By WILLIAM ARKIN AND MARC AMBINDER

As we continue our expedition into the murky swamp of government secrets, we’ve noticed that many units seem to be duplicating the functions of others; the more anodyne-sounding the names are, the more secret those operations tend to be. This now includes a mysterious unit, never before written about, called the U.S. Army Technical Support Squadron, or the USATSS. It sounds like the 1st CIG, but it is a separate entity, with a similar mission but for a different purpose.

The squadron’s existence is not classified; the USATSS is administratively subordinate to the 704th Military Intelligence Brigade, itself one of 12 brigades which form the Army’s Intelligence and Security Command (INSCOM). But then everything USATSS does is a secret – even a bare description of its work is sanitized to the point of impenetrability. 

Let’s start with the higher headquarters – the  704th; the key on its insignia stands for it being the “First To Know.”. Ok!  Well.  The 704th is the Army’s strategic SIGINT brigade, operating in support of  the National Security Agency and the National Reconnaissance Office, supporting signals processing and analysis of strategic targets. The NSA refers to the brigade as the “Electron Recon” team. The Brigade has three subordinate battalions, two in direct support of NSA and one located with the NRO in Aurora, Colorado.  Other detachments and operating elements are located at sometwo dozen locations worldwide, with the headquarters at Ft. Meade, Maryland. 

Officially, according to the Army, the 704th “enables global cryptologic operations,” provides “global SIGINT capabilities, technical control and production, generates Army cryptologic readiness, and conducts network assurance operations in support of National, Joint, and Army “ requirements … to ensure a decisive advantage for great power competition and enhance lethality.” Great power competition is code for China and Russia and the not-so-great Iran and North Korea.

That’s where internet sleuthing comes to an end. There’s almost nothing publically available on the USATSS, which is a company-sized element of the 704th (see this contracting document).   The word squadron is the first clue regarding its status as a so-called “special mission unit. Squadrons are in the Air Force, or in the Army, applied to armored cavalry. But the designation squadron in other units means special – and secret – and is applied to those units of the Joint Special Operations Command and other special access program units (but ironically not the 1st CIG, which is made up of battalions).. , 

The USATSS is the 704th’s special missions unit. It is fairly large for a squadron (that is, a company-sized unit) — about 500 soldiers and civilians. It’s personnel conduct sensitive and close-in SIGINT collection, clandestinely and in difficult situations. Those missions are in direct support of unified military commands and theater special operations commands. The unit is part of the intelligence community, that is, a collector, whereas the 1st CIG is part of the special operations community (and operates outside of this command structure.) 

One of the more unique aspects of the USATSS is also that its operators are also skilled in human intelligence (HUMINT). Here the term does not refer to acquiring human sources but more that its members are themselves the collectors (rather than technical assets).

In this role, the USATSS is the main clandestine target exploitation (TAREX) enabler for the NSA. Here’s how an NSA classification guide (revealed by Edward Snowden) describes TAREX:

(Originally, that security classification guide had called the TAREX ops “covert” — but that word is a no-no. Under the law, only the CIA does covert operations. TAREX is a “clandestine” activity, now. It would be interesting to know whether lawyers made the change to cover for activity that could be considered ‘covert,’ or whether someone actually changed the USATSS mission set from “covert” to “clandestine.” To Congress, at least, there’s a big distinction! But we digress. By the way: is there anything in the screenshotted heavily acronymed paragraph above that, in any reasonable construal, could cause “serious harm” to national security?  If you want take a go at that argument, we’ll publish it!) 

The TAREX discipline’s historical roots can be found in a 1944 committee run jointly by the U.S. and the British called TICOM, or Target Intelligence Committee. At the time, the allies were processing a significant number of German SS and Wehrmacht defectors, coding equipment and lots of documents found on their persons, and commanders realized they needed a way to quickly interrogate their captives to see if they had operational intelligence to pass along. Of supreme importance was the degree to which the Axis had figured out British and American cipher systems. Based at Bletchley Park, TICOM teams fanned out across Europe, collecting and exploiting thousands of documents. The U.S. Army later created its own TAREX team, and when the National Security Agency was formally created in 1947, the new Department of Defense assigned to the Army responsibility for conducting TAREX missions in support of the NSA. For more than six decades, a variety of Army intelligence units, some clandestine, have done TAREX.

In general, the USATSS’s HUMINT Operations Cell works with its SIGINT Operations Cell to move the NSA’s collection systems and capabilities closer to their target, whether physically — as in, intercepting, modifying or altering communication devices that a target might use, or temporally — like placing an interception device in the proximity of the target to suck up all the digital detritus that the target might give off. TAREX units facilitate SIGINT access, in other words. 

But TAREX also specifically means the human acquisition of the enablers of SIGINT. Say, for instance, a target is being pursued but the target’s cellphone number is not known. TAREX analysts seek to acquire the number. Or suppose there is an encryption system in use that prevents access to communications. TAREX might seek to figure out what encryption system is used (or even seek a crypto card from that system.)

USATSS operators work under deep cover to operate in places that can not be accessed through cyberspace. Cyber is important because squadron operations might also include accesses that allow the target communications to be manipulated through cyberspace.

Most USATSS missions have this profile:

People operating under deep cover…

… traveling to some physical location that is near impossible to access through cyberspace…

USATSS members are occasionally attached to embassies but they do not operate under the cloak of diplomatic cover. But the USATSS is also distinct from the Special Collection Service, the joint NSA-CSA organization that conducts SIGINT directly from embassies and consulates, or uses international organization activity (such as that of the United Nations) as cover for covert SIGINT collection. 

Every sensitive mission – and there are about 10 distinct ones per year, on average – requires patience, planning, and a legal approval process that is, according to people who have gone through it, quite onerous. 

Just like the 1st CIG, the USATSS has a cadre of dedicated signature reduction and information operation specialists designed to make sure that its operations leave no footprint — that soldiers’ forward deployed identities are able to withstand an adversary’s counterintelligence efforts. Indeed, most USATSS SIGINT is performed by those skilled in “sensitive SIGINT operations using signature reduction techniques,” according to a document we’ve obtained. All such CANEX - “Close Access Network exploitation” — is done under the aegis of sophisticated signature reduction techniques.

At one time not very long ago, the close-in SIGINT and cyber technologies and techniques were limited in number and highly secret. 

Over the past 20 years, they have proliferated; every branch of the military; every combatant command; every intelligence agency wanted their own. 

Hence the expansion of the 1st CIG, the creation of the USATSS, to the creation of a JSOC internal cyber and SIGINT collection entity, and the continued existence of the Special Collection Service.

But these technologies, such as cyber accesses, and the technologies, such as tagging, tracking and locating (TTL) sensors, are now also being used by “non-black” special operations and intelligence units. 

Cutting edge emerging technologies remain highly SAPed, and provide the U.S. with a strategic advantage – they are properly classified as “sources and methods.”

But a big part of the secret is how these units operate, who tasks them and who ensures that their operations are serving national security interests; Congressional oversight is limited to a core group of specialists who read reports and receive testimony; they simply can’t keep track of all the secrecy detritus, obscuring how billions of dollars are spent on hundreds of projects and programs executed by at least four secret organizations employing 4,000 Americans.

That’s why it’s good to know, at least, that the USATSS exists. That way, policy makers inside the government and in the legislative branch can ask what they do, and where they do it, and to what end.  And so can you.

Share