In the late 1990s, NSA technical director Bill Binney and a team of cryptologists developed ThinThread—a surveillance system designed to intercept foreign communications while automatically encrypting data from U.S. persons. The program was technically successful, cost-effective, and included constitutional safeguards. In September 2000, senior NSA management cancelled it in favor of Trailblazer, a contractor-heavy program with no privacy protections that would eventually cost $1.2 billion and produce nothing operational. When NSA analyst Russ Tice and other whistleblowers tried to expose what happened, the FBI raided their homes.
In the late 1990s, as the National Security Agency confronted an explosion in digital communications and the transition from circuit-switched telephone networks to packet-switched internet protocols, a team of senior cryptologists led by Technical Director Bill Binney developed a solution. Called ThinThread, the system used sophisticated traffic analysis algorithms to identify patterns in massive data flows that indicated foreign intelligence targets. It processed information at unprecedented speed and low cost. And it included a feature that would later prove both technically innovative and politically fatal: automatic encryption of all data from United States persons.
ThinThread's architecture was designed around a key-splitting approach. When the system collected communications data, it immediately determined whether the data involved U.S. persons. If it did, that data was encrypted using keys held by the Foreign Intelligence Surveillance Court. Analysts could see patterns and metadata—who was communicating with whom, when, and how often—but could not access content without obtaining a warrant. The system maintained a complete audit trail of every query, ensuring accountability.
Bill Binney, who held the title of Technical Director at NSA and co-founded the agency's Signals Intelligence Automation Research Center, led the effort alongside Ed Loomis (Director of the Office of Signals Intelligence Automation) and Kirk Wiebe (senior analyst). The team had collectively spent over a century at the NSA. They understood both the agency's technical requirements and the constitutional limitations under which it was supposed to operate.
By September 2000, ThinThread was operational. Internal tests demonstrated it could process massive volumes of communications data, identify intelligence targets using pattern analysis, and protect privacy through encryption. The system worked.
In September 2000—exactly one year before the attacks on the World Trade Center and Pentagon—NSA Director Michael Hayden and other senior leaders cancelled ThinThread. The decision came despite the program's technical success, low cost, and built-in privacy protections. In its place, the NSA expanded Trailblazer, a massive modernization program managed by Deputy Director William Black, who had previously worked for major contractor Science Applications International Corporation before returning to the NSA in 1997.
Trailblazer took a fundamentally different approach. Where ThinThread had been developed in-house by NSA technical experts, Trailblazer relied heavily on major defense contractors including SAIC, Boeing, and Computer Sciences Corporation. Where ThinThread cost approximately $3 million, Trailblazer's budget would eventually exceed $1.2 billion. And critically, Trailblazer did not include ThinThread's privacy protections.
The rationale offered by NSA management focused on scalability. Hayden and others argued that ThinThread could not handle the volume of data the agency needed to process in the internet age. Bill Binney and his team disputed this assessment, noting that ThinThread's design was specifically optimized for massive data flows and that the scalability concerns were based on misunderstandings of the system's architecture.
Diane Roark, who served as a staff member on the House Permanent Select Committee on Intelligence with oversight responsibility for NSA programs, investigated the decision. Her conclusion: it was driven by contractor relationships rather than technical merit. Roark briefed committee leadership on her findings but received no support for challenging the NSA's decision.
On September 11, 2001, nineteen hijackers carried out coordinated attacks that killed 2,977 people. Subsequent investigations by the 9/11 Commission and congressional intelligence committees documented numerous intelligence failures—information that was collected but not shared, warnings that were not heeded, dots that were not connected.
What received less attention: at least two of the hijackers, Khalid al-Mihdhar and Nawaf al-Hazmi, communicated through channels that ThinThread's pattern analysis could have flagged. The system had been designed specifically to identify the kind of network connections and communication patterns that al-Mihdhar and al-Hazmi exhibited. Bill Binney and other ThinThread developers later testified that if the program had been operational, rather than cancelled three weeks before the attacks, it would have identified these individuals as targets for further investigation.
"We could have prevented 9/11. ThinThread would have identified the targets and the network."
William Binney — Interview in A Good American, 2015This is necessarily a counterfactual—there is no way to prove definitively what would have happened if ThinThread had remained operational. But the technical capabilities of the system, the communication patterns of the hijackers, and the timeline create a stark what-if scenario.
What happened instead is documented fact. In the weeks after 9/11, the NSA deployed elements of ThinThread's technology as part of a classified program that would become known as Stellar Wind. But the deployment stripped away all privacy protections. Where ThinThread had automatically encrypted U.S. person data and required FISA warrants for access, Stellar Wind collected everything—metadata and content—without warrants, without judicial oversight, without the constitutional safeguards that Binney and his team had designed into the original system.
In October 2001, Bill Binney, Ed Loomis, and Kirk Wiebe all resigned from the NSA. Collectively they had over 100 years of service. They resigned because they had discovered that the technology they had developed to protect both national security and civil liberties was being used to conduct warrantless surveillance on millions of Americans.
They attempted to work through official channels. In September 2002, they filed a complaint with the Department of Defense Inspector General, documenting waste in the Trailblazer program and constitutional violations in the warrantless surveillance program. The complaint was detailed, technical, and based on their direct knowledge of both systems.
Diane Roark, the House Intelligence Committee staffer, also filed a complaint with the DoD IG. In October 2001, she had personally informed NSA Director Michael Hayden that the warrantless surveillance program was illegal and that ThinThread's privacy protections should be implemented. She was rebuffed.
The DoD Inspector General conducted an investigation. In 2004, the IG produced a classified report highly critical of Trailblazer's management, cost overruns, and lack of delivered capabilities. The report concluded that Trailblazer had wasted hundreds of millions of dollars and that alternative approaches, including ThinThread, had been dismissed without adequate technical evaluation.
But the report did not address the constitutional issues. And information from the investigation was used not to reform NSA programs but to identify whistleblowers for prosecution.
Russell D. Tice had worked as an intelligence analyst for the NSA, Air Force, Office of Naval Intelligence, and Defense Intelligence Agency for approximately 20 years. He held Top Secret/Sensitive Compartmented Information clearances and worked on special access programs. Unlike the ThinThread developers, Tice had not been involved in the technical development of surveillance systems. But he had knowledge of their deployment and scope.
In 2005, Tice made a decision that would cost him his career and security clearance: he contacted Congress and the media to disclose that the NSA was conducting warrantless surveillance on millions of Americans. He provided information to congressional intelligence committees and spoke with journalists including Brian Ross at ABC News.
In December 2005, Tice's disclosures were part of the context when the New York Times finally published its story on warrantless wiretapping—a story the paper had held for over a year at the White House's request. The Times article, by James Risen and Eric Lichtblau, confirmed that President Bush had authorized the NSA to eavesdrop on Americans without warrants required by the Foreign Intelligence Surveillance Act.
Tice's role became public in January 2006 when ABC News identified him as an NSA whistleblower who had gone to Congress with information about unconstitutional surveillance. He appeared on camera, stating that the NSA had conducted surveillance on purely domestic communications, contradicting the administration's claims that only international communications were targeted.
The NSA had already stripped Tice of his security clearance in May 2005. In May 2006, he was fired. His career in intelligence was over.
But his disclosures—along with those of the ThinThread developers—laid the foundation for what would come later. Thomas Drake's cooperation with reporters at the Baltimore Sun. The DoD IG investigation findings. And eventually, eight years after Tice went public, Edward Snowden's massive leak of NSA documents that confirmed every claim the ThinThread whistleblowers had made.
Thomas Andrews Drake joined the NSA in 2001 as a senior executive. He quickly became aware of the Trailblazer disaster and the cancellation of ThinThread. Drake filed complaints through official channels—the NSA Inspector General, the Department of Defense Inspector General—documenting waste, fraud, and constitutional violations.
Internal channels produced nothing. In 2006, Drake provided information to Siobhan Gorman, a reporter at the Baltimore Sun. He gave her unclassified information about Trailblazer's failures and cost overruns. Gorman's resulting articles documented how the NSA had wasted over a billion dollars on a program that produced no operational capabilities.
In November 2007, FBI agents raided Drake's home. That same day, agents raided the homes of Bill Binney, Ed Loomis, Kirk Wiebe, and Diane Roark. The coordinated raids were part of a leak investigation targeting anyone who had cooperated with the DoD Inspector General or spoken to reporters about NSA programs.
The investigation of Drake and the others dragged on for years. In April 2010, the Justice Department indicted Drake on ten felony counts under the Espionage Act—the same World War I-era law used to prosecute spies. Prosecutors alleged he had retained classified documents and disclosed classified information. They sought 35 years in prison.
The case collapsed. It became clear that the government had over-classified routine information to punish a whistleblower. Documents Drake had retained were marked classified retroactively. Information he had discussed with reporters was not classified at the time. The judge, Richard Bennett, stated that the prosecution appeared to be an effort to "silence someone who had spoken out."
In June 2011, all ten original felony charges were dropped. Drake pleaded guilty to a single misdemeanor count of exceeding authorized use of a computer. He received no jail time, no fine, no probation. But he had lost his career, his pension, and his life savings defending himself.
Judge Bennett's statement at sentencing captured the absurdity: "I find that unconscionable. Unconscionable. It is at the very root of what this country was founded on."
Between 2000 and 2006, the Trailblazer program consumed over $1.2 billion in taxpayer funds. Science Applications International Corporation received the largest share—over $280 million by 2004. Other major contractors including Boeing and Computer Sciences Corporation received hundreds of millions more.
What did the program produce? Nothing operational. Not a single working signals intelligence processing system. Not one capability that could be deployed by NSA analysts to collect, process, or analyze communications data.
A 2004 internal NSA review found that Trailblazer had failed to meet any of its major objectives despite years of development and hundreds of millions spent. The House Intelligence Committee investigated and reached similar conclusions: the program was poorly managed, lacked clear technical requirements, and had been structured to benefit contractors rather than deliver capabilities.
The NSA officially cancelled Trailblazer in 2006, writing off the entire $1.2 billion investment. Technologies originally developed for ThinThread were eventually incorporated into later NSA systems—but without the privacy safeguards that Binney's team had designed.
"The NSA chose corporate profit over constitutional protection. ThinThread was cheaper, better, and legal. They killed it anyway."
Diane Roark — Testimony to Congressional Investigators, 2007The Foreign Intelligence Surveillance Act, passed in 1978 in response to revelations about NSA domestic surveillance during the Church Committee hearings, established clear procedures: if the government wants to conduct electronic surveillance on U.S. persons, it must obtain a warrant from the Foreign Intelligence Surveillance Court. The warrant requirement exists because the Fourth Amendment prohibits unreasonable searches and seizures.
ThinThread was designed to comply with FISA. The system's architecture ensured that analysts could not access U.S. person data without a warrant. The technology enforced the law.
Stellar Wind, the program deployed after 9/11 using ThinThread's technology, operated without any warrants. From October 2001 through at least 2005, the NSA collected bulk metadata and content on millions of Americans without judicial authorization. When Deputy Attorney General James Comey reviewed the program in March 2004, he concluded that portions of it lacked adequate legal foundation.
Comey's objections led to a dramatic confrontation on March 10, 2004, when White House officials attempted to get hospitalized Attorney General John Ashcroft to reauthorize the program from his hospital bed. Comey and FBI Director Robert Mueller both threatened to resign. President Bush reauthorized the program anyway, though after additional senior officials threatened to quit, the administration made modifications.
But bulk collection continued. In 2008, Congress passed the FISA Amendments Act, which retroactively legalized some of the previously illegal surveillance and granted immunity to telecommunications companies that had cooperated with warrantless wiretapping.
In 2009, Russ Tice provided additional testimony to congressional investigators. He stated that NSA surveillance had been broader and more targeted than previously disclosed. According to Tice, the agency had intercepted communications of journalists, military officers, members of Congress, and other domestic targets with no connection to terrorism or foreign intelligence.
Tice specifically stated that he had personal knowledge of NSA surveillance targeting then-Senator Barack Obama. These claims have never been officially confirmed or denied. No NSA documents released by Edward Snowden directly corroborated Tice's most specific allegations about individual targets.
This represents the boundary where documented fact transitions to contested allegation. Tice's credibility as a whistleblower is established—his early disclosures about warrantless surveillance were completely vindicated. But his later claims about the specific targeting of political figures have not been independently verified through documents or other witnesses.
In June 2013, former NSA contractor Edward Snowden released thousands of classified documents to journalists Glenn Greenwald, Laura Poitras, and Barton Gellman. The documents confirmed everything that Russ Tice, Bill Binney, Thomas Drake, and the other ThinThread whistleblowers had said years earlier.
The NSA was collecting bulk metadata on millions of Americans under Section 215 of the Patriot Act. The agency was tapping directly into the servers of major internet companies under the PRISM program. The NSA had worked with telecommunications companies to install surveillance equipment at network switching points, collecting vast amounts of data without warrants.
One critical detail: the Snowden documents showed that even after the 2008 FISA Amendments Act supposedly brought NSA surveillance under legal authority, analysts continued to query databases containing U.S. person information thousands of times without proper authorization. The privacy protections that should have been required by law were routinely bypassed.
If ThinThread's architecture had been implemented—with automatic encryption of U.S. person data and keys held by the FISA court—those violations would have been technically impossible. The system would have enforced the law through its design.
The documented timeline is straightforward. NSA technical experts designed a surveillance system that balanced intelligence collection with constitutional protections. Senior NSA management cancelled that system and chose an expensive contractor alternative with no privacy safeguards. Three weeks after the cancellation, the 9/11 attacks occurred. The replacement system, Trailblazer, consumed over $1.2 billion and produced nothing. Technologies from the cancelled system were deployed without privacy protections to conduct warrantless surveillance on millions of Americans.
Whistleblowers who tried to report waste and constitutional violations through official channels were investigated, raided, and prosecuted. Thomas Drake was indicted on ten felony counts under the Espionage Act for providing unclassified information to a reporter. All charges were dropped when the prosecution collapsed, but only after he had lost his career and savings.
Russ Tice, who went public in 2005, lost his security clearance and job but helped expose the warrantless surveillance program years before Edward Snowden. Bill Binney, Ed Loomis, and Kirk Wiebe—who collectively spent over a century working for the NSA—resigned when they discovered their technology was being used to violate the Constitution they had sworn to protect.
None of the senior officials who authorized warrantless surveillance, who cancelled ThinThread, or who wasted over a billion dollars on Trailblazer faced any legal consequences. Michael Hayden went on to serve as Director of the Central Intelligence Agency. SAIC continued to receive billions in government contracts.
The question that remains: Was the cancellation of ThinThread a bureaucratic decision driven by contractor relationships and institutional politics? Or did senior officials specifically want a surveillance capability without privacy protections, making ThinThread's constitutional safeguards a liability rather than a feature?
The documentary record cannot definitively answer that question. What it does show is a pattern of choices that prioritized contractor profits over cost-effectiveness, surveillance capability over constitutional compliance, and institutional secrecy over accountability. And a group of intelligence professionals who tried to prevent that outcome and were punished for it.