Last year, former deputy attorney general James Comey revealed that in 2004, he refused to “certify” the legality of certain aspects of the National Security Agency (NSA) spy program. Comey witnessed Alberto Gonzales and Andrew Card try to force a bed-ridden John Ashcroft to approve the program. Comey, however, did not publicly give specifics as to what program he opposed.

CAP’s Peter Swire wrote on ThinkProgress at the time that Comey’s testimony implied that “ other programs exist for domestic spying” outside of the NSA program.

Now, an article by Christopher Ketcham, ‘The Last Roundup’ has brought renewed attantion to those mystery programs. The all-too-believable central suggestion in the piece is that the US Government is running — without permission from its Congress — a program that allows it to conduct ‘computer searches through massive [unspecified] electronic databases’ in order to discover people who might be considered ‘potential threats’ in the event of a ‘national emergency’. According to a senior government official who served with high-level security clearances in five administrations, Ketcham reports, this has produced:

“a database of Americans, who, often for the slightest and most trivial reason, are considered unfriendly, and who, in a time of panic, might be incarcerated. The database can identify and locate perceived ‘enemies of the state’ almost instantaneously.” […] the database is sometimes referred to by the code name Main Core. One knowledgeable source claims that 8 million Americans are now listed in Main Core as potentially suspect. In the event of a national emergency, these people could be subject to everything from heightened surveillance and tracking to direct questioning and possibly even detention.

‘Sources’ not specified by Ketcham say that a host of databases now supply information to Main Core, including NSA domestic surveillance programs taking in ( according to the Wall Street Journal) ‘huge volumes of records of domestic e-mails and Internet searches, as well as bank transfers, credit card transactions, travel, and telephone records’, as well as (according to different a source) the e-mail addresses you send to and receive from, and the subject lines of those messages; numbers called, numbers that have called you, and the durations of the calls; the Internet sites visited and keywords in Web searches; the destinations of the airline tickets you buy; the amounts and locations of your ATM withdrawals; and the goods and services you purchase on credit cards. All of this information is archived on government supercomputers and, according to Ketcham’s sources, also fed into the Main Core database. The WSJ also suggests Main Core makes use of an ‘ad-hoc collection of so-called black programs whose existence is undisclosed’. Thus the program is assembling ‘a mass catalog of the private lives of Americans’.

We already know from ex-AT&T Worker Mark Klein that the NSA is very likely capable of conducting “what amounts to vacuum-cleaner surveillance of all the data crossing the internet — whether that be peoples’ e-mail, web surfing or any other data.” In a declaration to a US court, he declared that:

In January 2003, I, along with others, toured the AT&T central office on Folsom Street in San Francisco — actually three floors of an SBC building. There I saw a new room being built adjacent to the 4ESS switch room where the public’s phone calls are routed. I learned that the person whom the NSA interviewed for the secret job [earlier referred to in his testimony] was the person working to install equipment in this room. The regular technician work force was not allowed in the room… The “secret room” itself is roughly 24-by-48 feet, containing perhaps a dozen cabinets including such equipment as Sun servers and two Juniper routers, plus an industrial-size air conditioner.

While doing my job, I learned that fiber optic cables from the secret room were tapping into the Worldnet circuits by splitting off a portion of the light signal. I saw this in a design document available to me, entitled “Study Group 3, LGX/Splitter Wiring, San Francisco” dated Dec. 10, 2002. I also saw design documents dated Jan. 13, 2004 and Jan. 24, 2003, which instructed technicians on connecting some of the already in-service circuits to the “splitter” cabinet, which diverts some of the light signal to the secret room. The circuits listed were the Peering Links, which connect Worldnet with other networks and hence the whole country, as well as the rest of the world.

Klein’s story is supported by ex-Verizon employee Babak Pasdar, who describes learning about a “Quantico Circuit”when testing the firewalls of the new system he was putting in:

At one point I overheard [employees] talking about skipping a location. Not wanting to do a shoddy job I stopped and said “we should migrate all sites.”

[employee 1] told me this site is different.I asked, “Who is it? Carrier owned or affiliate?”

[employee 2] said, “This is the ‘Quantico Circuit.’”

‘Quantico Circuit’, Pasdar learned, was a 45 mega bit per second circuit supporting data and voice communication. The consultants he was working with made it clear they weren’t supposed to put any access controls on it.

[employee 1] said that this circuit should not have any access control. He actually said it should not be firewallled.

I suggested to migrate it and implement an “Any-Any” rule. (”Any-Any” is a nickname for a completely open policy that does not enforce any restrictions.) That meant we could log any activity making a record of the source, destination and type of communication. It would have also allowed easy implementation of access controls at a future date. “Everything at least SHOULD be logged,” I emphasized.

C1 said, “I don’t think that is what they want.”

As Pasdar continued to insist on securing the circuit, the consultants called in the Director of Security for (presumably) Verizon, the Director drove to the location to insist that Pasdar do nothing with the wide open circuit. After the Director left, Pasdar persisted.

I shifted the focus. “Forgetting about who [the circuit] is, don’t you think it is unusual for some third party to have completely open access to your systems like this? You guys are even firewalling your internal offices, and they are part of your own company!”

C1 said, “Dude, that’s what they want.”

Finally, Pasdar asks whether there was any logging tied to the circuit.

“Does this thing have any logging or access list tied to it?”, I asked C1.

He paused, shook his head in the negative and said, “I don’t think so.”

For the balance of the evening and for some time to come I thought about all the systems to which this circuit had complete and possibly unfettered access. The circuit was tied to the organization’s core network. It had access to the billing system, text messaging, fraud detection, web site, and pretty much all the systems in the data center without apparent restrictions.

What really struck me was that it seemed no one was logging any of the activity across this circuit. And if they were, the logging system was so abysmal that they wouldn’t capture enough information to build any type of picture of what had transpired. Who knw what was being sent across the circuit and who was sending it? To my knowledge no historical logs of the communications traversing the “Quantico Circuit” exists.

‘Our government’, concludes Pasdar, ‘tracks all Internet use with powerful tools that analyze and prepare behavior-based reports. Any single piece of information can be effortlessly cross-referenced to build an electronic dragnet constantly monitoring our actions and even predicting our behavior.’

Information overload and processing power, once the sole barrier to these tactics, are no longer a factor. Given precipitous developments in technology, inaction today would surely have an exponentially greater impact on the rights and lives of future American generations — where an Orwellian nightmare would become reality.

My observations at the telecom may be the tip of an iceberg that is fatal for a free society. Before there are any more blank checks to disregard the law, we need to investigate and learn the full scope of indiscriminate corporate and administration spying.

We also know already about the dozens of so-called “fusion centers” created after 9/11 — sophisticated computer systems that compile, or fuse, disparate tips and clues and pass along the refined information to other agencies. A Washington Post article suggested these are expected to play important roles in national information-sharing networks that link local, state and federal authorities and enable them to automatically sift their storehouses of records for patterns and clues:

Though officials have publicly discussed the fusion centers’ importance to national security, they have generally declined to elaborate on the centers’ activities. But a document that lists resources used by the fusion centers shows how a dozen of the organizations in the northeastern United States rely far more on access to commercial and government databases than had previously been disclosed.

Those details have come to light at a time of debate about domestic intelligence efforts, including eavesdropping and data-aggregation programs at the National Security Agency, and whether the government has enough protections in place to prevent abuses.

The list of information resources was part of a survey conducted last year, officials familiar with the effort said. It shows that, like most police agencies, the fusion centers have subscriptions to private information-broker services that keep records about Americans’ locations, financial holdings, associates, relatives, firearms licenses and the like.

In January 2008, a major report from the Congressional Research Service, obtained by Secrecy News, found that it was far from clear if a single fusion center has successfully prevented any terrorism, and raised questions about “possible civil liberties abuses” implicit in “use of private sector data, the adoption of a more proactive approach, and the collection of intelligence by fusion center staff and partners”.

As the above map (click for full size) from the 100-page CRS report indicates, there are now more than 40 intelligence fusion centers around the US “through which federal intelligence can flow across the country.”

Putting this together with Ketcham’s other ‘well informed’ sources, who suggest Main Core also utilizes software that makes what are called ‘predictive judgments’ of individual’s behaviors and tracks their circle of associations with ’social network analysis’ and artificial intelligence modeling tools, we begin to understand the extent of what has been built after 9/11 in the name of the War on Terror. We must imagine a system designed to process all sorts of personal data, national and international, for purposes that are at best poorly defined.

Philip Giraldi, a former CIA counterterrorism officer and an outspoken critic of the agency, says the Department of Homeland Security (DHS) would be Main Core’s likely home. Ketcham makes suggestions that Main Core is meant to provide a ’round up’ list for Continuity of Government (COG) ‘emergency’ plans (see NSPD51) ‘that would trigger the takeover of the country by extra-constitutional forces—and effectively suspend the republic. In short, it’s a road map for martial law.’

What constitutes a ‘national emergency’? Executive orders issued over the last three decades have defined it as ‘natural disaster, military attack, [or] technological or other emergency,’ while Department of Defense documents include eventualities like ‘riots, acts of violence, insurrections, unlawful obstructions or assemblages, [and] disorder prejudicial to public law and order.’ According to one news report, even ‘national opposition to U.S. military invasion abroad’ could be a trigger.

Moves to create a similar list of ‘troublemakers’ (note how nebulous that term is) has been reported in Europe, suggesting this skullduggery is not limited to the Homeland. With the well-reported news that Facebook’s investment sources heavily linked to US intelligence, the possibility that Main Core is being designed to absorb personal relational data seems high. Why do we not know more about this?