02:31 - Source: CNN
President Obama open to NSA changes

Story highlights

Evidence shows surveillance has disrupted at least half a dozen plots

An intercepted e-mail helped foil a plot against New York subway trains

Intercepted coded e-mails were cited in Danish and trans-Atlantic plots

Much of the world's e-mail goes through servers in the United States

CNN —  

As arguments rage about the proper balance between civil liberties and national security, a survey of recent terror cases shows that intercepted communications have often provided investigators with vital clues.

According to court documents and other testimony, at least half a dozen major plots have been disrupted in the past five years thanks to such surveillance. Controversy was ignited after the Guardian newspaper in Britain and the Washington Post in the United States reported that the U.S. National Security Agency was monitoring e-mail.

On September 6, 2009, an e-mail was sent from a Yahoo account in Pakistan to another Yahoo address in Colorado. The massive data-gathering computers of the NSA in Fort Meade, Maryland, and at GCHQ, the UK’s signals intelligence agency, instantly logged the time – 7:14 a.m. EDT – and recipient, because the sender was someone known to U.S. and UK security services.

He was known as “Ahmad,” and he had been on the radar of British intelligence since a suspected al Qaeda cell had been uncovered in Manchester earlier that year, according to senior U.S. counterterrorism officials.

The mystery was the recipient, who had the address njbzaz@yahoo.com. Whoever it was lived in the Denver area. Who in Colorado was in touch with a man suspected to be a handler for al Qaeda?

Within two hours, njbzaz replied, “Listen I need a amount of the one mixing of (flour and ghee oil) and I do not know the amount.”

Minutes later, he sent a follow-up: “Plez reply to what I asked u right away. the marriage is ready flour and oil.”

He appeared to be asking for clarification on the quantities of chemicals needed to make a bomb. Flour had frequently been part of the mixture in al Qaeda bombs in the West.

U.S. authorities quickly established that the Denver-based e-mailer was Najibullah Zazi, a 24-year-old Afghan resident alien. Zazi was trying to make high explosives as part of an ambitious plot to blow up trains on the New York subway. “Ahmad” was his handler, a man he had met in Pakistan’s restive North West Frontier Province the year before, and who had taken him to be trained in bomb-making at an al Qaeda camp.

U.S. Director of National Intelligence James Clapper has pointed to both the Zazi case and one other in which intercepted communications were critical: that of David Headley, an American citizen who was involved in reconnoitering the sites of the Mumbai bombings in 2008.

Headley was also involved in a conspiracy to attack a Danish newspaper that was detected before it could be carried out.

“We aborted a plot against a Danish news publisher based on the same kind of information,” Clapper told NBC. “So those are two specific cases of uncovering plots through this mechanism that prevented terrorist attacks.”

In the Zazi case, it’s not known whether the interception of the e-mails was through the PRISM program, which was highlighted in the recent Guardian and Washington Post stories. They described it as a program that allows NSA analysts to extract the details of people’s online activities – including “audio and video chats, photographs, e-mails, documents” and other materials – from computers at Microsoft, Google, Apple and other Internet firms.

The fact that both men had Yahoo addresses meant that their communications are likely to have passed through servers in the United States. And terrorism experts point out that even communications that don’t involve anyone on U.S. soil often travel through the United States because American companies dominate online media.

The online monitoring company Pingdom estimated last year that 43% of the world’s top million sites were hosted in the United States. And 30% of all root server sites, a critical part of the Internet’s infrastructure, were in the United States.

In classified slides of the PRISM program dated April 2013 and obtained by the Washington Post, the United States is described as the “World’s Telecommunications Backbone.” One slide notes that “a target’s phone call, e-mail or chat will take the cheapest path, not the physically most direct path.”

Yahoo is mentioned as one of nine “current providers” to PRISM. Another slide said it had joined the program in March 2008. But sources at Yahoo and the other companies mentioned in the news stories have since said they had no knowledge of PRISM.

Yahoo told CNN last week: “We do not provide the government with direct access to our servers, systems, or network.”

In the Zazi case, the Yahoo e-mail exchange turned out to be critical. Less than 72 hours afterward he began a high-speed dash across the country to New York, where his co-conspirators awaited him. But by then he was being followed.

On September 10, Zazi was stopped at a “random” checkpoint established on a bridge into New York. But Port Authority police did not detect detonating explosives he had hidden in a jar inside a suitcase in his car, despite bringing a canine to sniff around the vehicle.

Zazi suspected something was up when he was stopped and arranged for the explosives to be flushed down a toilet after he drove into New York City. He later abandoned the plot and flew back to Denver. He was arrested a short time later.

Other recent terror cases have also involved the interception of communications between alleged suspects. The 2006 plot to bomb several trans-Atlantic airliners was the subject of close intelligence sharing between the United States and the United Kingdom, with one former U.S. official saying that the CIA and NSA had gathered intelligence for the investigation “in real time” using “the intelligence tools available.”

During the trial, intercepted coded e-mails sent and received by two of the defendants were introduced as evidence.

An e-mail from Pakistan sent on July 21, 2006, said: “Regarding the aftershave bottles, you need 40x100ml bottles. I have orders for those already so I need those asap. I need to know when you can get me those asap.”

Prosecutors said the “aftershave