Why All That Chatter Doesn't Tell Us Much
The nation was on high alert last week because of what officials and security experts said was a surge in intercepted communications -- "chatter" -- among suspected Qaeda operatives.
Although officials said the intercepts indicated that terrorists might have moved closer to an attack, there was still not enough detail on who, when and where. This is frustrating as well as terrifying. But once you understand the technology, it is clear why they call it "chatter" and why it is so hard to make sense of. Twenty or so years ago, most telecommunications were messages between two parties at fixed points connected by a single, continuous link. The link could be either wire or radio. To listen in, you simply tapped it somewhere along its length.
If the link was inside the United States, law enforcement officials could tap it with a court order and the cooperation of the phone company. If the link was outside, the task was usually harder. In the 1970's the Navy sent submarines to the Sea of Okhotsk to tap cables linking Soviet bases at Vladivostok and Petropavlovsk to Moscow. But once the tap was there, reading the traffic was straightforward.
Today, a direct tap is often impossible. Digital messages, via cellphone or Internet, can follow any number of paths from Point A to Point B. So, to have any chance of detecting a message -- let alone intercepting it -- the tap must be as close as possible to the sender or the receiver. Often that means recruiting a spy who can break into a telephone, a computer or an Internet router. (The K.G.B. used this strategy in 1986, when it bugged electric typewriters in the American embassy in Moscow; the machines transmitted what was being typed via their power cords to the outside.)
Recent legal changes permit United States officials to monitor individuals rather than specific phones. But terrorists already have a good idea of how American intelligence is trying to track them. That's why many discard their mobile phones every week or so to confound anyone trying to trace them. Or they log on at Internet cafes using e-mail accounts they change with similar frequency.
The volume of messages has grown exponentially, too. And modern digital messages are inherently easier to encrypt. Widely available commercial encryption software is often as good as what governments use.
Even if messages are intercepted and deciphered, the contents can be opaque. In the old days, an intelligence analyst could listen to a target for days, weeks or even months. After a while, he would know the cast of characters and perhaps even recognize their voices and jargon.
With digital, mobile communications, intercepting a terrorist communication is like trying to eavesdrop on a particular conversation in a crowded restaurant. Which table? Which conversation? And just what are they talking about? Imagine listening in on this conversation. Before the Sept. 11 attacks, Ramzi bin al-Shibh, the planner of the strike, reportedly told Al Jazeera television that he had received a phone call from Mohamed Atta, the leader of the hijackers. Mr. Atta told him, "Two sticks, a dash and a cake with a stick down" -- a code for 9-11 -- indicating he was executing the plan, and when. Now imagine if all of this coded talk is in a foreign language. That's what it's like trying to make sense of chatter.
Technology can be used to automate eavesdropping; computers can listen for certain words or phrases in certain languages. But anyone who has tried to use an automated telephone system knows how hit-or-miss machine voice recognition can be. For now, intelligence analysis must rely on old-fashioned human ears. Given the challenges, it's something of a miracle we can collect useful signals at all.
This commentary originally appeared in New York Times on February 16, 2003. Commentary gives RAND researchers a platform to convey insights based on their professional expertise and often on their peer-reviewed research and analysis.