by William M. Arkin
June 01, 2015

from PhaseZero Website

Spanish version



You can contact me at, and follow us on Twitter at @gawkerphasezero.

If you are into the theater of being underground, you can anonymously deliver tips through the Gawker Media SecureDrop.

I'm open to your input and your questions,

tough questions.







If you have a telephone number that has ever been called by an inmate in a federal prison, registered a change of address with the Postal Service, rented a car from Avis, used a corporate or Sears credit card, applied for nonprofit status with the IRS, or obtained non-driver's legal identification from a private company, they have you on file.

They are not who you think they are.


They are not the NSA or the CIA. They are the National Security Analysis Center (NSAC), an obscure element of the Justice Department that has grown from its creation in 2008 into a sprawling 400-person, $150 million-a-year multi-agency organization employing almost 300 analysts, the majority of whom are corporate contractors.


[A list of contractors known to be associated with NSAC can be viewed here.]


The Center has its roots in the Foreign Terrorist Tracking Task Force (FTTTF), a small cell established in October 2001 to look for additional 9/11-like terrorists who might have entered the United States. But with the emergence of significant "homegrown" threats in the late aughts, the Task Force's focus was thought to be too narrow.


NSAC was created to focus scrutiny on new threat, specifically on Americans, particularly Muslims, who might pose a hidden threat (the Task Force became a unit within NSAC's bureaucratic umbrella).


As Americans began traveling abroad to join al-Shabaab and then ISIS, the Center's dragnet expanded to catch the vast pool of "youth" who also might fit a profile of either radicalism or law-breaking.


Its mission runs the full gamut of "national security threats... to the United States and its interests," according to a partially declassified Justice Department Inspector General report. That includes everything from terrorism to counter-narcotics, nuclear proliferation, and espionage.


NSAC not only has a focus beyond foreign investigations or terrorists, but in the past year-and-a-half, according to documents obtained by Phase Zero and extensive interviews with contractors and government officials who have worked with the Center and the Task Force, it has also aggressively built up a partnership with the military, taking on deep background investigations of foreign-born and foreign-connected soldiers, civilians, and contractors working for the government.


Its investigations go far beyond traditional security "vetting"; NSAC scours certain select government employees, contractors and their affiliates, examining multiple layers of connected relatives and associates.


And the Center hosts dozens of additional "liaison" officers from other government agencies, providing those agencies with frictionless access to private information about U.S. residents that they would otherwise not have.





Today, through a series of high-level classified authorities and commercial relationships, the Center has access to over 130 databases and datasets of information comprising some two billion records, over half of which are unique and not contained in any other government information warehouse.


The Center is, in fact, according to interviews with government officials, the sole organization in the U.S. government with the authority to delve deeply into the activities and associations of foreigners and Americans alike.


From its unmarked office in the Crystal City neighborhood of Arlington, Virginia, the Center can not only gain access to the full gamut of intelligence databases of the U.S. government, but also query and retain information contained in law enforcement and commercial data.


It also conducts live searches, and retains classified and open datasets of identity and transactional data for later examination.


In some ways then, the data that the Center accesses and regularly trawls against its data mining protocols is the FBI's equivalent of NSA's bulk collection, the examination of databases with the hope of finding triggers or links to terrorists rather than the specific accessing of information to look at an individual or even group of individuals.


[A partial list of some of the databases used by NSAC and FTTTF can be seen here.]


Foreign Terrorist Tracking Task Force Databases


The Center's powerful perch - and its virtually unlimited reach - brings the federal government closer than ever to the Holy Grail of connecting every dot, a dream that has been pursued by terrorist hunters since the failures that permitted the 9/11 attacks 14 years ago.


The data access and analytic methods it uses grew out of a retrospective analysis of the vast reams of data about the 19 hijackers that law enforcement and intelligence agencies had indicators off, but never acted on.


The Foreign Terrorist Tracking Task Force (originally called "F-tri-F" by insiders) meticulously reconstructed the actions of the 19 hijackers and other known law-breakers - how they lived their day-to-day lives and what they did to avoid intelligence detection - to find patterns and triggers of potential wrongdoing.


They created thousands of pages of chronologies covering the 19 hijackers from the moment they entered the United States, trying to recreate what each did every day they were here.




Those patterns then became profiles that could be applied to vast amounts of disparate and unstructured data to sniff out similar attributes.


Those attributes, once applied to individuals, became the legal predicate for collection and retention of data. If someone fit the profile, they were worthy of a second look. They were worthy of a second look if they might fit the profile.


Beyond public records and what appears on the internet, beyond news articles or what's in law enforcement databases - but in addition to all of those things - the mere presence of a name becomes justification enough.


NSAC's methods turn the notion of legal predicate - a logical proposition or an earlier offense that justifies law enforcement action - on its head.


Using big data analysis to discover non-obvious and even clandestine links, the Center looks not just for suspects, but for what the counter-terrorism world calls "clean skins" - people with no known affiliation to terrorism or crime, needles in a giant haystack that don't necessarily look like needles.


Or people who aren't needles at all, but who might become needles in the future and thus warrant observation today.

The American people have repeatedly rejected the notion of a domestic intelligence agency operating within our borders. Yet NSAC has become the real-world equivalent.


Along the way in its development though, the Center has rarely been discussed in the federal budget or in congressional oversight hearings available to the public. And being neither solely a part of the intelligence community (IC) nor solely a law enforcement agency (and yet both), it skirts limitations that exist in each community, allowing it to collect and examine information on people who are not otherwise accused of or suspected of any crime.


Homeland Security Presidential Directive-2 (HSPD-2), signed by George W. Bush in October 2001, established FTTTF and directed it to use,

"advanced data mining software" to find and prevent "aliens who engage in or support terrorist activity" from entering the United States.

Though data mining was at the center of its mission, other agencies - particularly the Defense Advanced Projects Research Agency (DARPA) and the Pentagon's Counterintelligence Field Activity (CIFA) - funded the development of many of the techniques.


These efforts, nevertheless, ran into public opposition because of legal and civil liberties overreach:

the ominous-sounding Total Information Awareness program was abandoned in 2003 and CIFA was shut down in 2008.

With the CIA restricted from collecting information and conducting operations that were purely domestic, a gap existed.


And though the NSA, which has been promiscuously described as the successor to total information awareness, conducts extensive data mining and advanced analytics to crunch its bulk data collection, it is still restricted to only intercepting electronic communications.

As data mining research and applications moved forward, and as the NSA built up its cyber empire, the FBI also transformed. FTTTF, which was administratively placed within the FBI in 2002, helped the Bureau evolve into what is now referred to as an "intelligence driven" law enforcement agency.


In other words, stop crimes (in this case terrorist attacks) before they occur through the use of proactive and predictive intelligence. The National Counterterrorism Center is responsible for the foreign threat, while the FBI is responsible for the domestic.


In 2004, the White House also mandated that FTTTF be provided "full access" to homeland security and intelligence databases.

To "satisfy unmet analytical and technical needs," in 2006, the FBI established the National Security Analysis Center (NSAC).


According to NSAC's first budget:

The NSAC will provide subject-based "link analysis" through the utilization of the FBI's collection data sets, combined with public records on predicated subjects.


"Link analysis" uses data sets to find links between subjects, suspects, and addresses or other pieces of relevant information, and other persons, places, and things… the NSAC will provide improved processes and greater access to this technique to all [National Security Branch] components.


The NSAC will also pursue "pattern analysis" as part of its service to the NSB.


"Pattern analysis" queries take a predictive model or pattern of behavior and search for that pattern in data sets. The FBI's efforts to define predictive models and patterns of behavior will improve efforts to identify "sleeper cells."


Information produced through data exploitation will be processed by analysts who are experts in the use of this information and used to produce products that comply with requirements for the proper handling of the information.

NSAC formally expanded the focus of the Task Force beyond just foreign terrorists.


The internal data mart expanded in 2008 to support proactive work to identify potential counterintelligence and nuclear-proliferation threats via advanced analysis of financial, communication, and travel records.


Both the ACLU and the Electronic Frontier Foundation have conducted investigations and obtained documents on FTTTF and the FBI's data-collection efforts.


That work, and additional documents obtained by Phase Zero, paint a picture of a massive, overlooked domestic intelligence operation with a mission that goes far beyond catching foreign terrorists.


One joint project between NSAC and the Department of Energy Office of Intelligence/Counterintelligence began to seek out foreign spies or businesspeople who were trying to infiltrate U.S. laboratories and entities.


The Center has also provided assistance to the Committee on Foreign Investment in the United States (CFIUS), an inter-agency effort that vets foreign corporations investing in U.S. businesses.


Under the Amon Project, in 2009, the Center started a program to look at foreign-connected scientists working in or with U.S. industry for potential counterintelligence markers.


It analyzed data to identify potential targets and other threats through telephone and Voice over Internet Protocol (VOIP) pattern/link analysis, constantly monitoring a set of communications feeds between Known Intelligence Officers (KIOs) and Suspected Intelligence Officers (SIOs) of foreign governments residing in the United States, as well as unknown targets.





But the targets weren't just foreign.


Under Project Scarecrow, the Center has done data mining on sovereign citizens and other domestic threats.


After receiving intelligence that helicopters might be used in future terrorist attacks, the Center data-mined 165 American-based pilots with helicopter licenses who were from "designated countries of interest."


Working with the Philadelphia police, the Center batch-matched dates of birth with licensed drivers to isolate a set of Pakistani men thought to be potentially connected to a terrorist group. The identities of foreign-born or connected hazardous materials (HAZMAT) drivers in the U.S. were added to a group of "special interest individuals" constantly run against suspect datasets.


Under the Finding Terrorists in the United States (FINDUS) project, data-mining was used to find unlocated and even unknown individuals.


A Syria Screening Cell was set up to support the screening of candidates for the manning of the Free Syrian Army in the fight against ISIS. By virtue of their presence in NSAC, Pentagon investigators now also have access to highly restricted datasets of known and suspected terrorists and their potential links to the United States, including two called Bedrock and Shoebox.


In many cases, according to individuals who have worked for FTTTF and Center contractors, target groups of thousands of individuals are checked and rechecked every month in a "batched" data processing search.


As part of the Amon project, for instance, thousands of Chinese and Taiwanese nationals working in or with U.S. industry are constantly under investigation, their names thrown into the computers monthly looking for derogatory or suspicious information.


According to an FTTTF document obtained by Phase Zero, an average of 6,000 target packages a month are prepared by the Center, many resulting in leads to law enforcement authorities, but the majority just human metadata living in perpetual link analysis limbo.


The volume of data open to Center, and the complex queries made have resulted in the Task Force building four unique software systems to manage analyst access and data management.

The Foreign Terrorist Tracking Task Force was always meant to be a proactive lookout, using data mining and the full gamut of public and private information to identify hidden operatives based upon their associations, movements or transactions.


An internal document provided to Phase Zero describes the Task Force as organizing,

"data from many divergent public, government and international sources for the purpose of monitoring the electronic footprints of terrorists and their supporters, identifying their behaviors, and providing actionable intelligence to appropriate law enforcement, government agencies, and the intelligence community."

And their supporters. And their supporters. And their supporters...


How many mouseclicks away is your name?