorities quickly established that the Denver-based e-mailer was Najibullah Zazi, a 24-year-old Afghan resident alien. Zazi was trying to make high explosives as part of an ambitious plot to blow up trains on the New York subway. "Ahmad" was his handler, a man he had met in Pakistan's restive North West Frontier Province the year before, and who had taken him to be trained in bomb-making at an al Qaeda camp.
U.S. Director of National Intelligence James Clapper has pointed to both the Zazi case and one other in which intercepted communications were critical: that of David Headley, an American citizen who was involved in reconnoitering the sites of the Mumbai bombings in 2008.
Headley was also involved in a conspiracy to attack a Danish newspaper that was detected before it could be carried out.
"We aborted a plot against a Danish news publisher based on the same kind of information," Clapper told NBC. "So those are two specific cases of uncovering plots through this mechanism that prevented terrorist attacks."
In the Zazi case, it's not known whether the interception of the e-mails was through the PRISM program, which was highlighted in the recent Guardian and Washington Post stories. They described it as a program that allows NSA analysts to extract the details of people's online activities -- including "audio and video chats, photographs, e-mails, documents" and other materials -- from computers at Microsoft, Google, Apple and other Internet firms.
The fact that both men had Yahoo addresses meant that their communications are likely to have passed through servers in the United States. And terrorism experts point out that even communications that don't involve anyone on U.S. soil often travel through the United States because American companies dominate online media.
The online monitoring company Pingdom estimated last year that 43% of the world's top million sites were hosted in the United States. And 30% of all root server sites, a critical part of the Internet's infrastructure, were in the United States.
In classified slides of the PRISM program dated April 2013 and obtained by the Washington Post, the United States is described as the "World's Telecommunications Backbone." One slide notes that "a target's phone call, e-mail or chat will take the cheapest path, not the physically most direct path."
Yahoo is mentioned as one of nine "current providers" to PRISM. Another slide said it had joined the program in March 2008. But sources at Yahoo and the other companies mentioned in the news stories have since said they had no knowledge of PRISM.
Yahoo told CNN last week: "We do not provide the government with direct access to our servers, systems, or network."
In the Zazi case, the Yahoo e-mail exchange turned out to be critical. Less than 72 hours afterward he began a high-speed dash across the country to New York, where his co-conspirators awaited him. But by then he was being followed.
On September 10, Zazi was stopped at a "random" checkpoint established on a bridge into New York. But Port Authority police did not detect detonating explosives he had hidden in a jar inside a suitcase in his car, despite bringing a canine to sniff around the vehicle.
Zazi suspected something was up when he was stopped and arranged for the explosives to be flushed down a toilet after he drove into New York City. He later abandoned the plot and flew back to Denver. He was arrested a short time later.
Other recent terror cases have also involved the interception of communications between alleged suspects. The 2006 plot to bomb several trans-Atlantic airliners was the subject of close intelligence sharing between the United States and the United Kingdom, with one former U.S. official saying that the CIA and NSA had gathered intelligence for the investigation "in real time" using "the intelligence tools available."
During the trial, intercepted coded e-mails sent and received by two of the defendants were introduced as evidence.
An e-mail from Pakistan sent on July 21, 2006, said: "Regarding the aftershave bottles, you need 40x100ml bottles. I have orders for those already so I need those asap. I need to know when you can get me those asap."
Prosecutors said the "aftershave" was actually hydrogen peroxide, and the quantities cited were needed to create the right concentrations.
On August 3, 2006, one of the defendants, Abdulla Ahmed Ali, wrote back: "By the way, I've set up my mobile shop now. Now I only need to sort out an opening time."
The al Qaeda handler for the trans-Atlantic plotters is thought to have been Rashid Rauf, a British citizen who had left the United Kingdom in 2002 and had become one of al Qaeda's most influential operatives in organizing overseas terror plots. Rauf helped recruit Zazi and set up his training in 2008, before being killed in a drone strike in November that year.
At the time, Rauf's sidekick -- the "Ahmad" whose help Zazi would later seek via e-mail -- was managing a third cell in Norway whose plans to carry out attacks were thwarted by a counterterrorism operation in 2010.
Another case of intercepted communications providing leads in a terror cases occurred in 2006. German investigators foiled what could have been a major terror attack by a group trained in Pakistan aimed at U.S. military installations in Germany. The men -- two German converts to Islam and a Turk -- had trained at Islamic Jihad Union camps in northern Pakistan.
The head of Germany's Federal Criminal Investigation Office, Joerg Ziercke, said at the time the plot was uncovered after U.S. intelligence officials alerted German authorities. Other officials said that the National Security Agency had detected increased "intensity" in communications between Europe and tribal areas of Pakistan starting a year earlier.
According to Time magazine, the NSA tracked coded communications between the aliases "Muaz," "Zafer" and "Abdul Malik," and passed on copies of those messages, apparently gleaned from private Internet chat rooms, to German officials.
That case reignited debate about the value and extent of electronic surveillance. The then-German interior minister, Wolfgang Schaeuble, wanted spying software secretly installed via the Internet on suspects' personal computers so officials could monitor their communications.
"The experts agree that terrorists communicate with each other more and more through the Internet," he said the day the three men were arrested.
"In exceptional cases, we need to have the power to get into computers" through software sent in an e-mail that allows intelligence services to spy on a suspect's computer hard-drive.
But in a country haunted by its totalitarian past, the proposal ran into stiff resistance, and the German Constitutional Court said such cyberspying violated the individual right to privacy and had to be authorized by a judge.
Even so, Mike McConnell, who was then U.S. director of national intelligence, cited the case in testimony before a Senate committee. He said communications surveillance "allowed us to see and understand all the connections among members of the suspected terrorist cell."
"Because we could understand it, we could help our partners through a long period of monitoring and observation."
McConnell later argued for retrospective legislation to protect private-sector companies that had assisted eavesdropping from facing lawsuits that could bankrupt them.
In August 2007, McConnell told the El Paso Times that in "the terrorist surveillance program, the private sector had assisted us, because if you're going to get access, you've got to have a partner."
The Electronic Frontier Foundation had filed a class-action lawsuit against AT&T in January 2006, accusing the company of violating the law and the privacy of its customers by collaborating with the NSA.
Under U.S. law, intelligence agencies can monitor the communications of foreign terror suspects, but need the permission of a judge on the Foreign Intelligence Surveillance Act Court to tap into the communications of U.S. citizens and legal residents on U.S. soil.
The agency making the request -- invariably the National Security Agency or the FBI -- needs to show "probable cause" that the target is connected to a terror group to obtain a "FISA" warrant. Law enforcement agencies also have the option of applying for a "Title III" warrant, which requires a higher threshold of supporting evidence.
Since its inception in 1979, the FISA Court had granted the overwhelming majority of requests. But the Bush administration in 2001 introduced new procedures that allowed the NSA to add individuals on U.S. soil to its watch list without going to the court for a warrant. The new program allowed the NSA to carry out surveillance on telephone calls when one party was overseas.
Warrantless surveillance was widely criticized by civil liberties groups, but veteran U.S. counterterrorism official Michael Sheehan, then a fellow at the New York University's Center on Law and Security, wrote in a 2007 paper that it was justifiable in the wake of 9/11.
"The NSA had an obligation to see if other international communications with al Qaeda operatives was taking place to or from the United States. And in fact they were. ... But the critics were also right in identifying that the law should be updated to meet the new threat."