Pentagon sharing classified cyber threat intelligence with companies
Thursday, April 30, 2009
Thursday, April 30, 2009
In response to an unprecedented wave of attacks on the Defense Department's computer networks, and possible theft of information about U.S. weapons systems by foreign governments, the Pentagon has quietly begun sharing classified intelligence about hackers and online threats with the country's biggest defense contractors. The new intelligence partnership, which has not been previously reported, is known as the Defense Industrial Base initiative, or "the DIB."
Tomorrow’s edition of National Journal will feature this story, which has already been posted to the Web site. (Free to non-subscribers.)
Also, in light of recent press reports about cyber spies penetrating the U.S. electrical grid, I’m enclosing a link to a story we ran last year on the cover of the magazine: “Computer hackers in China, including those working on behalf of the Chinese government and military, have penetrated deeply into the information systems of U.S. companies and government agencies, stolen proprietary information from American executives in advance of their business meetings in China, and, in a few cases, gained access to electric power plants in the United States.”
Labels: Cyber War, Homeland Security, Intelligence, Technology
Full Article
Hacking the Hill
Friday, December 19, 2008
The cover story of today's National Journal features a narrative about an unidentified hacker (or perhaps hackers) who compromised the computers of eight members of Congress and seven committees in the House of Representatives. Some members publicly blame China for the incident, and one calls it a case of “overseas espionage.” The story shows how House information security personnel discovered the penetration and worked to contain it.
Friday, December 19, 2008
The cover story of today's National Journal features a narrative about an unidentified hacker (or perhaps hackers) who compromised the computers of eight members of Congress and seven committees in the House of Representatives. Some members publicly blame China for the incident, and one calls it a case of “overseas espionage.” The story shows how House information security personnel discovered the penetration and worked to contain it.
Labels: Cyber War, Intelligence, Politics, Technology
Full Article
Intel Officials Make Their Case
Wednesday, November 12, 2008
Senior officials are making their case that the two Mikes--McConnell and Hayden--should stay at the helm of the intelligence community.
Wednesday, November 12, 2008
Senior officials are making their case that the two Mikes--McConnell and Hayden--should stay at the helm of the intelligence community.
Labels: Director of National Intelligence, Intelligence, Management, Politics, Transition
Full Article
Executive Orders Offer 'Quick Fix' On Torture
Wednesday, November 12, 2008
Calls are coming in for President-elect Obama to take quick and decisive action on interrogation and detention of terrorist suspects.
Wednesday, November 12, 2008
Calls are coming in for President-elect Obama to take quick and decisive action on interrogation and detention of terrorist suspects.
Labels: Intelligence, Law, Terrorism, Transition
Full Article
A Matter of Opinions
Friday, October 31, 2008
Somewhere on the fifth floor of an immense federal office building in downtown Washington is a filing cabinet, or perhaps a computer hard drive, that holds a set of documents that the next president and his lawyers will want to read very, very carefully. Read the story here in National Journal.
Friday, October 31, 2008
Somewhere on the fifth floor of an immense federal office building in downtown Washington is a filing cabinet, or perhaps a computer hard drive, that holds a set of documents that the next president and his lawyers will want to read very, very carefully. Read the story here in National Journal.
Labels: Foreign Intelligence Surveillance Act, Intelligence, Law, Politics, Transition
Full Article
Surveillance Standoff
Friday, April 04, 2008
In the old days, everyone was linked to a lug nut, and Jim Kallstrom liked it that way.
It was 1985, a simpler time for a cop like Kallstrom, who was in charge of setting telephone wiretaps on suspected drug dealers and mobsters for the FBI's New York City field office. In New York, Kallstrom's cases were often won on the basis of incriminating evidence surreptitiously snatched from the mouths of criminal defendants through their phone lines. With a mere 203,000 Americans using mobile phones, people were still tied to the ground, and that gave Kallstrom's world a certain comforting order.
On any given day, he could stand on a street corner in Manhattan, gaze up at an apartment building with its neat rows and columns of units stacked atop each other, and know that inside each one there was a telephone, tethered by thin copper wire to a single point, sometimes several miles away. In his mind's eye, Kallstrom could have imagined shrinking himself to the size of an electron and traveling over the phone line, down to the bottom of the building, then shooting beneath the streets, until he ended up in the basement of the telephone company's switching station. There, the wire emerged, pegged to a rack by a single copper lug nut. Acres of racks lined the walls, each holding rows and columns of lug nuts and their wires, neatly stacked atop each other -- the city of New York in analog miniature.
With a warrant in hand, Kallstrom could tell the technicians at the phone office, with whom he had become friendly over the years, "Go up on RR326." The tech would walk to the rack, find the wire, and clamp on a listening device. Instantly, Kallstrom became an invisible interloper.
FBI agents and federal prosecutors depended on these legal wiretaps to penetrate drug cartels, incriminate money launderers, and spy on mob families. And they needed to be absolutely certain that the line they were on belonged to the suspected dealer, or launderer, or capo named in the court-approved warrant. Not the guy in the apartment next door. Not someone down the block. This guy. This phone. RR326. Lest the agents violate a judge's order, and perhaps land themselves in jail, this had to be the very same line that snaked back through the subterranean maze of Manhattan, through all those blocks of concrete caverns, back to that certain apartment building, up through the walls and out of the jack and into the phone that was in the hand and next to the mouth of Kallstrom's target. It was, by design and necessity, a neat, specific system.
And then it all went sideways.
Kallstrom's friends in the phone company put him on notice in 1985: Over the next few years, those racks and stacks of wires and lug nuts would be swept into the technological dustbin. The telephone network was going digital. Technicians would no longer stand at a rack; they would sit at a keyboard. In some parts of the country that had already made the change, phone calls were traveling as a stream of 1's and 0's. Thousands of lines commingled in a single computer. When New York went digital, the phone techs told Kallstrom, they would no longer be able to tap him directly into RR326. In fact, they couldn't even tell him for sure where RR326 resided in this new engineering matrix.
At the same time that the phone companies were preparing for the transition to digital, the use of cellphones -- which were inherently harder to tap because they used phone lines differently than analog devices -- mushroomed. From 1985 to '86, the number of registered mobile-phone subscribers in the United States doubled to 500,000. Within two years after that, the number climbed to 1.6 million. By the end of the decade, the cellphone universe had skyrocketed past 4 million.
Organized crime was an early adopter of the mobile phone. In a communications technique presaging that of Islamic terrorists today, members of the Colombian Cali drug cartel operating in New York would briefly use a phone, toss it, and get a new one. To tap a mobile device, technicians had to install listening equipment on the new version of a lug nut -- an "electronic port." But in most switching stations in New York, there were only half a dozen or so ports available at any one time. Federal prosecutors and agents had to stand in line at phone company offices and fight with each other over whose investigation should take priority. Some prosecutors threatened to haul company employees into court on contempt charges so they could explain to a judge why the phone company was unwilling to execute a wiretap order.
Electronic surveillance, once such a dependable, relatively easy craft, was becoming inordinately difficult, Kallstrom thought. The phone companies, whose annual revenues from mobile subscriptions were cresting over $2 billion in the late 1980s, showed little willingness to make the FBI's life easier. As the 1990s approached, with the promise of more digitization and more mobility, Kallstrom called his bosses in Washington: "If we don't do something, we'll be out of the wiretapping business."
A Battle Begins
Kallstrom may have been the first to alert the FBI and the Justice Department to this new reality. The digital revolution generated a constant tension that exists to this day, a push and pull between the federal government in one camp and technology corporations and civil-liberties activists in the other to control the development of the global communications system, and so the balance of power in the Information Age.
This struggle's latest manifestation is the intensely politicized effort to rewrite the Foreign Intelligence Surveillance Act. At issue is nothing less than the government's authority to broadly monitor communications networks to spot terrorists and other national security threats. The Bush administration finds itself across the battle lines from many of the same groups that more than a decade ago argued that the government was already extending its reach too far into personal conversations in the name of pursuing criminals.
While FISA governs wiretapping for intelligence-gathering purposes, as distinct from law enforcement, surveillance in both worlds follows the same essential philosophy -- the best evidence in a court of law or in an intelligence operation is one's own words. Today's dispute is not very different from the one that occurred during the dawn of digitization in the 1990s. Indeed, both are part and parcel of the same long-running debate.
No one should believe that real-time government surveillance of the communications network is an idea born of the 9/11 attacks or that it results solely from the Bush administration's aggrandizing of executive power. The legal arguments that the government has asserted to support increased surveillance of digital space were first put forth in 1994, under a Democratic president, and they had little to do with the threat of Islamic extremism.
Nor should anyone mistake the roots of the vociferous opposition to today's wiretapping from civil libertarians and privacy advocates. Many of these groups and their allies have been battling to restrict the government's use of new, potentially invasive technologies for a generation. The Bush White House is only their latest adversary, albeit the most formidable. These activists and their allies in the business world have been motivated by different but mutually supportive goals: to extend constitutional safeguards to the digital realm, and to keep the government from suffocating technological development with burdensome surveillance laws. Some in those ranks would have liked, and indeed tried, to make the digital network a wiretap-free zone.
But despite the occasionally extreme positions and deeply held convictions of all of these players, the most important laws governing wiretapping, electronic surveillance, and privacy have been the product of negotiation, of people gathering in a room, sitting at a table, and talking -- sometimes screaming -- until they reached a settlement. The current debate, however, is missing that crucial spirit. Whereas before, adversaries trusted each other enough at a basic level to make deals, however temporary, today's opposing sides seem unwilling to compromise to pass new surveillance laws that the nation can live with. It's not entirely clear where or why minds turned so stubborn. But to understand today's political calcification, it helps to recall a simpler time.
The Art Of Compromise
Jerry Berman was a veteran of the privacy wars, seemingly born for the role of liberal, dogmatic activist. In the early 1950s, his father, a labor leader, was investigated by the House Un-American Activities Committee. A native of Hawaii, the younger Berman moved with his family to California, where he enrolled at the University of California (Berkeley). After earning his bachelor's and master's, and, in 1967, his law degree, Berman began lobbying for the American Civil Liberties Union. He became an authority on the intersection of national security and technology, schooled by the exposure of illegal FBI spying operations aimed at political organizations, war protesters, and leftist activists. In 1978, Berman helped to craft the Foreign Intelligence Surveillance Act, which set new restrictions on the government's domestic intelligence-gathering. He was present at the creation of several important pieces of surveillance legislation, and he helped secure individual privacy protections.
In playing his role, Berman didn't adhere to a hard-and-fast position but instead embraced his own brand of "principled pragmatism." By his logic, the interests of privacy and national security were not incompatible. If all sides -- government, industry, civil-liberties activists -- could find ways to "maximize the good and minimize the harm," as he liked to say, they could strike a satisfactory balance and create workable laws. This idea guided his work on FISA and other legislation, sometimes to the consternation of more-ideological activists who employed him to lobby Congress on their behalf.
Perhaps that was because principled pragmatism recognized an unsavory reality: In Washington, those who show up to play the game make the rules. Negotiation requires sacrifice. Sacrifice requires flexibility. Some people would rather break than bend. But compromise is how things get done, and Berman accepted it. As a colleague summarized Berman's general approach to lawmaking, "You can stand on your principle and get your ass handed to you, or you can engage in the process and get a better deal."
In the summer of 1994, the FBI and the Justice Department made a bold play to force the telecom carriers to help them conduct legal wiretaps. They put forth a proposal that would require the companies to build their networks so that law enforcement agents serving a warrant could access them in real time. The legality of wiretapping was not in question. The government wanted legal assurance that it could tap, at any time, and that the industry had an obligation under law to comply with the government's proper authority.
No more computer-related hassles, no more standing in line to plug into mobile-phone ports. Law enforcement agents, federal spymasters, and prosecutors wanted a comprehensive remedy to what they called the "digital telephony" problem. Their chief advocates were Kallstrom and Louis Freeh, the recently appointed FBI director, a former special agent and federal prosecutor who had used wiretaps to secure convictions in some of the most complicated organized-crime investigations in history. Freeh personally pushed for the new law, showing up unannounced in reluctant lawmakers' offices to press them for support and even sitting in on committee markups -- an unprecedented move for an FBI director -- to stare members down.
Clipper Chip
The 1994 proposal was only the latest in a series of government efforts to strengthen its control of the telecommunications network. In the late 1980s, Justice officials had gotten as far as placing language in an anti-crime bill that would have allowed the attorney general to set standards for telecommunications equipment, effectively making that federal official the network's architect-in-chief. (The bill did not pass.)
In 1993, Bill Clinton, in one of his first presidential directives, announced that engineers at the National Security Agency, the intelligence community's electronic surveillance arm, had developed a cutting-edge microcircuit, called the "Clipper" chip, to scramble telephone conversations. The administration intended to promote the installation of the Clipper technology in U.S. telephones, and planned to hold "in escrow" the digital keys to decrypt any conversation. In other words, the federal government would build the lock and keep the key, an idea that inspired a reaction somewhere between outrage and apoplexy among technologists and privacy advocates, who ultimately killed the idea.
In that atmosphere of hostility and skepticism, Berman went to work. Beginning in August 1994, he convened a series of meetings with senior law enforcement officials under the auspices of a privacy and security coalition he had formed with more than four dozen activist groups and technology companies -- including the biggest telecom provider of all, AT&T -- plus the U.S. Telephone Association, IBM, and software makers such as Microsoft. The goal was to resolve differences over the government's proposal to ensure federal access to telecommunications networks. Berman also brought in two powerful Democratic lawmakers and noted civil libertarians, Sen. Patrick Leahy of Vermont and then-Rep. Don Edwards, whose district included California's Silicon Valley. Everyone in the negotiating room had some familiarity with technology issues, and professional experience in law enforcement or Justice Department oversight.
The meetings featured intense, nitty-gritty debates over the technical aspects of the law. The FBI wanted guarantees that the telecom system would never mature beyond the reach of its wiretaps. Some companies saw this as heavy-handed regulation, and a number of telecom officials shared the activists' belief that the government was in fact after a permanent covert backdoor into the phone system. The negotiations helped to somewhat dampen the suspicions, however, and the talks went forward because no one in the room disagreed with the fundamental premise that the government had the right to wiretap.
But outside of the meetings, divisions festered among the interest groups. Berman represented the Electronic Frontier Foundation, which champions the public interest in the digital realm, but its board couldn't decide whether compromise was prudent or perilous. Berman felt he had to persuade his colleagues, in another series of heated meetings, to work in the middle. To him, that meant that the legislative negotiations would follow an inviolate principle: We will only craft solutions to known problems. No writing of laws aimed at encompassing future problems. If the FBI has difficultly accessing the public telephone network, then the law will address only that public telephone network.
In addition to identifying a philosophical guideline, this approach served a more strategic goal -- to keep the FBI's hands off the Internet, which was so new in 1994 as to be practically notional. Internet service providers such as America Online and Prodigy had only a handful of subscribers, and the first Web browser had been released that year, in a beta test version. Still, Berman and others knew that the FBI would never willingly agree to stay off the information superhighway, because Internet-based information held tremendous potential value for law enforcement.
During one meeting, David Johnson, a lawyer who had helped to craft the Electronic Communications Privacy Act in 1986, held up a glass jar full of rocks and asked, "How many of you would say this jar is full?" Most people agreed that it was. Johnson took a fistful of pebbles and dropped them into the jar. They tinkled down through the rocks, finding resting places in the empty spaces. Then he poured sand into the jar. As it cascaded into the empty spaces, Johnson told the onlookers that the sand was like the unseen, seemingly insignificant "transactional data" that traveled on the Internet. Transactional data includes the routing information for a text-based message -- where it comes from, where it goes, and what path it follows -- and the series of digits that make up an Internet address. This information would someday be of enormous value to the government, he said, just as phone call records, as opposed to actual conversations, already were. The transactional data were small but meaningful -- like the tiny grains of sand that kept filling the volume of the jar.
CALEA
Johnson's vivid illustration convinced many of the participants that the new law mustn't extend too far. Again, the issue wasn't whether law enforcement had a right to information but how much power the government should have over the means to get it. Leahy and Edwards, who formally introduced the legislation shortly thereafter, declared that it would apply solely to the public telephone network. The law specifically exempted "information services," which the parties agreed included Internet companies and electronic-messaging technologies.
The Communications Assistance for Law Enforcement Act passed in the closing days of the 103rd Congress, two weeks before Republicans won control of both chambers in November 1994. CALEA (pronounced kuhLEEuh) would let the industry set its own standards to meet the Justice Department's needs. The department could list its surveillance requirements, but the act let companies decide how to build their equipment. Justice won the right to petition the Federal Communications Commission if its officials felt that the companies weren't fulfilling their obligations. But civil-liberties groups also secured the right to challenge the government's requirements in court.
It was a true compromise, hard won but workable. For Berman, principled pragmatism had carried the day. For others, however, the compromise had given away too much.
The board of the Electronic Frontier Foundation had seen the proverbial legislative sausage being made and found it distasteful. Even though the directors had agreed to every aspect of the law, which Berman explained to them, within weeks after its passage he left the EFF and formed his own outfit, the Center for Democracy and Technology, to continue his brand of lobbying. The EFF pulled up stakes in Washington the following year and moved to San Francisco, where it continues to play a leading role in supporting lawsuits against telecommunications companies -- most notably AT&T, its former ally -- for their role in assisting the government with warrantless wiretapping after the 9/11 attacks.
At the time, Berman confided to Kallstrom, whom he thought had always acted in good faith for the FBI, "My work on CALEA got me fired."
Kallstrom was apparently happy to see his more idealistic opponents leave town. "You didn't get fired, Jerry," he replied. "You got promoted."
Making Demands
Had the FBI and the Justice Department stopped there, had the government settled for secure access to phone networks, the history of Internet privacy and civil liberties might have turned out differently. But just weeks after President Clinton signed CALEA in January 1995, conflict erupted between the government and the phone carriers over the kind of network access the law provided. The raft of compromise that had carried the deal sprung a leak.
FBI officials knew in 1994 that they were making a mistake by leaving cyberspace out of CALEA. They understood the Internet's potential as a communications device and an intelligence tool -- that is, after all, why CALEA's authors exempted "information services."
"Did we know that it was idiotic to carve that out?" Kallstrom asks now. "Yes, we did." Criminals have always been among the first to embrace new technology. It was foolish to think that they wouldn't turn to the Internet for any number of nefarious gambits. But, Kallstrom says, government officials opted "to fight another day" over Internet access. Privacy advocates were dragging their feet in the negotiations. Delay would invite more debate, probably more hearings, and possibly a less favorable outcome. The political decision was made: "Let's take what we can get here."
In early 1995, the Justice Department issued its list of requirements for wiretapping, known as the punch list. Not surprisingly, many telecom executives and their attorneys viewed the demands as unreasonable. Al Gidari, a lawyer representing the wireless industry, was among the first to see the FBI's requirements, during the initial meeting to develop standards for CALEA, which was held that spring in Vancouver, British Columbia. The Justice Department's wish list, he said, amounted to "the Cadillac of wiretaps."
"Everything they could ever think of to gold plate and put on the Cadillac was in that document," Gidari recalls. Meeting its expectations represented "an exponential increase in complexity, not a linear increase.... They were very dictatorial ... technical requirements -- the very thing that Congress said it wasn't up to [the FBI] to figure out."
The standards meeting was tense and awkward, and the sides were unevenly matched. Gidari recalls a dozen or more FBI agents, in neat blue suits, all buttoned down and looking ready to roll over anyone who stood in their way. Arrayed on the opposite side of the table was a group of laid-back and casually dressed network engineers from all the major telecom equipment manufacturers and carriers that was tasked with the unenviable job of telling the bureau that the industry planned to build a much less complex system. It wasn't what the FBI agents wanted to hear.
Over the next few years, the Justice Department continued to seek increasingly sophisticated surveillance capabilities, including real-time geographical tracking of mobile phones; the ability to monitor all parties in a conference call regardless of whether they are on hold or participating; and "dialed digit extraction," a record of any numbers that a subject under surveillance punched in during a call, such as a credit card or bank account number. The government got a lot of what it wanted, but not all.
To be sure, criminals' use of new technologies helped drive the law enforcement demands. But telecom carriers worried that the cost of compliance was too high and that the FBI's technical requirements were illegally broad. CALEA, they argued, had forbidden the government from requiring specific system designs or technologies.
The FCC's Turn
Justice, frustrated by its inability to get all the demands on the punch list, finally asked the FCC to step in. In 1997, the Cellular Telecommunications Industry Association, which then represented mobile carriers, and the Center for Democracy and Technology complained to the commission that the negotiations had deadlocked because of "unreasonable demands by law enforcement for more surveillance features than either CALEA or the wiretap laws allow." The FCC, however, sided with the Justice Department on a host of requirements that privacy groups found overly broad. The tussle dragged on for two more years and ended up in the U.S. Court of Appeals for the District of Columbia Circuit, which overruled the FCC. After the commission took up matters again, it granted some of the FBI's requests, and the CALEA standards were amended.
When Justice Department officials reported to Congress on CALEA implementation in January 1998, no manufacturer of telecom equipment said that the FBI's demands were impossible to meet, but they did say that complying would be difficult and very expensive. (Although Congress had set aside $500 million to reimburse companies for retrofitting their networks, the law required the carriers to bear the cost of compliance on any equipment put in place after CALEA was enacted. Several experts believe that the final cost for compliance on telephone networks has been two to eight times the amount originally allotted.)
The level of government surveillance was so low at that time that some questioned why the FBI wanted such multifaceted access at all. In 1994, federal and state authorities were running 1,154 wiretaps nationwide, mostly for drug investigations, at an average cost of $50,000. The government was asking carriers to "design a nuclear rocket ship" for a rarely used tool, Gidari thought. "In [the FBI's] view, there was no limit to the expense the carrier should spare in order to save a life."
CALEA continued to evolve, shaped by the ongoing arguments over the terms of its birth. Activists and carriers thought that the FBI was reneging on its bargain, asking for more than the law allowed. The FBI believed that carriers were stalling when they failed to meet compliance deadlines. As all sides dug in, the meetings on implementation turned bitter. FBI and Justice officials slammed their hands on tables and screamed at carrier representatives, Gidari recalls. "You're unpatriotic! What do you want to do, help the criminals?"
The government asked those same questions after September 11, 2001. And this time, telecommunications carriers responded. Outside the normal FISA warrant process, which covers intelligence-gathering, carriers opened access to their networks, their customer call data, and their valuable transactional information -- the kind that CALEA had intended to exclude. President Bush and his administration believed that the extraordinary nature of the terrorist attacks demanded emergency actions that FISA couldn't accommodate, and the carriers answered the call from law enforcement and intelligence agencies. But government officials also seized on the post-9/11 mentality to change other surveillance laws and procedures, which they believed -- just as their predecessors did in 1994 -- were out of step with technology and reality. About three years after 9/11, officials set their sights on rewriting CALEA.
Claiming The Internet
In August 2004, in response to a petition by the Justice Department, the FBI, and the Drug Enforcement Administration, the FCC expanded CALEA to cover Internet communications, including voice calls and instant messages. The Electronic Frontier Foundation sued, along with industry, civil-liberties, and academic groups. In 2005, the Court of Appeals ruled 2-1 to defer to the FCC's reading of the law.
Many of those who had helped craft CALEA believed that the commission had misread the law and acted on a post-9/11 impulse to give the government more, not less, access to information. But to the FCC, new Internet technologies that operate a lot like telephones blurred the distinction between "information services" and the kinds of technology that CALEA was meant to cover.
After 9/11, law enforcement and intelligence agencies took a variety of measures, apart from wiretaps, to collect and mine potentially valuable information from the Internet. With the cooperation of telecom companies, government accumulated lots of transactional data -- including e-mail header information and lists of websites visited by targeted individuals -- to support counter-terrorism operations. Viewed solely as a reaction to the terrorist attacks of 2001, this kind of collection might seem extraordinary. But through the longer lens of history, the government's steady march into cyberspace is not surprising.
Law enforcement agencies have never suffered for lack of access to the phone network. Kallstrom recalls only a few instances in which agents were unable to execute a wiretap order because of new technology. But as digital, mobile technology has proliferated, the copper lug nuts that Kallstrom remembers from the 1980s have disappeared. Today, state and federal agents spend most of their tap time on mobile devices. In 1994, most wiretaps, by far, targeted private residences. There were few taps on mobile devices. Ten years later, 88 percent of the 1,710 wiretaps were on mobile devices. Only 5 percent were on residential lines. Without CALEA, some experts believe that Kallstrom's initial fears would have come true and the federal government would have been shut out of the wiretapping business.
Jerry Berman never wanted that to happen. Although he cannot accept that the law that was meant to minimize the government's influence over the Internet is now being used to facilitate it, he is willing to negotiate on CALEA again, if that is what's necessary to satisfy all parties.
That willingness to talk extends to FISA, as well, and Berman's Center for Democracy and Technology has been actively involved in the current agitations over the law. But whenever he and his cohorts have extended the hand of compromise to Congress or the administration, he says, they have been disappointed. Any attempt to revamp FISA, or to clarify CALEA, "is impossible in the current climate," Berman says. "There is no sense that you could get the kind of negotiation we got in 1994."
FISA And CALEA
One has to wonder how strong that spirit of compromise really was in 1994, and whether it was already ebbing. If the FBI was willing to take what it could get on CALEA and go on to fight another day, did the government really "settle" at all? Literally weeks after CALEA was signed the Justice Department and the FBI came roaring back with new demands. What killed the penchant for negotiation? Was it the moderates' loss of power in both political parties after the 1994 Republican revolution? Was it the entrenchment of civil-liberties activists? Was it the Bush White House's extravagant interpretation of executive power? Was it 9/11?
Berman spends a lot of time pondering these questions and thinking about next moves. He divides his time between Washington, where he chairs his group's board of directors, and a home he built on the Cacapon River near Berkeley Springs, W.Va. "We just have people in bunkers now," Berman says ruefully.
The FISA debate is currently hung up on whether companies that assisted warrantless surveillance after 9/11 should have retroactive legal immunity for any laws they may have broken. CALEA has something to say about that, too. The law requires that carriers be able to deliver call identification information to the government remotely. According to Beryl Howell, Sen. Leahy's lead CALEA staffer, that provision was meant to keep government agents from sitting in the phone companies' offices to execute their wiretaps.
It is a basic tenet of wiretapping law, whether for intelligence or law enforcement, that the communications companies act as a buffer between their customers and the government, she says, and that telecom carriers must make their own determination whether official requests are, in fact, legal. That the companies would now assert, in defense of their cooperation, that the government determined that post-9/11 requests were legal, strikes Howell as outrageous.
If ever there was a time for the bare-knuckled negotiations of the past, it's now. It's not at all clear, though, who could play the role of Jerry Berman, the one to bring people into the room to scream and yell at each other and emerge feeling better for it -- and possibly even coming to a compromise. As things stand, Congress appears more likely to punt the FISA debate to the new administration, and has shown little interest in revisiting CALEA.
The constant tension that once kept this system in balance has reached a breaking point. There is no push and pull. Maybe the stakes are too high for compromise. But until that spirit returns, Berman says, "there will be no peace."
Published in National Journal
Friday, April 04, 2008
In the old days, everyone was linked to a lug nut, and Jim Kallstrom liked it that way.
It was 1985, a simpler time for a cop like Kallstrom, who was in charge of setting telephone wiretaps on suspected drug dealers and mobsters for the FBI's New York City field office. In New York, Kallstrom's cases were often won on the basis of incriminating evidence surreptitiously snatched from the mouths of criminal defendants through their phone lines. With a mere 203,000 Americans using mobile phones, people were still tied to the ground, and that gave Kallstrom's world a certain comforting order.
On any given day, he could stand on a street corner in Manhattan, gaze up at an apartment building with its neat rows and columns of units stacked atop each other, and know that inside each one there was a telephone, tethered by thin copper wire to a single point, sometimes several miles away. In his mind's eye, Kallstrom could have imagined shrinking himself to the size of an electron and traveling over the phone line, down to the bottom of the building, then shooting beneath the streets, until he ended up in the basement of the telephone company's switching station. There, the wire emerged, pegged to a rack by a single copper lug nut. Acres of racks lined the walls, each holding rows and columns of lug nuts and their wires, neatly stacked atop each other -- the city of New York in analog miniature.
With a warrant in hand, Kallstrom could tell the technicians at the phone office, with whom he had become friendly over the years, "Go up on RR326." The tech would walk to the rack, find the wire, and clamp on a listening device. Instantly, Kallstrom became an invisible interloper.
FBI agents and federal prosecutors depended on these legal wiretaps to penetrate drug cartels, incriminate money launderers, and spy on mob families. And they needed to be absolutely certain that the line they were on belonged to the suspected dealer, or launderer, or capo named in the court-approved warrant. Not the guy in the apartment next door. Not someone down the block. This guy. This phone. RR326. Lest the agents violate a judge's order, and perhaps land themselves in jail, this had to be the very same line that snaked back through the subterranean maze of Manhattan, through all those blocks of concrete caverns, back to that certain apartment building, up through the walls and out of the jack and into the phone that was in the hand and next to the mouth of Kallstrom's target. It was, by design and necessity, a neat, specific system.
And then it all went sideways.
Kallstrom's friends in the phone company put him on notice in 1985: Over the next few years, those racks and stacks of wires and lug nuts would be swept into the technological dustbin. The telephone network was going digital. Technicians would no longer stand at a rack; they would sit at a keyboard. In some parts of the country that had already made the change, phone calls were traveling as a stream of 1's and 0's. Thousands of lines commingled in a single computer. When New York went digital, the phone techs told Kallstrom, they would no longer be able to tap him directly into RR326. In fact, they couldn't even tell him for sure where RR326 resided in this new engineering matrix.
At the same time that the phone companies were preparing for the transition to digital, the use of cellphones -- which were inherently harder to tap because they used phone lines differently than analog devices -- mushroomed. From 1985 to '86, the number of registered mobile-phone subscribers in the United States doubled to 500,000. Within two years after that, the number climbed to 1.6 million. By the end of the decade, the cellphone universe had skyrocketed past 4 million.
Organized crime was an early adopter of the mobile phone. In a communications technique presaging that of Islamic terrorists today, members of the Colombian Cali drug cartel operating in New York would briefly use a phone, toss it, and get a new one. To tap a mobile device, technicians had to install listening equipment on the new version of a lug nut -- an "electronic port." But in most switching stations in New York, there were only half a dozen or so ports available at any one time. Federal prosecutors and agents had to stand in line at phone company offices and fight with each other over whose investigation should take priority. Some prosecutors threatened to haul company employees into court on contempt charges so they could explain to a judge why the phone company was unwilling to execute a wiretap order.
Electronic surveillance, once such a dependable, relatively easy craft, was becoming inordinately difficult, Kallstrom thought. The phone companies, whose annual revenues from mobile subscriptions were cresting over $2 billion in the late 1980s, showed little willingness to make the FBI's life easier. As the 1990s approached, with the promise of more digitization and more mobility, Kallstrom called his bosses in Washington: "If we don't do something, we'll be out of the wiretapping business."
A Battle Begins
Kallstrom may have been the first to alert the FBI and the Justice Department to this new reality. The digital revolution generated a constant tension that exists to this day, a push and pull between the federal government in one camp and technology corporations and civil-liberties activists in the other to control the development of the global communications system, and so the balance of power in the Information Age.
This struggle's latest manifestation is the intensely politicized effort to rewrite the Foreign Intelligence Surveillance Act. At issue is nothing less than the government's authority to broadly monitor communications networks to spot terrorists and other national security threats. The Bush administration finds itself across the battle lines from many of the same groups that more than a decade ago argued that the government was already extending its reach too far into personal conversations in the name of pursuing criminals.
While FISA governs wiretapping for intelligence-gathering purposes, as distinct from law enforcement, surveillance in both worlds follows the same essential philosophy -- the best evidence in a court of law or in an intelligence operation is one's own words. Today's dispute is not very different from the one that occurred during the dawn of digitization in the 1990s. Indeed, both are part and parcel of the same long-running debate.
No one should believe that real-time government surveillance of the communications network is an idea born of the 9/11 attacks or that it results solely from the Bush administration's aggrandizing of executive power. The legal arguments that the government has asserted to support increased surveillance of digital space were first put forth in 1994, under a Democratic president, and they had little to do with the threat of Islamic extremism.
Nor should anyone mistake the roots of the vociferous opposition to today's wiretapping from civil libertarians and privacy advocates. Many of these groups and their allies have been battling to restrict the government's use of new, potentially invasive technologies for a generation. The Bush White House is only their latest adversary, albeit the most formidable. These activists and their allies in the business world have been motivated by different but mutually supportive goals: to extend constitutional safeguards to the digital realm, and to keep the government from suffocating technological development with burdensome surveillance laws. Some in those ranks would have liked, and indeed tried, to make the digital network a wiretap-free zone.
But despite the occasionally extreme positions and deeply held convictions of all of these players, the most important laws governing wiretapping, electronic surveillance, and privacy have been the product of negotiation, of people gathering in a room, sitting at a table, and talking -- sometimes screaming -- until they reached a settlement. The current debate, however, is missing that crucial spirit. Whereas before, adversaries trusted each other enough at a basic level to make deals, however temporary, today's opposing sides seem unwilling to compromise to pass new surveillance laws that the nation can live with. It's not entirely clear where or why minds turned so stubborn. But to understand today's political calcification, it helps to recall a simpler time.
The Art Of Compromise
Jerry Berman was a veteran of the privacy wars, seemingly born for the role of liberal, dogmatic activist. In the early 1950s, his father, a labor leader, was investigated by the House Un-American Activities Committee. A native of Hawaii, the younger Berman moved with his family to California, where he enrolled at the University of California (Berkeley). After earning his bachelor's and master's, and, in 1967, his law degree, Berman began lobbying for the American Civil Liberties Union. He became an authority on the intersection of national security and technology, schooled by the exposure of illegal FBI spying operations aimed at political organizations, war protesters, and leftist activists. In 1978, Berman helped to craft the Foreign Intelligence Surveillance Act, which set new restrictions on the government's domestic intelligence-gathering. He was present at the creation of several important pieces of surveillance legislation, and he helped secure individual privacy protections.
In playing his role, Berman didn't adhere to a hard-and-fast position but instead embraced his own brand of "principled pragmatism." By his logic, the interests of privacy and national security were not incompatible. If all sides -- government, industry, civil-liberties activists -- could find ways to "maximize the good and minimize the harm," as he liked to say, they could strike a satisfactory balance and create workable laws. This idea guided his work on FISA and other legislation, sometimes to the consternation of more-ideological activists who employed him to lobby Congress on their behalf.
Perhaps that was because principled pragmatism recognized an unsavory reality: In Washington, those who show up to play the game make the rules. Negotiation requires sacrifice. Sacrifice requires flexibility. Some people would rather break than bend. But compromise is how things get done, and Berman accepted it. As a colleague summarized Berman's general approach to lawmaking, "You can stand on your principle and get your ass handed to you, or you can engage in the process and get a better deal."
In the summer of 1994, the FBI and the Justice Department made a bold play to force the telecom carriers to help them conduct legal wiretaps. They put forth a proposal that would require the companies to build their networks so that law enforcement agents serving a warrant could access them in real time. The legality of wiretapping was not in question. The government wanted legal assurance that it could tap, at any time, and that the industry had an obligation under law to comply with the government's proper authority.
No more computer-related hassles, no more standing in line to plug into mobile-phone ports. Law enforcement agents, federal spymasters, and prosecutors wanted a comprehensive remedy to what they called the "digital telephony" problem. Their chief advocates were Kallstrom and Louis Freeh, the recently appointed FBI director, a former special agent and federal prosecutor who had used wiretaps to secure convictions in some of the most complicated organized-crime investigations in history. Freeh personally pushed for the new law, showing up unannounced in reluctant lawmakers' offices to press them for support and even sitting in on committee markups -- an unprecedented move for an FBI director -- to stare members down.
Clipper Chip
The 1994 proposal was only the latest in a series of government efforts to strengthen its control of the telecommunications network. In the late 1980s, Justice officials had gotten as far as placing language in an anti-crime bill that would have allowed the attorney general to set standards for telecommunications equipment, effectively making that federal official the network's architect-in-chief. (The bill did not pass.)
In 1993, Bill Clinton, in one of his first presidential directives, announced that engineers at the National Security Agency, the intelligence community's electronic surveillance arm, had developed a cutting-edge microcircuit, called the "Clipper" chip, to scramble telephone conversations. The administration intended to promote the installation of the Clipper technology in U.S. telephones, and planned to hold "in escrow" the digital keys to decrypt any conversation. In other words, the federal government would build the lock and keep the key, an idea that inspired a reaction somewhere between outrage and apoplexy among technologists and privacy advocates, who ultimately killed the idea.
In that atmosphere of hostility and skepticism, Berman went to work. Beginning in August 1994, he convened a series of meetings with senior law enforcement officials under the auspices of a privacy and security coalition he had formed with more than four dozen activist groups and technology companies -- including the biggest telecom provider of all, AT&T -- plus the U.S. Telephone Association, IBM, and software makers such as Microsoft. The goal was to resolve differences over the government's proposal to ensure federal access to telecommunications networks. Berman also brought in two powerful Democratic lawmakers and noted civil libertarians, Sen. Patrick Leahy of Vermont and then-Rep. Don Edwards, whose district included California's Silicon Valley. Everyone in the negotiating room had some familiarity with technology issues, and professional experience in law enforcement or Justice Department oversight.
The meetings featured intense, nitty-gritty debates over the technical aspects of the law. The FBI wanted guarantees that the telecom system would never mature beyond the reach of its wiretaps. Some companies saw this as heavy-handed regulation, and a number of telecom officials shared the activists' belief that the government was in fact after a permanent covert backdoor into the phone system. The negotiations helped to somewhat dampen the suspicions, however, and the talks went forward because no one in the room disagreed with the fundamental premise that the government had the right to wiretap.
But outside of the meetings, divisions festered among the interest groups. Berman represented the Electronic Frontier Foundation, which champions the public interest in the digital realm, but its board couldn't decide whether compromise was prudent or perilous. Berman felt he had to persuade his colleagues, in another series of heated meetings, to work in the middle. To him, that meant that the legislative negotiations would follow an inviolate principle: We will only craft solutions to known problems. No writing of laws aimed at encompassing future problems. If the FBI has difficultly accessing the public telephone network, then the law will address only that public telephone network.
In addition to identifying a philosophical guideline, this approach served a more strategic goal -- to keep the FBI's hands off the Internet, which was so new in 1994 as to be practically notional. Internet service providers such as America Online and Prodigy had only a handful of subscribers, and the first Web browser had been released that year, in a beta test version. Still, Berman and others knew that the FBI would never willingly agree to stay off the information superhighway, because Internet-based information held tremendous potential value for law enforcement.
During one meeting, David Johnson, a lawyer who had helped to craft the Electronic Communications Privacy Act in 1986, held up a glass jar full of rocks and asked, "How many of you would say this jar is full?" Most people agreed that it was. Johnson took a fistful of pebbles and dropped them into the jar. They tinkled down through the rocks, finding resting places in the empty spaces. Then he poured sand into the jar. As it cascaded into the empty spaces, Johnson told the onlookers that the sand was like the unseen, seemingly insignificant "transactional data" that traveled on the Internet. Transactional data includes the routing information for a text-based message -- where it comes from, where it goes, and what path it follows -- and the series of digits that make up an Internet address. This information would someday be of enormous value to the government, he said, just as phone call records, as opposed to actual conversations, already were. The transactional data were small but meaningful -- like the tiny grains of sand that kept filling the volume of the jar.
CALEA
Johnson's vivid illustration convinced many of the participants that the new law mustn't extend too far. Again, the issue wasn't whether law enforcement had a right to information but how much power the government should have over the means to get it. Leahy and Edwards, who formally introduced the legislation shortly thereafter, declared that it would apply solely to the public telephone network. The law specifically exempted "information services," which the parties agreed included Internet companies and electronic-messaging technologies.
The Communications Assistance for Law Enforcement Act passed in the closing days of the 103rd Congress, two weeks before Republicans won control of both chambers in November 1994. CALEA (pronounced kuhLEEuh) would let the industry set its own standards to meet the Justice Department's needs. The department could list its surveillance requirements, but the act let companies decide how to build their equipment. Justice won the right to petition the Federal Communications Commission if its officials felt that the companies weren't fulfilling their obligations. But civil-liberties groups also secured the right to challenge the government's requirements in court.
It was a true compromise, hard won but workable. For Berman, principled pragmatism had carried the day. For others, however, the compromise had given away too much.
The board of the Electronic Frontier Foundation had seen the proverbial legislative sausage being made and found it distasteful. Even though the directors had agreed to every aspect of the law, which Berman explained to them, within weeks after its passage he left the EFF and formed his own outfit, the Center for Democracy and Technology, to continue his brand of lobbying. The EFF pulled up stakes in Washington the following year and moved to San Francisco, where it continues to play a leading role in supporting lawsuits against telecommunications companies -- most notably AT&T, its former ally -- for their role in assisting the government with warrantless wiretapping after the 9/11 attacks.
At the time, Berman confided to Kallstrom, whom he thought had always acted in good faith for the FBI, "My work on CALEA got me fired."
Kallstrom was apparently happy to see his more idealistic opponents leave town. "You didn't get fired, Jerry," he replied. "You got promoted."
Making Demands
Had the FBI and the Justice Department stopped there, had the government settled for secure access to phone networks, the history of Internet privacy and civil liberties might have turned out differently. But just weeks after President Clinton signed CALEA in January 1995, conflict erupted between the government and the phone carriers over the kind of network access the law provided. The raft of compromise that had carried the deal sprung a leak.
FBI officials knew in 1994 that they were making a mistake by leaving cyberspace out of CALEA. They understood the Internet's potential as a communications device and an intelligence tool -- that is, after all, why CALEA's authors exempted "information services."
"Did we know that it was idiotic to carve that out?" Kallstrom asks now. "Yes, we did." Criminals have always been among the first to embrace new technology. It was foolish to think that they wouldn't turn to the Internet for any number of nefarious gambits. But, Kallstrom says, government officials opted "to fight another day" over Internet access. Privacy advocates were dragging their feet in the negotiations. Delay would invite more debate, probably more hearings, and possibly a less favorable outcome. The political decision was made: "Let's take what we can get here."
In early 1995, the Justice Department issued its list of requirements for wiretapping, known as the punch list. Not surprisingly, many telecom executives and their attorneys viewed the demands as unreasonable. Al Gidari, a lawyer representing the wireless industry, was among the first to see the FBI's requirements, during the initial meeting to develop standards for CALEA, which was held that spring in Vancouver, British Columbia. The Justice Department's wish list, he said, amounted to "the Cadillac of wiretaps."
"Everything they could ever think of to gold plate and put on the Cadillac was in that document," Gidari recalls. Meeting its expectations represented "an exponential increase in complexity, not a linear increase.... They were very dictatorial ... technical requirements -- the very thing that Congress said it wasn't up to [the FBI] to figure out."
The standards meeting was tense and awkward, and the sides were unevenly matched. Gidari recalls a dozen or more FBI agents, in neat blue suits, all buttoned down and looking ready to roll over anyone who stood in their way. Arrayed on the opposite side of the table was a group of laid-back and casually dressed network engineers from all the major telecom equipment manufacturers and carriers that was tasked with the unenviable job of telling the bureau that the industry planned to build a much less complex system. It wasn't what the FBI agents wanted to hear.
Over the next few years, the Justice Department continued to seek increasingly sophisticated surveillance capabilities, including real-time geographical tracking of mobile phones; the ability to monitor all parties in a conference call regardless of whether they are on hold or participating; and "dialed digit extraction," a record of any numbers that a subject under surveillance punched in during a call, such as a credit card or bank account number. The government got a lot of what it wanted, but not all.
To be sure, criminals' use of new technologies helped drive the law enforcement demands. But telecom carriers worried that the cost of compliance was too high and that the FBI's technical requirements were illegally broad. CALEA, they argued, had forbidden the government from requiring specific system designs or technologies.
The FCC's Turn
Justice, frustrated by its inability to get all the demands on the punch list, finally asked the FCC to step in. In 1997, the Cellular Telecommunications Industry Association, which then represented mobile carriers, and the Center for Democracy and Technology complained to the commission that the negotiations had deadlocked because of "unreasonable demands by law enforcement for more surveillance features than either CALEA or the wiretap laws allow." The FCC, however, sided with the Justice Department on a host of requirements that privacy groups found overly broad. The tussle dragged on for two more years and ended up in the U.S. Court of Appeals for the District of Columbia Circuit, which overruled the FCC. After the commission took up matters again, it granted some of the FBI's requests, and the CALEA standards were amended.
When Justice Department officials reported to Congress on CALEA implementation in January 1998, no manufacturer of telecom equipment said that the FBI's demands were impossible to meet, but they did say that complying would be difficult and very expensive. (Although Congress had set aside $500 million to reimburse companies for retrofitting their networks, the law required the carriers to bear the cost of compliance on any equipment put in place after CALEA was enacted. Several experts believe that the final cost for compliance on telephone networks has been two to eight times the amount originally allotted.)
The level of government surveillance was so low at that time that some questioned why the FBI wanted such multifaceted access at all. In 1994, federal and state authorities were running 1,154 wiretaps nationwide, mostly for drug investigations, at an average cost of $50,000. The government was asking carriers to "design a nuclear rocket ship" for a rarely used tool, Gidari thought. "In [the FBI's] view, there was no limit to the expense the carrier should spare in order to save a life."
CALEA continued to evolve, shaped by the ongoing arguments over the terms of its birth. Activists and carriers thought that the FBI was reneging on its bargain, asking for more than the law allowed. The FBI believed that carriers were stalling when they failed to meet compliance deadlines. As all sides dug in, the meetings on implementation turned bitter. FBI and Justice officials slammed their hands on tables and screamed at carrier representatives, Gidari recalls. "You're unpatriotic! What do you want to do, help the criminals?"
The government asked those same questions after September 11, 2001. And this time, telecommunications carriers responded. Outside the normal FISA warrant process, which covers intelligence-gathering, carriers opened access to their networks, their customer call data, and their valuable transactional information -- the kind that CALEA had intended to exclude. President Bush and his administration believed that the extraordinary nature of the terrorist attacks demanded emergency actions that FISA couldn't accommodate, and the carriers answered the call from law enforcement and intelligence agencies. But government officials also seized on the post-9/11 mentality to change other surveillance laws and procedures, which they believed -- just as their predecessors did in 1994 -- were out of step with technology and reality. About three years after 9/11, officials set their sights on rewriting CALEA.
Claiming The Internet
In August 2004, in response to a petition by the Justice Department, the FBI, and the Drug Enforcement Administration, the FCC expanded CALEA to cover Internet communications, including voice calls and instant messages. The Electronic Frontier Foundation sued, along with industry, civil-liberties, and academic groups. In 2005, the Court of Appeals ruled 2-1 to defer to the FCC's reading of the law.
Many of those who had helped craft CALEA believed that the commission had misread the law and acted on a post-9/11 impulse to give the government more, not less, access to information. But to the FCC, new Internet technologies that operate a lot like telephones blurred the distinction between "information services" and the kinds of technology that CALEA was meant to cover.
After 9/11, law enforcement and intelligence agencies took a variety of measures, apart from wiretaps, to collect and mine potentially valuable information from the Internet. With the cooperation of telecom companies, government accumulated lots of transactional data -- including e-mail header information and lists of websites visited by targeted individuals -- to support counter-terrorism operations. Viewed solely as a reaction to the terrorist attacks of 2001, this kind of collection might seem extraordinary. But through the longer lens of history, the government's steady march into cyberspace is not surprising.
Law enforcement agencies have never suffered for lack of access to the phone network. Kallstrom recalls only a few instances in which agents were unable to execute a wiretap order because of new technology. But as digital, mobile technology has proliferated, the copper lug nuts that Kallstrom remembers from the 1980s have disappeared. Today, state and federal agents spend most of their tap time on mobile devices. In 1994, most wiretaps, by far, targeted private residences. There were few taps on mobile devices. Ten years later, 88 percent of the 1,710 wiretaps were on mobile devices. Only 5 percent were on residential lines. Without CALEA, some experts believe that Kallstrom's initial fears would have come true and the federal government would have been shut out of the wiretapping business.
Jerry Berman never wanted that to happen. Although he cannot accept that the law that was meant to minimize the government's influence over the Internet is now being used to facilitate it, he is willing to negotiate on CALEA again, if that is what's necessary to satisfy all parties.
That willingness to talk extends to FISA, as well, and Berman's Center for Democracy and Technology has been actively involved in the current agitations over the law. But whenever he and his cohorts have extended the hand of compromise to Congress or the administration, he says, they have been disappointed. Any attempt to revamp FISA, or to clarify CALEA, "is impossible in the current climate," Berman says. "There is no sense that you could get the kind of negotiation we got in 1994."
FISA And CALEA
One has to wonder how strong that spirit of compromise really was in 1994, and whether it was already ebbing. If the FBI was willing to take what it could get on CALEA and go on to fight another day, did the government really "settle" at all? Literally weeks after CALEA was signed the Justice Department and the FBI came roaring back with new demands. What killed the penchant for negotiation? Was it the moderates' loss of power in both political parties after the 1994 Republican revolution? Was it the entrenchment of civil-liberties activists? Was it the Bush White House's extravagant interpretation of executive power? Was it 9/11?
Berman spends a lot of time pondering these questions and thinking about next moves. He divides his time between Washington, where he chairs his group's board of directors, and a home he built on the Cacapon River near Berkeley Springs, W.Va. "We just have people in bunkers now," Berman says ruefully.
The FISA debate is currently hung up on whether companies that assisted warrantless surveillance after 9/11 should have retroactive legal immunity for any laws they may have broken. CALEA has something to say about that, too. The law requires that carriers be able to deliver call identification information to the government remotely. According to Beryl Howell, Sen. Leahy's lead CALEA staffer, that provision was meant to keep government agents from sitting in the phone companies' offices to execute their wiretaps.
It is a basic tenet of wiretapping law, whether for intelligence or law enforcement, that the communications companies act as a buffer between their customers and the government, she says, and that telecom carriers must make their own determination whether official requests are, in fact, legal. That the companies would now assert, in defense of their cooperation, that the government determined that post-9/11 requests were legal, strikes Howell as outrageous.
If ever there was a time for the bare-knuckled negotiations of the past, it's now. It's not at all clear, though, who could play the role of Jerry Berman, the one to bring people into the room to scream and yell at each other and emerge feeling better for it -- and possibly even coming to a compromise. As things stand, Congress appears more likely to punt the FISA debate to the new administration, and has shown little interest in revisiting CALEA.
The constant tension that once kept this system in balance has reached a breaking point. There is no push and pull. Maybe the stakes are too high for compromise. But until that spirit returns, Berman says, "there will be no peace."
Published in National Journal
Labels: Foreign Intelligence Surveillance Act, Intelligence, Law, Politics, Technology, Terrorism
Full Article
Iran Estimate: Debate Persists
Friday, February 22, 2008
On December 3, 2007, Director of National Intelligence Mike McConnell declassified a set of key judgments from a National Intelligence Estimate on Iran's efforts to build a nuclear weapon. The judgments may have contained some good news -- namely, "that in fall 2003, Tehran halted its nuclear weapons program" -- but few in the upper ranks of the Bush administration warmly embraced this declaration.
Indeed, in the month after the release, McConnell and President Bush publicly distanced themselves from the NIE's dramatic headline. Key American allies went further: The French defense minister and the head of Israeli intelligence declared the NIE wrong, contending that Iran's weapons work continues.
All of those officials, who play key roles in pressing for further international sanctions against Iran, say that Tehran continues to publicly enrich uranium under the implausible auspices of a civilian energy program, and that it continues to test-fire ballistic missiles. Bush used his State of the Union address to remind the world of these two facts and to assert that Iran remains as much of a threat as it was before December 3.
With the key judgments public, intelligence officials and weapons experts are in a definitional sparring match over what constitutes a nuclear weapons program, whether the NIE should have been released at all, and how the estimate was written. The key judgments acknowledged the points that Bush made in his speech. But the final document emphasized the riveting new information about the halted "nuclear weapons program" rather than Iran's ongoing enrichment and missile activities.
Furthermore, the NIE narrowly defines the program as consisting of weapons "design work," presumably for a warhead that can be put atop a missile, plus some covert enrichment activities. The estimate explicitly states that the weapons program does not include Iran's publicly acknowledged uranium enrichment work, which Tehran says is aimed at low-level enrichment that can be used for civilian nuclear power. Skeptics say that if Iran masters low-level uranium enrichment it can eventually develop the high-level enrichment necessary for a nuclear bomb.
The definition of what exactly constitutes a weapons program is important, but the key judgments relegated it to a footnote. Some former intelligence officials say that the footnoted information could have been stated more boldly, and they speculate whether the key judgments were deliberately written in such a way as to convince readers that Iran's nuclear threat has lessened. Intelligence estimates, by definition, are supposed to state the views of the intelligence community, not to argue policy, these former officials say.
There is little evidence to indicate that intelligence analysts are trying to pre-empt a U.S. invasion of Iran by undercutting the Bush administration's ostensible rationale for such action. But the NIE leaves many of the intelligence community's supporters wondering if its authors grasped how the document would be read -- quickly, incautiously, and through political lenses. If the NIE was meant to clarify matters on Iran, it has arguably failed.
A number of longtime intelligence analysts and weapons experts, including those who have helped draft NIEs in the past and hold no particular allegiance to Bush, criticize the key judgments as poorly written, politically tone-deaf, and betraying a fundamental misunderstanding of what actually constitutes a nuclear weapons program.
Production of fissile material -- highly enriched uranium, or plutonium -- is generally viewed as the long pole in the nuclear tent. Once a country overcomes that hurdle, the path to a finished nuclear weapon is downhill. Iran may have halted some design activities, but how significant is that in light of its continuing low-level uranium enrichment and missile testing? As one former intelligence official with experience in NIEs put it, the intelligence community seemed to go to great lengths to answer the least important question -- the work on a warhead design.
Defenders of the NIE, including the senior officials and analysts who wrote it, counter that the document is the product of new, compelling information and a rigorous, top-to-bottom scrubbing of all the known intelligence about Iranian nuclear issues. One former senior intelligence official close to the NIE's drafters said that journalists had blown the top finding out of proportion. Indeed, the clause immediately following the opening sentence, which declared that the program was halted in 2003, reads, "We also assess with moderate-to-high confidence that Tehran at a minimum is keeping open the option to develop nuclear weapons."
The key judgments clearly didn't give the Iranians a "clean bill of health," says Jeffrey Lewis, who directs the Nuclear Strategy and Nonproliferation Initiative at the New America Foundation and runs the blog ArmsControlWonk.com. "The press reporting took a badly written NIE and pulled out probably the least important fact, or misidentified what the NIE said," Lewis argues.
Reporters weren't the only ones to run with the headline, however. Meir Dagan, the head of Mossad, Israel's intelligence service, blasted the key judgments before a Knesset committee earlier this month. The document "pulls the rug out from under" the push for stricter Iran sanctions, he said. The U.S. estimate leaves "Israel to face the threat alone," Dagan added.
A few days earlier, the French defense minister, Herve Morin, said during a visit to Washington, "Coordinated information from a number of intelligence services" had led the French to believe that Iran is "continuing to develop" a nuclear weapon.
Both Dagan and Morin presumably have access to information that was not contained in the declassified judgments. But even the U.S. intelligence community's top man has publicly tried to shift attention away from the NIE's conclusion about Iran's narrowly defined weapons program. McConnell, like Bush, has been far more emphatic about the threat that Iran poses. Eschewing the hedged language of his analysts -- "high confidence," "moderate confidence" -- his assessments are more rigid and more focused on Iran's growing strength. In a lengthy January profile in The New Yorker, McConnell said, "There's no doubt in this observer's mind that Iran is on the path to get a nuclear weapon. It will force an arms race in the region."
Where Iran lies on its road to nuclear status may be up for debate. But on one fact, all sides agree: Without all of the key components -- fissile material, a compact and resilient warhead, and a long-range missile to deliver it -- Iran has no nuclear weapon. Could Iran make a nuclear device that might work? Maybe. Does it have the technological infrastructure to go further? Certainly. But does Iran have a viable, long-range weapon with which to threaten its neighbors? No.
And perhaps that was the intelligence community's point in the NIE. If the Iranian nuclear program were likened to a three-legged stool, then one leg -- the weapons design -- was taken out nearly five years ago. It could be repaired, but in the meantime, the stool is useless.
"I turn the tables on the critics of the NIE," says George Friedman, the head of Stratfor, a private intelligence firm. "Lay out the number of components you need to produce a weapon. If there is one that the Iranians weren't working on, they have no program."
But this assessment may ignore the political realities of Iranian nuclear ambitions. Tehran's possession of even a rudimentary nuclear device could fundamentally upset the regional power balance. "Would you like to have to convince Israel or the Saudis not to worry that these devices are too large and crude to be delivered by missiles?" asks David Kay. He is the former United Nations chief weapons inspector who led the 2003 Iraq Survey Group that found that Saddam Hussein no longer possessed weapons of mass destruction. "Nukes are less about war fighting than about politics by other means," he says.
Kay adds that the intelligence community is apparently conflicted about Iran's capabilities and its intentions. A bullet point within the key judgments states, parenthetically, that because of "intelligence gaps," the Energy Department and the National Intelligence Council "assess with only moderate confidence" that Iran's 2003 halt to the weapons design program represented a stop to the "entire nuclear weapons program."
"That's a direct contradiction of the first sentence," which declared that the program had halted, Kay says, "and yet it doesn't come after the first sentence, which implies that all 16 agencies are in agreement." The Energy Department's less confident view is especially worrisome, Kay says, because DOE oversees the nation's nuclear laboratories and has the most nuclear weapons expertise within the intelligence community.
For his part, McConnell appears to understand that his release of the key judgments has affected not only the political climate but also the future work of his analysts and spies. He told The New Yorker, "I think putting it out was the right thing." But he admitted that the intelligence community continues to need better information to verify if Iran has restarted its weapons design work.
"Our job is to steal the secrets of foreign governments or foreign terrorist organizations, and so the more they know about the effectiveness of our tradecraft the more difficult it's going to be for us," McConnell said. "For the community I represent, I just made our life a lot harder."
Published in National Journal
Friday, February 22, 2008
On December 3, 2007, Director of National Intelligence Mike McConnell declassified a set of key judgments from a National Intelligence Estimate on Iran's efforts to build a nuclear weapon. The judgments may have contained some good news -- namely, "that in fall 2003, Tehran halted its nuclear weapons program" -- but few in the upper ranks of the Bush administration warmly embraced this declaration.
Indeed, in the month after the release, McConnell and President Bush publicly distanced themselves from the NIE's dramatic headline. Key American allies went further: The French defense minister and the head of Israeli intelligence declared the NIE wrong, contending that Iran's weapons work continues.
All of those officials, who play key roles in pressing for further international sanctions against Iran, say that Tehran continues to publicly enrich uranium under the implausible auspices of a civilian energy program, and that it continues to test-fire ballistic missiles. Bush used his State of the Union address to remind the world of these two facts and to assert that Iran remains as much of a threat as it was before December 3.
With the key judgments public, intelligence officials and weapons experts are in a definitional sparring match over what constitutes a nuclear weapons program, whether the NIE should have been released at all, and how the estimate was written. The key judgments acknowledged the points that Bush made in his speech. But the final document emphasized the riveting new information about the halted "nuclear weapons program" rather than Iran's ongoing enrichment and missile activities.
Furthermore, the NIE narrowly defines the program as consisting of weapons "design work," presumably for a warhead that can be put atop a missile, plus some covert enrichment activities. The estimate explicitly states that the weapons program does not include Iran's publicly acknowledged uranium enrichment work, which Tehran says is aimed at low-level enrichment that can be used for civilian nuclear power. Skeptics say that if Iran masters low-level uranium enrichment it can eventually develop the high-level enrichment necessary for a nuclear bomb.
The definition of what exactly constitutes a weapons program is important, but the key judgments relegated it to a footnote. Some former intelligence officials say that the footnoted information could have been stated more boldly, and they speculate whether the key judgments were deliberately written in such a way as to convince readers that Iran's nuclear threat has lessened. Intelligence estimates, by definition, are supposed to state the views of the intelligence community, not to argue policy, these former officials say.
There is little evidence to indicate that intelligence analysts are trying to pre-empt a U.S. invasion of Iran by undercutting the Bush administration's ostensible rationale for such action. But the NIE leaves many of the intelligence community's supporters wondering if its authors grasped how the document would be read -- quickly, incautiously, and through political lenses. If the NIE was meant to clarify matters on Iran, it has arguably failed.
A number of longtime intelligence analysts and weapons experts, including those who have helped draft NIEs in the past and hold no particular allegiance to Bush, criticize the key judgments as poorly written, politically tone-deaf, and betraying a fundamental misunderstanding of what actually constitutes a nuclear weapons program.
Production of fissile material -- highly enriched uranium, or plutonium -- is generally viewed as the long pole in the nuclear tent. Once a country overcomes that hurdle, the path to a finished nuclear weapon is downhill. Iran may have halted some design activities, but how significant is that in light of its continuing low-level uranium enrichment and missile testing? As one former intelligence official with experience in NIEs put it, the intelligence community seemed to go to great lengths to answer the least important question -- the work on a warhead design.
Defenders of the NIE, including the senior officials and analysts who wrote it, counter that the document is the product of new, compelling information and a rigorous, top-to-bottom scrubbing of all the known intelligence about Iranian nuclear issues. One former senior intelligence official close to the NIE's drafters said that journalists had blown the top finding out of proportion. Indeed, the clause immediately following the opening sentence, which declared that the program was halted in 2003, reads, "We also assess with moderate-to-high confidence that Tehran at a minimum is keeping open the option to develop nuclear weapons."
The key judgments clearly didn't give the Iranians a "clean bill of health," says Jeffrey Lewis, who directs the Nuclear Strategy and Nonproliferation Initiative at the New America Foundation and runs the blog ArmsControlWonk.com. "The press reporting took a badly written NIE and pulled out probably the least important fact, or misidentified what the NIE said," Lewis argues.
Reporters weren't the only ones to run with the headline, however. Meir Dagan, the head of Mossad, Israel's intelligence service, blasted the key judgments before a Knesset committee earlier this month. The document "pulls the rug out from under" the push for stricter Iran sanctions, he said. The U.S. estimate leaves "Israel to face the threat alone," Dagan added.
A few days earlier, the French defense minister, Herve Morin, said during a visit to Washington, "Coordinated information from a number of intelligence services" had led the French to believe that Iran is "continuing to develop" a nuclear weapon.
Both Dagan and Morin presumably have access to information that was not contained in the declassified judgments. But even the U.S. intelligence community's top man has publicly tried to shift attention away from the NIE's conclusion about Iran's narrowly defined weapons program. McConnell, like Bush, has been far more emphatic about the threat that Iran poses. Eschewing the hedged language of his analysts -- "high confidence," "moderate confidence" -- his assessments are more rigid and more focused on Iran's growing strength. In a lengthy January profile in The New Yorker, McConnell said, "There's no doubt in this observer's mind that Iran is on the path to get a nuclear weapon. It will force an arms race in the region."
Where Iran lies on its road to nuclear status may be up for debate. But on one fact, all sides agree: Without all of the key components -- fissile material, a compact and resilient warhead, and a long-range missile to deliver it -- Iran has no nuclear weapon. Could Iran make a nuclear device that might work? Maybe. Does it have the technological infrastructure to go further? Certainly. But does Iran have a viable, long-range weapon with which to threaten its neighbors? No.
And perhaps that was the intelligence community's point in the NIE. If the Iranian nuclear program were likened to a three-legged stool, then one leg -- the weapons design -- was taken out nearly five years ago. It could be repaired, but in the meantime, the stool is useless.
"I turn the tables on the critics of the NIE," says George Friedman, the head of Stratfor, a private intelligence firm. "Lay out the number of components you need to produce a weapon. If there is one that the Iranians weren't working on, they have no program."
But this assessment may ignore the political realities of Iranian nuclear ambitions. Tehran's possession of even a rudimentary nuclear device could fundamentally upset the regional power balance. "Would you like to have to convince Israel or the Saudis not to worry that these devices are too large and crude to be delivered by missiles?" asks David Kay. He is the former United Nations chief weapons inspector who led the 2003 Iraq Survey Group that found that Saddam Hussein no longer possessed weapons of mass destruction. "Nukes are less about war fighting than about politics by other means," he says.
Kay adds that the intelligence community is apparently conflicted about Iran's capabilities and its intentions. A bullet point within the key judgments states, parenthetically, that because of "intelligence gaps," the Energy Department and the National Intelligence Council "assess with only moderate confidence" that Iran's 2003 halt to the weapons design program represented a stop to the "entire nuclear weapons program."
"That's a direct contradiction of the first sentence," which declared that the program had halted, Kay says, "and yet it doesn't come after the first sentence, which implies that all 16 agencies are in agreement." The Energy Department's less confident view is especially worrisome, Kay says, because DOE oversees the nation's nuclear laboratories and has the most nuclear weapons expertise within the intelligence community.
For his part, McConnell appears to understand that his release of the key judgments has affected not only the political climate but also the future work of his analysts and spies. He told The New Yorker, "I think putting it out was the right thing." But he admitted that the intelligence community continues to need better information to verify if Iran has restarted its weapons design work.
"Our job is to steal the secrets of foreign governments or foreign terrorist organizations, and so the more they know about the effectiveness of our tradecraft the more difficult it's going to be for us," McConnell said. "For the community I represent, I just made our life a lot harder."
Published in National Journal
Labels: Director of National Intelligence, Intelligence, Iran
Full Article
The Other About-Face on Iran
Friday, December 14, 2007
In releasing a bombshell about Iran's nuclear program, intelligence director Mike McConnell reversed a vow of secrecy. But he probably had no choice.
"You will be disappointed," Mike McConnell, the director of national intelligence, told a gathering of journalists in Washington on November 13. U.S. spy agencies were putting the finishing touches on a National Intelligence Estimate about Iran's nuclear intentions and capabilities, which included new leads that the agencies had been vetting since spring. But departing from recent practice, McConnell said, "I do not intend to release unclassified key judgments" of the NIE, those heavily edited yet potentially telling morsels of analysis that might ultimately show how close the United States is to a war with Iran.
"We have probably done a thousand of these" NIEs, he said. "We have done unclassified key judgments for maybe three. So we created an expectation that we do this, because we did it previously." And that was a bad idea, McConnell said, with some passion.
For starters, even the "sanitized" version of an NIE could compromise vital sources and methods, he said, because the target of the estimate is, of course, going to read the document. Second, "I don't want to have a situation where the young analysts" -- whom McConnell guards with particular devotion because he was once one of them -- "are writing something because they know it's going to be a public debate or political debate. They should be writing it to call it as it is."
McConnell, whom a longtime colleague describes as having "not a political or manipulative bone in his body," also stated he would "make every effort" to prosecute anyone who leaked the NIE. Then, he vowed (twice) to resign if the intelligence was "cherry-picked in an inappropriate way" by government officials.
Things changed dramatically in the three weeks after McConnell's public denunciation of leaks and declassification. On December 3, McConnell and his aides reversed that decision and released the unclassified key judgments of the NIE on Iran. Try as McConnell might to keep the lid on the new estimate, his lieutenants were influenced by the political realities of intelligence these days.
"They thought it would leak and be distorted, and they thought they'd get ahead of that," said one former senior intelligence official close to the deliberations. "They decided it was better to put out a clean set of key judgments." Vice President Cheney went so far as to say that officials expected to lose control of some classified material. "There was a general belief -- that we all shared -- that it was important to put it out, that it was not likely to stay classified for long, anyway," Cheney told The Politico on December 5. "Everything leaks."
The leak-prevention strategy was a stark departure from the guidelines that McConnell had set out, both in November and a month earlier, when he issued this official policy: "The possibility that the [key judgments] or other positions of an estimate will be leaked is not a sufficient reason for preparing unclassified [key judgments]." In a briefing with reporters after the NIE was released, a senior intelligence official acknowledged that declassification "obviously represents a departure from [McConnell's] guidance."
The banner headline of the key judgments -- "that in fall 2003, Tehran halted its nuclear weapons program" -- put the intelligence community precisely where McConnell didn't want it to be: in the middle of a ferocious political and policy debate in which sources and methods of the intelligence on Iran, as well as the analysis, are being openly discussed, exposed, debated, and, yes, cherry-picked to suit a range of agendas. Indeed, even though the NIE does not say that Iran poses no nuclear threat, the key judgments on areas besides the weapons program have had to compete with the dramatic top-line assessment.
Because the new estimate upends its predecessor, made in 2005, and has undercut any nuclear-related pretext for a U.S. bombing of Iran, the political and ideological dispositions of the analysts who wrote the NIE are, predictably, under scrutiny. Within days of the key judgments' release, former Bush administration officials and neoconservative icons mounted a full-scale attack on McConnell's lieutenants, some of whom had long careers in the State Department and have, the critics contend, historically underestimated Iran.
These critics characterized the NIE as the lieutenants' way of cutting off Cheney and the president on their presumed path to war with Iran -- a contention that wasn't refuted by senior intelligence officials' repeated assertions that Iran's decision to stop its program in 2003 and to keep it shuttered resulted directly from international pressures and sanctions. Indeed, intelligence officials have been careful not to assert that the 2003 invasion of Iraq was the key motivator for Iran's change of plans. Whether McConnell's aides meant to pre-empt the White House or not, the conclusion is undeniable: The intelligence community is at odds with President Bush's forceful rhetoric on Iran.
Since the NIE was released, McConnell has been notably absent from the public fracas. His deputy, Donald Kerr, a veteran nuclear weapons expert, has given the intelligence community's only two on-the-record statements about the estimate. McConnell was out of the country when the key judgments were released.
Around Washington, rumors persist that McConnell threatened to resign over the issue. It's not clear, however, whether he staked his tenure on the NIE being released or withheld, or whether he saw any cherry-picking by the White House, but the gossip is one more measure of just how political the release of this document has become. Observers point out that in the month preceding the NIE, Bush warned that Iran's nuclear ambitions could lead to "World War III," and Cheney, four days later, gave a bellicose speech reminiscent of the run-up to war with Iraq over its weapons programs. The White House already knew by then, at a minimum, that the intelligence community was vetting potentially groundbreaking intelligence on Iran that could change the NIE.
Perhaps under pressure to back up their bold new claims on Iran, senior officials have gone further, giving on-background press interviews in which they catalog the streams of intelligence that led the analysts to change their nuclear conclusions -- purloined laptop computers loaded with weapons diagrams; notebooks and intercepted phone calls from high-ranking officials; and, as reported by the Los Angeles Times this week, a clandestine operation called "Brain Drain," in which the CIA helped mid- and top-level Iranian nuclear experts flee the country.
Unless officials are trying to affect the Iranian government's actions through a massive disinformation campaign, it would seem that the intelligence community has set aside McConnell's concerns about sources and methods. "I'm shocked by the level of public discussion," said a former senior intelligence official who worked on Iranian issues for many years, adding, "I don't see much good that comes from releasing NIEs."
Kerr has said that the release "was coordinated in discussion with senior policy makers," but that the intelligence community "took responsibility for what portions ... were to be declassified." Officials weighed "the importance of the information to open discussions about our national security" against protecting sources and methods, he said, and "felt it was important to release this information to ensure that an accurate presentation is available."
Still, only a dramatic turn of events would have led McConnell to abandon his policy of not making NIEs public, several former officials who know him said. One former high-ranking official involved in clandestine operations said that in more than 30 years in the intelligence business, he had never seen a key judgment change so dramatically so fast -- indicating that the new intelligence that officials picked up amounted to a veritable "smoking gun."
"Keep in mind, this thing had been built up, which is somewhat unusual for an NIE," said another former senior official, who has also worked on Capitol Hill. The document was months behind schedule, widely anticipated, and focused on one of the top foreign-policy issues of the moment. "I think this was an extraordinary circumstance," the former official said.
Expressing concern over the public airing of sources, a Senate staffer said that the NIE "has certainly been sucked into a political debate," and that McConnell is clearly concerned about the effect that the fallout might have on analysts. "For that, we will have to wait and see," the aide said. "I still think that he simply had no choice. There was no way this would stay secret, and he didn't want to be accused of trying to bury it. I think he held his nose and let it go."
Many intelligence professionals concur. And in the NIE's release, they see signs not of an outright insurrection against the Bush administration but of a reassertion by the intelligence community of its ability to influence policy -- public or otherwise. McConnell's team is hardly backing down in the face of the neocon onslaught. Last Saturday, Kerr shot back at the NIE's critics in an unusual and terse public statement. Labeled "In response to those questioning the analytic work and integrity of the United States intelligence community," Kerr's statement said that the agencies' "task ... is to produce objective, ground-truth analysis. We feel confident in our analytic tradecraft and resulting analysis in this estimate."
So there.
Published in National Journal.
Friday, December 14, 2007
In releasing a bombshell about Iran's nuclear program, intelligence director Mike McConnell reversed a vow of secrecy. But he probably had no choice.
"You will be disappointed," Mike McConnell, the director of national intelligence, told a gathering of journalists in Washington on November 13. U.S. spy agencies were putting the finishing touches on a National Intelligence Estimate about Iran's nuclear intentions and capabilities, which included new leads that the agencies had been vetting since spring. But departing from recent practice, McConnell said, "I do not intend to release unclassified key judgments" of the NIE, those heavily edited yet potentially telling morsels of analysis that might ultimately show how close the United States is to a war with Iran.
"We have probably done a thousand of these" NIEs, he said. "We have done unclassified key judgments for maybe three. So we created an expectation that we do this, because we did it previously." And that was a bad idea, McConnell said, with some passion.
For starters, even the "sanitized" version of an NIE could compromise vital sources and methods, he said, because the target of the estimate is, of course, going to read the document. Second, "I don't want to have a situation where the young analysts" -- whom McConnell guards with particular devotion because he was once one of them -- "are writing something because they know it's going to be a public debate or political debate. They should be writing it to call it as it is."
McConnell, whom a longtime colleague describes as having "not a political or manipulative bone in his body," also stated he would "make every effort" to prosecute anyone who leaked the NIE. Then, he vowed (twice) to resign if the intelligence was "cherry-picked in an inappropriate way" by government officials.
Things changed dramatically in the three weeks after McConnell's public denunciation of leaks and declassification. On December 3, McConnell and his aides reversed that decision and released the unclassified key judgments of the NIE on Iran. Try as McConnell might to keep the lid on the new estimate, his lieutenants were influenced by the political realities of intelligence these days.
"They thought it would leak and be distorted, and they thought they'd get ahead of that," said one former senior intelligence official close to the deliberations. "They decided it was better to put out a clean set of key judgments." Vice President Cheney went so far as to say that officials expected to lose control of some classified material. "There was a general belief -- that we all shared -- that it was important to put it out, that it was not likely to stay classified for long, anyway," Cheney told The Politico on December 5. "Everything leaks."
The leak-prevention strategy was a stark departure from the guidelines that McConnell had set out, both in November and a month earlier, when he issued this official policy: "The possibility that the [key judgments] or other positions of an estimate will be leaked is not a sufficient reason for preparing unclassified [key judgments]." In a briefing with reporters after the NIE was released, a senior intelligence official acknowledged that declassification "obviously represents a departure from [McConnell's] guidance."
The banner headline of the key judgments -- "that in fall 2003, Tehran halted its nuclear weapons program" -- put the intelligence community precisely where McConnell didn't want it to be: in the middle of a ferocious political and policy debate in which sources and methods of the intelligence on Iran, as well as the analysis, are being openly discussed, exposed, debated, and, yes, cherry-picked to suit a range of agendas. Indeed, even though the NIE does not say that Iran poses no nuclear threat, the key judgments on areas besides the weapons program have had to compete with the dramatic top-line assessment.
Because the new estimate upends its predecessor, made in 2005, and has undercut any nuclear-related pretext for a U.S. bombing of Iran, the political and ideological dispositions of the analysts who wrote the NIE are, predictably, under scrutiny. Within days of the key judgments' release, former Bush administration officials and neoconservative icons mounted a full-scale attack on McConnell's lieutenants, some of whom had long careers in the State Department and have, the critics contend, historically underestimated Iran.
These critics characterized the NIE as the lieutenants' way of cutting off Cheney and the president on their presumed path to war with Iran -- a contention that wasn't refuted by senior intelligence officials' repeated assertions that Iran's decision to stop its program in 2003 and to keep it shuttered resulted directly from international pressures and sanctions. Indeed, intelligence officials have been careful not to assert that the 2003 invasion of Iraq was the key motivator for Iran's change of plans. Whether McConnell's aides meant to pre-empt the White House or not, the conclusion is undeniable: The intelligence community is at odds with President Bush's forceful rhetoric on Iran.
Since the NIE was released, McConnell has been notably absent from the public fracas. His deputy, Donald Kerr, a veteran nuclear weapons expert, has given the intelligence community's only two on-the-record statements about the estimate. McConnell was out of the country when the key judgments were released.
Around Washington, rumors persist that McConnell threatened to resign over the issue. It's not clear, however, whether he staked his tenure on the NIE being released or withheld, or whether he saw any cherry-picking by the White House, but the gossip is one more measure of just how political the release of this document has become. Observers point out that in the month preceding the NIE, Bush warned that Iran's nuclear ambitions could lead to "World War III," and Cheney, four days later, gave a bellicose speech reminiscent of the run-up to war with Iraq over its weapons programs. The White House already knew by then, at a minimum, that the intelligence community was vetting potentially groundbreaking intelligence on Iran that could change the NIE.
Perhaps under pressure to back up their bold new claims on Iran, senior officials have gone further, giving on-background press interviews in which they catalog the streams of intelligence that led the analysts to change their nuclear conclusions -- purloined laptop computers loaded with weapons diagrams; notebooks and intercepted phone calls from high-ranking officials; and, as reported by the Los Angeles Times this week, a clandestine operation called "Brain Drain," in which the CIA helped mid- and top-level Iranian nuclear experts flee the country.
Unless officials are trying to affect the Iranian government's actions through a massive disinformation campaign, it would seem that the intelligence community has set aside McConnell's concerns about sources and methods. "I'm shocked by the level of public discussion," said a former senior intelligence official who worked on Iranian issues for many years, adding, "I don't see much good that comes from releasing NIEs."
Kerr has said that the release "was coordinated in discussion with senior policy makers," but that the intelligence community "took responsibility for what portions ... were to be declassified." Officials weighed "the importance of the information to open discussions about our national security" against protecting sources and methods, he said, and "felt it was important to release this information to ensure that an accurate presentation is available."
Still, only a dramatic turn of events would have led McConnell to abandon his policy of not making NIEs public, several former officials who know him said. One former high-ranking official involved in clandestine operations said that in more than 30 years in the intelligence business, he had never seen a key judgment change so dramatically so fast -- indicating that the new intelligence that officials picked up amounted to a veritable "smoking gun."
"Keep in mind, this thing had been built up, which is somewhat unusual for an NIE," said another former senior official, who has also worked on Capitol Hill. The document was months behind schedule, widely anticipated, and focused on one of the top foreign-policy issues of the moment. "I think this was an extraordinary circumstance," the former official said.
Expressing concern over the public airing of sources, a Senate staffer said that the NIE "has certainly been sucked into a political debate," and that McConnell is clearly concerned about the effect that the fallout might have on analysts. "For that, we will have to wait and see," the aide said. "I still think that he simply had no choice. There was no way this would stay secret, and he didn't want to be accused of trying to bury it. I think he held his nose and let it go."
Many intelligence professionals concur. And in the NIE's release, they see signs not of an outright insurrection against the Bush administration but of a reassertion by the intelligence community of its ability to influence policy -- public or otherwise. McConnell's team is hardly backing down in the face of the neocon onslaught. Last Saturday, Kerr shot back at the NIE's critics in an unusual and terse public statement. Labeled "In response to those questioning the analytic work and integrity of the United States intelligence community," Kerr's statement said that the agencies' "task ... is to produce objective, ground-truth analysis. We feel confident in our analytic tradecraft and resulting analysis in this estimate."
So there.
Published in National Journal.
Labels: Director of National Intelligence, Intelligence, Iran, Management, Politics
Full Article
A Court at the Crossroads
Friday, October 19, 2007
As Democrats and Republicans debate legislation that would alter 30-year-old limits on intrusive electronic and physical searches by the government, the secretive 11-member court that oversees surveillance of foreign-intelligence targets in the United States finds itself in the middle of a very public power struggle.
Regardless of where law and policy makers fall on the question, now being debated, about which governmental branch should hold the most sway over intelligence operations, and which political party has the more effective and fair solution, they all agree on this much: The Foreign Intelligence Surveillance Court should play referee, and the government should receive some kind of authorization for a still-secret set of spying activities that many agree are essential to the war on terrorism. If that oversight results in warrants that violate the Constitution, as some scholars fear would occur if pending legislation is enacted, most Republicans and Democrats don't appear concerned about such a prospect or even cognizant of it. Such is the court's brave new world.
It is an odd, but perhaps not unwelcome, reality that the intelligence judges now play a decisive role in this controversy. Odd because for most of American history, the judiciary has ruled itself least qualified among the branches of government to manage intelligence activities. But not unwelcome because this court has waded into these waters before, and it believes it has been an indispensable buffer against government excess.
The 1978 Foreign Intelligence Surveillance Act, the court's animating law, was a grand political compromise. After years of unchecked surveillance by the FBI and intelligence agencies of prominent Americans and political dissidents both before and during the Nixon presidency, the FISA court became the arbiter of when and how the executive branch can spy on suspected foreign agents and terrorists inside the country. Especially after the 9/11 attacks, the judges have included more experts in national security law, court-watchers say, and the court's former chief judge has proudly proclaimed that the court turns down almost no surveillance requests because the government has learned to play within FISA's boundaries.
This system, however, was upended after the 9/11 attacks, when President Bush issued orders that allowed him to bypass the court when tracking domestic terrorism suspects. The orders seemed to reflect a long-held, simmering animosity toward the body by some senior administration officials, particularly Vice President Cheney's legal counsel, David Addington, who reportedly told a colleague after 9/11 that "we're one bomb away from getting rid of that obnoxious court."
Now, though, the court is regaining some of the authority it had lost. And if the president signs a new Democratic proposal to further amend FISA, the court would play a central and untested role in overseeing surveillance. It may welcome the chance.
Former Chief FISA Court Judge Royce Lamberth has described a panel of jurists confident in its interpretation of surveillance law, equipped to issue warrants quickly, and flexible enough to write new procedures during wartime. In remarks at the annual conference of the American Library Association in June, Lamberth, who left his post in 2002, said he hadn't found a better way of controlling government surveillance. But, the former judge added, there was a "worse way," and that was "what the president did with the National Security Agency": Bush's post-9/11 orders allowed the government's eavesdroppers to intercept communications inside the United States without the court's approval.
The NSA program, begun just after 9/11 and dubbed "the terrorist surveillance program" by Bush, continued without judicial check for more than five years, until January 2007, when the administration placed it under FISA court review. The exact contours of the court's initial orders about the program, which were to last for 90 days, are secret.
For that first 90-day period, the NSA program proceeded unimpeded, intelligence officials say. But, according to Mike McConnell, the director of national intelligence, in spring 2007 a different FISA judge said that the government needed a warrant to capture electronic communications between parties in foreign countries as those communications pass through routing equipment in the United States. "We found ourselves in a position of actually losing ground," McConnell told the El Paso Times in August. The government would have to apply for a warrant for each phone number it monitored in this way, and it takes about "200 man-hours" to fill out the necessary paperwork, McConnell said. FISA experts and lawmakers note, however, that the law contains emergency provisions that allow monitoring to begin before a court order.
The ruling on the U.S.-routed calls was a rare push-back from a court that, by Lamberth's count, has approved 99 percent of the government's warrant applications. The Bush administration then launched a massive lobbying effort to amend FISA; in August, Congress passed the Protect America Act. It effectively reversed the court's normal procedures (these require a warrant before surveillance) and gave judges an after-the-fact-review power for surveillance procedures, which inevitably pick up domestic communications when foreign targets call or e-mail people located in this country. The law was panned for its hasty and imprecise language, and some observers thought it even authorized warrantless physical searches of people's possessions and premises.
This brings the court to its current crossroads. To correct the law's deficiencies, as they see them, Democratic Reps. Silvestre Reyes of Texas and John Conyers of Michigan, the respective chairmen of the House Intelligence and Judiciary committees, have introduced the RESTORE Act, short for Responsible Surveillance That is Overseen, Reviewed, and Effective. The Democrats have said that the bill would "protect innocent Americans from warrantless eavesdropping." Republicans have blasted it as a roadblock in the executive's path, and the bill was suddenly pulled from the House floor on October 17. But as Benjamin Wittes, a Brookings Institution scholar and an expert on the FISA court, writes in The New Republic Online this week, Protect America and RESTORE are actually quite similar. They do, however, hold significant implications for the court.
"Under either approach, the [NSA] will have the legal authority to listen to your calls without first going to the [FISA] court to get a warrant," as long as the targets are people overseas calling people in the United States, Wittes writes. Under the Protect America Act, which the administration favors, the FISA court plays "only a tiny retroactive role in approving procedures for overseas surveillance." But under RESTORE, the court "would play a slightly-less-tiny role in rubber-stamping [surveillance] programs," Wittes maintains. The court, under RESTORE, is given additional powers to review and modify "minimization procedures," which are secret, are written by the government, and are supposed to ensure that information about "U.S. persons" (defined as U.S. citizens or legal residents) is scrubbed from intelligence reports.
Under the RESTORE Act, the court would also have a new, controversial power: granting programmatic or "blanket" warrants for whole classes of individuals overseas who are not U.S. persons. Historically, courts have ruled that such orders violate the Fourth Amendment, which requires that warrants be issued against specific individuals and locations. And although the foreign targets of surveillance don't enjoy constitutional protections, the U.S. persons whom they might call do.
Wittes argues that the RESTORE Act's "approach is a little like asking the courts to approve the reasonableness of police arrest policies prospectively instead of reviewing individual arrests. It's not the way we traditionally do things in the American constitutional system -- and it creates a potentially serious set of constitutional problems with the bill." But the law would require the administration to submit to the court "the procedures it uses to determine which surveillance is exempt from FISA -- and the court has the ability to send them back if they're unreasonable," he adds.
Under the previous version of FISA, the judges found ways to discipline the government. They could reject an application for a warrant; in one case, Lamberth barred a senior FBI official from appearing before the court, because he said that the official had presented false information. The RESTORE Act wouldn't really take these powers away.
Still, some see the recent amendments to FISA as a further weakening of constitutional protections. "There are significant problems that existed with FISA before the Protect America Act," says Jameel Jaffer, the director of the American Civil Liberties Union's National Security Project, who is leading a legal effort to have the court release its written opinions on the NSA's surveillance program.
The court "was created to circumvent the Fourth Amendment," says Jonathan Turley, a professor at the George Washington University Law School and one of the few lawyers ever to go inside the court's secure room. With the Protect America and RESTORE acts, Turley says, "Democrats and Republicans are amending the Constitution by default."
For their part, the FISA court judges are unlikely to weigh in directly on the constitutional debate. But using history as a guide, it seems unlikely that they'll do anything more or less than apply the statute as directed by Congress. Presumably, they'll also steer clear of deciding how valid the statute actually is.
Friday, October 19, 2007
As Democrats and Republicans debate legislation that would alter 30-year-old limits on intrusive electronic and physical searches by the government, the secretive 11-member court that oversees surveillance of foreign-intelligence targets in the United States finds itself in the middle of a very public power struggle.
Regardless of where law and policy makers fall on the question, now being debated, about which governmental branch should hold the most sway over intelligence operations, and which political party has the more effective and fair solution, they all agree on this much: The Foreign Intelligence Surveillance Court should play referee, and the government should receive some kind of authorization for a still-secret set of spying activities that many agree are essential to the war on terrorism. If that oversight results in warrants that violate the Constitution, as some scholars fear would occur if pending legislation is enacted, most Republicans and Democrats don't appear concerned about such a prospect or even cognizant of it. Such is the court's brave new world.
It is an odd, but perhaps not unwelcome, reality that the intelligence judges now play a decisive role in this controversy. Odd because for most of American history, the judiciary has ruled itself least qualified among the branches of government to manage intelligence activities. But not unwelcome because this court has waded into these waters before, and it believes it has been an indispensable buffer against government excess.
The 1978 Foreign Intelligence Surveillance Act, the court's animating law, was a grand political compromise. After years of unchecked surveillance by the FBI and intelligence agencies of prominent Americans and political dissidents both before and during the Nixon presidency, the FISA court became the arbiter of when and how the executive branch can spy on suspected foreign agents and terrorists inside the country. Especially after the 9/11 attacks, the judges have included more experts in national security law, court-watchers say, and the court's former chief judge has proudly proclaimed that the court turns down almost no surveillance requests because the government has learned to play within FISA's boundaries.
This system, however, was upended after the 9/11 attacks, when President Bush issued orders that allowed him to bypass the court when tracking domestic terrorism suspects. The orders seemed to reflect a long-held, simmering animosity toward the body by some senior administration officials, particularly Vice President Cheney's legal counsel, David Addington, who reportedly told a colleague after 9/11 that "we're one bomb away from getting rid of that obnoxious court."
Now, though, the court is regaining some of the authority it had lost. And if the president signs a new Democratic proposal to further amend FISA, the court would play a central and untested role in overseeing surveillance. It may welcome the chance.
Former Chief FISA Court Judge Royce Lamberth has described a panel of jurists confident in its interpretation of surveillance law, equipped to issue warrants quickly, and flexible enough to write new procedures during wartime. In remarks at the annual conference of the American Library Association in June, Lamberth, who left his post in 2002, said he hadn't found a better way of controlling government surveillance. But, the former judge added, there was a "worse way," and that was "what the president did with the National Security Agency": Bush's post-9/11 orders allowed the government's eavesdroppers to intercept communications inside the United States without the court's approval.
The NSA program, begun just after 9/11 and dubbed "the terrorist surveillance program" by Bush, continued without judicial check for more than five years, until January 2007, when the administration placed it under FISA court review. The exact contours of the court's initial orders about the program, which were to last for 90 days, are secret.
For that first 90-day period, the NSA program proceeded unimpeded, intelligence officials say. But, according to Mike McConnell, the director of national intelligence, in spring 2007 a different FISA judge said that the government needed a warrant to capture electronic communications between parties in foreign countries as those communications pass through routing equipment in the United States. "We found ourselves in a position of actually losing ground," McConnell told the El Paso Times in August. The government would have to apply for a warrant for each phone number it monitored in this way, and it takes about "200 man-hours" to fill out the necessary paperwork, McConnell said. FISA experts and lawmakers note, however, that the law contains emergency provisions that allow monitoring to begin before a court order.
The ruling on the U.S.-routed calls was a rare push-back from a court that, by Lamberth's count, has approved 99 percent of the government's warrant applications. The Bush administration then launched a massive lobbying effort to amend FISA; in August, Congress passed the Protect America Act. It effectively reversed the court's normal procedures (these require a warrant before surveillance) and gave judges an after-the-fact-review power for surveillance procedures, which inevitably pick up domestic communications when foreign targets call or e-mail people located in this country. The law was panned for its hasty and imprecise language, and some observers thought it even authorized warrantless physical searches of people's possessions and premises.
This brings the court to its current crossroads. To correct the law's deficiencies, as they see them, Democratic Reps. Silvestre Reyes of Texas and John Conyers of Michigan, the respective chairmen of the House Intelligence and Judiciary committees, have introduced the RESTORE Act, short for Responsible Surveillance That is Overseen, Reviewed, and Effective. The Democrats have said that the bill would "protect innocent Americans from warrantless eavesdropping." Republicans have blasted it as a roadblock in the executive's path, and the bill was suddenly pulled from the House floor on October 17. But as Benjamin Wittes, a Brookings Institution scholar and an expert on the FISA court, writes in The New Republic Online this week, Protect America and RESTORE are actually quite similar. They do, however, hold significant implications for the court.
"Under either approach, the [NSA] will have the legal authority to listen to your calls without first going to the [FISA] court to get a warrant," as long as the targets are people overseas calling people in the United States, Wittes writes. Under the Protect America Act, which the administration favors, the FISA court plays "only a tiny retroactive role in approving procedures for overseas surveillance." But under RESTORE, the court "would play a slightly-less-tiny role in rubber-stamping [surveillance] programs," Wittes maintains. The court, under RESTORE, is given additional powers to review and modify "minimization procedures," which are secret, are written by the government, and are supposed to ensure that information about "U.S. persons" (defined as U.S. citizens or legal residents) is scrubbed from intelligence reports.
Under the RESTORE Act, the court would also have a new, controversial power: granting programmatic or "blanket" warrants for whole classes of individuals overseas who are not U.S. persons. Historically, courts have ruled that such orders violate the Fourth Amendment, which requires that warrants be issued against specific individuals and locations. And although the foreign targets of surveillance don't enjoy constitutional protections, the U.S. persons whom they might call do.
Wittes argues that the RESTORE Act's "approach is a little like asking the courts to approve the reasonableness of police arrest policies prospectively instead of reviewing individual arrests. It's not the way we traditionally do things in the American constitutional system -- and it creates a potentially serious set of constitutional problems with the bill." But the law would require the administration to submit to the court "the procedures it uses to determine which surveillance is exempt from FISA -- and the court has the ability to send them back if they're unreasonable," he adds.
Under the previous version of FISA, the judges found ways to discipline the government. They could reject an application for a warrant; in one case, Lamberth barred a senior FBI official from appearing before the court, because he said that the official had presented false information. The RESTORE Act wouldn't really take these powers away.
Still, some see the recent amendments to FISA as a further weakening of constitutional protections. "There are significant problems that existed with FISA before the Protect America Act," says Jameel Jaffer, the director of the American Civil Liberties Union's National Security Project, who is leading a legal effort to have the court release its written opinions on the NSA's surveillance program.
The court "was created to circumvent the Fourth Amendment," says Jonathan Turley, a professor at the George Washington University Law School and one of the few lawyers ever to go inside the court's secure room. With the Protect America and RESTORE acts, Turley says, "Democrats and Republicans are amending the Constitution by default."
For their part, the FISA court judges are unlikely to weigh in directly on the constitutional debate. But using history as a guide, it seems unlikely that they'll do anything more or less than apply the statute as directed by Congress. Presumably, they'll also steer clear of deciding how valid the statute actually is.
Labels: Director of National Intelligence, Foreign Intelligence Surveillance Act, Intelligence, National Security Agency, Politics, Terrorism
Full Article
The Liberator
Friday, September 21, 2007
Mike Wertheimer may be the most dangerous man in U.S. intelligence. You would probably never guess it, judging from his lengthy and opaque title -- assistant deputy director of national intelligence for analytic transformation and technology. A perfect testament to the well-worn bureaucratic tradition of offering little insight by tossing around a lot of words.
Wertheimer's squishy and unassuming title only hints at some vague, general notion of what he actually does for a living. Particularly for the uninitiated, the moniker buries a sense of authority beneath a pair of prefixes (assistant deputy) and offers an unsatisfying buzzword descriptor (transformation), whose etymology points to some consultant's pocket glossary. The title screams "middle management" and thus reassures, "This guy is not a threat."
That message is especially ironic, because to thousands of powerful career employees in the American intelligence community, Wertheimer is, in fact, very threatening. He threatens to upend their world, to change the way they work, and to foist on them the values of a younger generation of spies, who happen to outnumber them. He also threatens to change the way that policy makers use intelligence to reach decisions, and so to "transform" the intelligence agencies' role in the government. All of this makes Mike Wertheimer very dangerous to people who oppose his basic assumptions. And he knows that. He also knows that, to many thousands more in the intelligence field, he is something of a savior.
To understand the origins and purpose of Wertheimer's office, of which he is the first occupant, it helps to refer to a document that also bears a lengthy title, the report by the Commission on the Intelligence Capabilities of the United States Regarding Weapons of Mass Destruction. Better known as the WMD commission report, it provides a painstaking explanation of how 15 intelligence agencies collectively failed to discover that Saddam Hussein's Iraq possessed no weapons of mass destruction.
The contrary assertion that he did have those weapons -- and thus was a threat to the Middle East and a potential benefactor for terrorists -- was, of course, the Bush administration's chief casus belli for the Iraq war. The claim was backed up at the highest levels of the intelligence community in a National Intelligence Estimate released to Congress in October 2002. The WMD commission, which published its findings in 2005, echoed the sentiments of many intelligence professionals, including some who had participated in and blessed the flawed prewar analysis, by pronouncing the episode "one of the most public -- and most damaging -- intelligence failures in recent American history."
Wertheimer's job is to prevent any more such failures and to make sure that the intelligence agencies can accurately predict a host of catastrophic events, including terrorist attacks and disease outbreaks. The commission laid much of the blame for the bad call on Iraq at the feet of analysts, whom it called "the voice of the intelligence community." Although the problems begin with the failure to collect the right information in the first place, the commission particularly faulted the analysts' inability to make sense of intelligence, and to present their judgments to decision makers. During his time in government, Colin Powell was widely regarded among professionals as a decision maker who understood this inherently murky process. He would say to his intelligence officers, "Tell me what you know, tell me what you don't know, and then tell me what you think is most likely to happen." When that analysis breaks down, as it did with Iraq, "the consequences can be grave," the commission wrote.
To be sure, many career analysts object to the "flaws" the commission cited in their tradecraft, regarding both Iraq and another notorious intelligence failure: the September 11, 2001, terrorist attacks. But very few argue with the substance, or the roots, of these breakdowns. The "intelligence community," as the agencies are collectively known, hardly operates as one, and this lack of coordination and -- especially -- collaboration among analysts means that agency leaders and their clients often don't know what the analysts don't know. The disconnect also means that contrary analysis -- of which there was a significant amount in the run-up to the Iraq war -- may find no quarter in analysts' final judgments. It is a disastrous situation for policy makers, who are increasingly turning to nongovernment experts and the news media for rapid, cogent analysis that the intelligence agencies can't always provide.
The WMD commission identified the fix: "Integrate the community of analysts." That's easier said than done, of course, but Wertheimer and others who understand how very un-integrated the analysts are today know that it is prescriptive advice that they can't afford to reject.
The Threat Within
"Post-9/11, we coined a term, the 'asymmetric threat,' " Wertheimer says. "That's a fancy way of describing a future in which the targets for intelligence, the things that we will focus on, are built, designed, and operate completely differently than the way we do." Transformation, that fuzzy word in his title, means "removing that asymmetry."
Before the attacks, the intelligence community was "like a power builder -- very muscular but not very fast," Wertheimer says. Today, the agencies need to be swift. They need to analyze more information faster. But analysts also need new ways to connect to one another, to benefit from one another's knowledge. If a specialist on sub-Saharan Africa at the Defense Intelligence Agency is studying terrorist inroads into tribal communities, shouldn't a CIA expert in Africa studies know that? Might she have something useful to contribute to the inquiry?
Collaboration isn't an especially novel concept, and the WMD commission wasn't the first to suggest that analysts do more of it. But Wertheimer is the first official in the Office of the Director of National Intelligence -- the "czar" of the community -- to make collaboration a full-time job. Gen. Michael Hayden, the former principal deputy director of national intelligence who is now the CIA director, created the position after talking with Wertheimer two years ago about how to change the way the community operates. The new intelligence director, Mike McConnell, has forcefully backed the transformational efforts, as has his deputy in charge of analysis, Tom Fingar, a career analyst who used to run intelligence at the State Department. Fingar, who is essentially the only official layer between Wertheimer and McConnell, is the political muscle in this endeavor. Wertheimer is the idea man, "my philosopher of transformation," as Fingar recently put it.
Transformation has less to do with changing procedures than with changing people. A key pillar is a suite of new information-sharing and collaborative technologies that look and feel a lot like Google, Wikipedia, and MySpace, the networking and search tools that younger analysts grew up using at home and in their dorm rooms. These newcomers have been baffled to find that these 21st-century staples aren't widely used within the intelligence community.
The first of the new intelligence tools came online recently. Analysts can now log on to Intellipedia, a collaborative knowledge base that they can use to swap leads and examine one another's work. (Officials say that Intellipedia helped one group of analysts create a helpful report on Iraqi insurgents' use of chlorine gas to increase the lethality of improvised explosive devices.) Later this year, Wertheimer's team will launch A-Space ("A" for analyst), modeled after MySpace and the popular website Facebook. Officials hope the new site will help analysts create social networks outside established channels.
In addition to the new tools, Wertheimer and his colleagues have created unusual training programs. One sends analysts to a monthlong retreat at a classified location where they work alongside private-sector experts to investigate complex intelligence topics. Another takes young analysts out of their assigned jobs for two years and puts them through an intensive training program where they learn the tradecraft but also such on-the-ground spy skills as defensive driving and weapons handling. Agencies will ultimately deploy these analysts to global hot spots to support spies in the field.
It's no accident that Wertheimer and his team are aiming these new tools and programs at the younger crowd. Sixty percent of U.S. intelligence analysts have five years of experience or less on the job. In the larger intelligence community of about 100,000 employees, which includes clandestine operatives and support staff, those young workers are about 40 percent of the rolls. America's spies are decidedly green, and they're not comfortable -- or particularly useful -- working in bureaucratic silos without Internet browsers, instant messaging, and social networking sites on their desktops.
In his quest for transformation, Wertheimer is playing to this youthful workforce that finds collaboration neither newfangled nor threatening. For these analysts, networking is just the way information moves. But to the intelligence establishment, information is power, and relinquishing it means losing that power, as the WMD commission and many other critics have repeatedly lamented. It seems illogical to the generation of electronic socializers, but when information moves around, and becomes known to people who don't have the "need to know," veteran members of the community view it as no longer special because it's no longer secret. Too much collaboration also threatens to reveal the sources and methods by which agencies obtain information -- secrets they must zealously guard lest those sources dry up or get killed.
Sharing and secrecy are opposing forces. So this is Wertheimer's task: Transform the massive intelligence bureaucracy into a collaborative network, in which loose lips are, in a way, encouraged; introduce technologies that many seasoned analysts neither understand nor trust; and build a cadre of young, ambitious rookies, who just can't believe they're not allowed to check their personal e-mail at work, into the future of the business.
The opposition is fierce. When The New York Times wrote about A-Space recently, analysts commented about the piece, and about Wertheimer, on a private intelligence community blog. Some recorded their dramatic dissent. "I guarantee," one intelligence employee wrote, "Mike Wertheimer will cause people to get killed over this."
"I am threatening the status quo," Wertheimer says. "And that's a hard pill to swallow for anybody."
Taking the Blame
Wertheimer, 50, is a mathematician who earned his master's and Ph.D. from the University of Pennsylvania. He spent 21 years as a cryptologist at the National Security Agency, and rose to become the agency's most senior technical leader. On paper, he fits the stereotype captured in an old joke among NSA hands: "How can you tell an extroverted analyst? He's the one who looks at your shoes when he's talking."
But Wertheimer defies typecasting. When he speaks, he looks people in the eye, but often from above -- he is 6 feet, 1 inch tall. He has arching eyebrows that signal when he's listening but also serve as a warning for when he's about to descend with an impassioned argument or an analogy that he thinks perfectly captures what he's up against. (In a recent conversation, Wertheimer compared the government's attempts at collaboration to the Borg, the supremely villainous race of cyber-aliens on Star Trek: The Next Generation who "assimilate" whole societies by stripping people of individual character traits and turn them into one giant collective.) If you spotted Wertheimer in a room, or even better, watched him work a room, you might wonder why he hasn't sought his fortune on the motivational speaking circuit.
When he speaks, you get the feeling that he's talking to you. He reveals a lot about himself, which might be unsettling if he weren't so earnest about connecting his flaws and fears to his intelligence work. At a recent conference on analytic transformation in Chicago, Wertheimer confessed to a crowd of more than 400 people that after the 9/11 attacks he felt personally responsible for not anticipating Al Qaeda's strike. He became depressed, he said, and was inconsolable until his father snapped him out of it. "I don't blame you for this," Wertheimer's dad told him, and then warned, "You're scaring your kids," who thought that whenever their father had to rush back to the office, something very bad was about to happen. Wertheimer briefly left government in 2003 to work as a technology consultant but returned two years later.
Wertheimer is like a number of other veteran intelligence officials who were involved in the global hunt for terrorists before 9/11. They feel that their own actions -- more precisely, their inactions -- allowed the disaster. Wertheimer says he blames himself and his colleagues. He thinks he personally failed and, accepting his part in a broken system, he seems to have no qualms about tearing it down and rebuilding.
"It is something that he can appreciate as being absolutely critical to the future of this country and the protection of the country, and when you hear him speak, you get caught up in that emotion," says Tim Sample, a former analyst and staff director of the House Select Committee on Intelligence who knows Wertheimer well. Sample is president of the nonprofit Intelligence and National Security Alliance, which co-hosted the Chicago conference with the intelligence director's office.
In large measure, Wertheimer's charisma comes from his willingness to defy tradition. "We are going to share more," he said in his Chicago speech. "We are going to take risks." Directing his remarks at those who would rather preserve the status quo, he said, "For the first time, the challenge is not why we can't do it; it's how you're going to find a way to secure this." Rather than appeasing members of the intelligence community who blanch at collaboration and its attendant security risks, Wertheimer lays the burden on their shoulders and tells them that if collaboration doesn't happen, they'll take the blame.
But if Wertheimer succeeds, it probably won't be by convincing his intransigent opponents. Rather, he will work with that younger generation at whom transformation is aimed. By and large, these newer members of the community are optimistic and, like him, believe that the intelligence community is dangerously broken.
"It's Huge"
Sean Wohltman, a 25-year-old counter-terrorism analyst with the National Geospatial-Intelligence Agency, embodies the kind of optimistic disillusionment that Wertheimer wants to harness. Two years after defending his master's thesis in geographic information science at Virginia Tech University, Wohltman joined the government "following a call for patriotism," he said. He encountered "disappointment and disillusionment" in his first three months on the job, however.
As Wohltman explained to the Chicago conference, "When I first logged on to what I expected to be a terminal from 24's [counter-terrorist unit] command center, I was instead driven to my agency's home page, which flashed information about an upcoming picnic and links to fill out my health insurance. And not only that, it launched in Netscape." Those in the audience who laughed understood that Netscape is an obsolete Internet browser.
Later, Wohltman explained why it mattered to him that the intelligence agencies were so far behind the technological curve. In 1999, when the popular and controversial music file-sharing system Napster debuted, he pointed out, Ricky Martin's "Livin' la Vida Loca" and other corporately manufactured pop hits topped the Billboard charts. Only artists from big record labels got mass recognition, and listeners were cut off from the bounty of independent and innovative artists who excelled in a variety of musical styles. But that year, Napster's collaborative technology allowed fans of lesser-known artists to share songs, which in turn boosted their recognition, fanned their popularity, and led to greater awareness of the wider music scene. It also fueled the market for independent music and challenged the record companies' dominance of the industry.
Taking Wohltman's analogy, Wertheimer says that the intelligence agencies could be compared to the record companies. Information is filtered through a hierarchical process that culminates in senior executives choosing what intelligence to disseminate to customers. Similar to Napster, tools such as Intellipedia and A-Space -- known as "disruptive technologies" -- bypass this process and get more information out to a wider audience.
But will collaboration guarantee better analysis? Did Napster improve music quality? Did it benefit the industry as a whole? Recording artists and companies sued Napster for copyright infringement, and the network shut down in 2001, eventually to be reborn as a pay-for-service system.
Napster did pave the way for other innovative technologies, which adapted to customers' demands to buy music a la carte, rather than having to pay for an entire album. Today, Apple's iTunes sells songs for 99 cents and threatens the record companies' control of their own products. Collaboration, in a sense, won out, and customers' demand for more music, delivered in new ways, has opened the market to more artists. "Will this lead to better music?" Wertheimer asks. "I can't believe that it will not."
Wertheimer and other transformation proponents often point to iTunes, and the hugely successful iPod music player, to support their theory that collaboration can fundamentally change and improve people's lives. And they reason that A-Space, Intellipedia, and other innovative services will create demand in the intelligence community and overwhelm the transformation naysayers.
Wertheimer channels the enthusiasm of Apple's CEO and co-founder, Steve Jobs, whose rousing keynote speeches, known as "Stevenotes," command more press coverage and world attention than speeches by most members of Congress. But as with Jobs, some skeptics question both the substance and the goal behind Wertheimer's zeal.
Early in Jobs's career, a co-worker coined the term "reality distortion field" to describe the aura that the Apple prophet cast over his spellbound audiences. The term could easily apply to Wertheimer's enthusiastic showmanship. Wikipedia describes RDF as "the idea that Steve Jobs is able to convince people to believe almost anything with a mix of charm, charisma, exaggeration, and marketing. RDF is said to distort an audience's sense of proportion or scale. Small advances are applauded as breakthroughs. Interesting developments become turning points, or huge leaps forward." (The phenomenon has been applied to other leaders, as well.)
Wertheimer does, in fact, applaud certain advances as breakthroughs that others -- particularly those outside of government -- might find underwhelming. For instance, one planned transformation program, the Library of National Intelligence, would be a repository of all the documents produced by all of the agencies. Eventually, Wertheimer hopes, analysts will search the library for key terms, and an automated system will help to judge who should have access to classified materials. He calls this program "huge."
Why is it huge? Some observers would have a hard time believing that the agencies didn't already have such a resource, the kind that most large organizations take for granted. LexisNexis, for example, contains copies of every article published in most of the country's periodicals. Following basic business practices, most companies compile and retain their internal documents for research and for legal purposes.
Wertheimer is careful to put things in perspective. "It's big," he says of the library. But then he quickly follows up: "For us, it's huge." And he's right. Much to the consternation of the WMD commission and others, this is a giant leap for the intelligence community, a kind of moon-landing moment.
But do collaborative libraries -- and wikis, blogs, networking websites, and special training -- make transformation worthwhile?
Change Without End
Mark Lowenthal retired in 2005 as the assistant director of central intelligence for analysis and production. Among seasoned intelligence officials, he is considered one of the most knowledgeable authorities on analysis, the agencies' shortcomings in that regard, and the education of young analysts in the ways of the tradecraft. So in Chicago, when Lowenthal stood up to question why Wertheimer and the DNI's office are expending so much energy on transformation, people listened intently.
"You are urging this transformation for an end that I do not understand," he told Wertheimer. "Collaboration is not an end in itself, to my mind. You want to do this, I think, ... to make analysis better. What does that mean? It means it would be faster? It would be more comprehensible? It would be more accurate more often? I don't think you have a way of knowing at the end of the day when you get there."
Lowenthal doesn't dismiss collaboration out of hand, and he has spent a sizable part of his career trying to create a true intelligence community. But his remarks reflected a palpable skepticism among those who think that it is impossible to know whether Wertheimer's ideas will actually fix intelligence. Lowenthal told him, "I think, unfortunately, a lot of this is pandering to a bunch of commissions that have no understanding of what we do for a living, or the nature of our work, and to a workforce. And I don't think that's a sufficient ground for a transformation. And so I'm left here wondering, what's the end state? For what reason?"
Wertheimer responded that he didn't have a satisfactory answer. The best he could offer, he said, were anecdotes. He has spent the past two years talking to analysts and trying to figure out what those who achieved real breakthroughs -- overcoming "hard problems," he said -- had in common.
The few successes were not enough to prove a theory, he admitted. But the one trait these breakthrough-makers shared was -- perhaps not surprisingly -- collaboration. These were analysts who challenged old assumptions, re-examined evidence that had been set aside as useless, and shared information beyond normal channels. They also, Wertheimer said, ignored their bosses' admonitions that such inquiries -- going back to ground that had been plowed unproductively before -- were "career killers." Bucking authority is another of Wertheimer's recurring themes. He says that a colleague once told him, "You will have succeeded when you become really hard to manage."
Wertheimer, however, plays down the notion of analysts as revolutionaries. "I don't like the thought that transformation is changing something from the past to something new," he says. Rather, transformation is about "creating an environment in which more things could happen than could happen in the past. It's liberating. Let's call it 'analytic liberation.' "
Wertheimer seems perfectly comfortable working in this gray area, where there is no obvious way to know whether his ideas are working and where concepts change on the fly (transformation becomes liberation) and the end goal isn't defined at the outset. Were it not for the DNI's backing, such a nebulous, high-risk approach to preventing another intelligence disaster might never take flight. Wertheimer might still go down in flames, but taking that risk appears to suit him just fine. "We can't afford the kinds of mistakes that we're making based on the way we're doing business today. It's just the bottom line," he said. Riffing off the intelligence blogger's comments, he added, "If I'm the first one to get killed, so be it."
The Hard Sell
Bravado may obscure Wertheimer's pragmatic streak. He is provocative and excitable, and sometimes brash. But those who know him well say that he is also humble and self-deprecating.
He frets that he will become too personally associated with his cause. "I'm a little worried about this being too personality-driven," he says. "This has got to be about ideas. We have to sell people on the ideas."
Wertheimer knows that the reason his pitch isn't resonating with enough people his own age is because he has failed to demonstrate how middle managers and veteran analysts -- the people who are feeling most threatened -- can take part in this grand enterprise, how they can be "liberated." Wertheimer, the realist, has promised to find a place for them. But he does not apologize for embracing young analysts and for assaulting the culture that reared him. "We don't allow our people to reach their full potential," he told the audience in Chicago. "This is a society, this is a community, that tamps down potential."
"We treat [analysis] like a guild," Wertheimer said later, a society of apprentices who study at the feet of masters. "This is like making a fine violin or studying opera. That [approach] makes a lot of sense at the scale that you build violins or have opera singers. But we're talking about massive [numbers] of young people coming in.... They learn on their own. They don't read the rule book. They don't read the owner's manual," he said. "They click buttons and investigate, and if they get bored, they do something else."
If the two sides of this generational divide are irreconcilable, Wertheimer doesn't seem worried, because the rookies have the clear majority. "It's simply a matter of time," he said. "Now, the question we all have in our minds is, how much time can we afford? We can't afford another day."
Several younger colleagues once asked Wertheimer to name his greatest career achievement at the National Security Agency. At one time, he said, he was the world's leading expert on a certain cryptographic technology, the smartest man alive on that one subject. But "that's not what makes me so accomplished," he said. "It's that I'm no longer the No. 1 expert, and that the experts are in this room, because I taught them. And they exceeded everything I could have done on my own."
That's one way Wertheimer judges success: Someone comes along and does it better. It doesn't quite answer his critics' concerns that his ideas might be flawed to begin with. But Wertheimer is a strong believer in the "wisdom of crowds." He and his bosses are betting that collaboration is the way to fix what's broken with intelligence and, by extension, to keep people from dying. If they are right that transformation, in all its forms, is the key to stopping another terrorist attack, or to avoiding another catastrophic intelligence failure, then it seems a decent bet that the next generation of analysts will follow Wertheimer's lead.
"If I can just start something for which a handful of folks better and smarter than me take over," he said, "if you could put that in my epitaph, I would die a happy man."
Published in National Journal
Friday, September 21, 2007
Mike Wertheimer may be the most dangerous man in U.S. intelligence. You would probably never guess it, judging from his lengthy and opaque title -- assistant deputy director of national intelligence for analytic transformation and technology. A perfect testament to the well-worn bureaucratic tradition of offering little insight by tossing around a lot of words.
Wertheimer's squishy and unassuming title only hints at some vague, general notion of what he actually does for a living. Particularly for the uninitiated, the moniker buries a sense of authority beneath a pair of prefixes (assistant deputy) and offers an unsatisfying buzzword descriptor (transformation), whose etymology points to some consultant's pocket glossary. The title screams "middle management" and thus reassures, "This guy is not a threat."
That message is especially ironic, because to thousands of powerful career employees in the American intelligence community, Wertheimer is, in fact, very threatening. He threatens to upend their world, to change the way they work, and to foist on them the values of a younger generation of spies, who happen to outnumber them. He also threatens to change the way that policy makers use intelligence to reach decisions, and so to "transform" the intelligence agencies' role in the government. All of this makes Mike Wertheimer very dangerous to people who oppose his basic assumptions. And he knows that. He also knows that, to many thousands more in the intelligence field, he is something of a savior.
To understand the origins and purpose of Wertheimer's office, of which he is the first occupant, it helps to refer to a document that also bears a lengthy title, the report by the Commission on the Intelligence Capabilities of the United States Regarding Weapons of Mass Destruction. Better known as the WMD commission report, it provides a painstaking explanation of how 15 intelligence agencies collectively failed to discover that Saddam Hussein's Iraq possessed no weapons of mass destruction.
The contrary assertion that he did have those weapons -- and thus was a threat to the Middle East and a potential benefactor for terrorists -- was, of course, the Bush administration's chief casus belli for the Iraq war. The claim was backed up at the highest levels of the intelligence community in a National Intelligence Estimate released to Congress in October 2002. The WMD commission, which published its findings in 2005, echoed the sentiments of many intelligence professionals, including some who had participated in and blessed the flawed prewar analysis, by pronouncing the episode "one of the most public -- and most damaging -- intelligence failures in recent American history."
Wertheimer's job is to prevent any more such failures and to make sure that the intelligence agencies can accurately predict a host of catastrophic events, including terrorist attacks and disease outbreaks. The commission laid much of the blame for the bad call on Iraq at the feet of analysts, whom it called "the voice of the intelligence community." Although the problems begin with the failure to collect the right information in the first place, the commission particularly faulted the analysts' inability to make sense of intelligence, and to present their judgments to decision makers. During his time in government, Colin Powell was widely regarded among professionals as a decision maker who understood this inherently murky process. He would say to his intelligence officers, "Tell me what you know, tell me what you don't know, and then tell me what you think is most likely to happen." When that analysis breaks down, as it did with Iraq, "the consequences can be grave," the commission wrote.
To be sure, many career analysts object to the "flaws" the commission cited in their tradecraft, regarding both Iraq and another notorious intelligence failure: the September 11, 2001, terrorist attacks. But very few argue with the substance, or the roots, of these breakdowns. The "intelligence community," as the agencies are collectively known, hardly operates as one, and this lack of coordination and -- especially -- collaboration among analysts means that agency leaders and their clients often don't know what the analysts don't know. The disconnect also means that contrary analysis -- of which there was a significant amount in the run-up to the Iraq war -- may find no quarter in analysts' final judgments. It is a disastrous situation for policy makers, who are increasingly turning to nongovernment experts and the news media for rapid, cogent analysis that the intelligence agencies can't always provide.
The WMD commission identified the fix: "Integrate the community of analysts." That's easier said than done, of course, but Wertheimer and others who understand how very un-integrated the analysts are today know that it is prescriptive advice that they can't afford to reject.
The Threat Within
"Post-9/11, we coined a term, the 'asymmetric threat,' " Wertheimer says. "That's a fancy way of describing a future in which the targets for intelligence, the things that we will focus on, are built, designed, and operate completely differently than the way we do." Transformation, that fuzzy word in his title, means "removing that asymmetry."
Before the attacks, the intelligence community was "like a power builder -- very muscular but not very fast," Wertheimer says. Today, the agencies need to be swift. They need to analyze more information faster. But analysts also need new ways to connect to one another, to benefit from one another's knowledge. If a specialist on sub-Saharan Africa at the Defense Intelligence Agency is studying terrorist inroads into tribal communities, shouldn't a CIA expert in Africa studies know that? Might she have something useful to contribute to the inquiry?
Collaboration isn't an especially novel concept, and the WMD commission wasn't the first to suggest that analysts do more of it. But Wertheimer is the first official in the Office of the Director of National Intelligence -- the "czar" of the community -- to make collaboration a full-time job. Gen. Michael Hayden, the former principal deputy director of national intelligence who is now the CIA director, created the position after talking with Wertheimer two years ago about how to change the way the community operates. The new intelligence director, Mike McConnell, has forcefully backed the transformational efforts, as has his deputy in charge of analysis, Tom Fingar, a career analyst who used to run intelligence at the State Department. Fingar, who is essentially the only official layer between Wertheimer and McConnell, is the political muscle in this endeavor. Wertheimer is the idea man, "my philosopher of transformation," as Fingar recently put it.
Transformation has less to do with changing procedures than with changing people. A key pillar is a suite of new information-sharing and collaborative technologies that look and feel a lot like Google, Wikipedia, and MySpace, the networking and search tools that younger analysts grew up using at home and in their dorm rooms. These newcomers have been baffled to find that these 21st-century staples aren't widely used within the intelligence community.
The first of the new intelligence tools came online recently. Analysts can now log on to Intellipedia, a collaborative knowledge base that they can use to swap leads and examine one another's work. (Officials say that Intellipedia helped one group of analysts create a helpful report on Iraqi insurgents' use of chlorine gas to increase the lethality of improvised explosive devices.) Later this year, Wertheimer's team will launch A-Space ("A" for analyst), modeled after MySpace and the popular website Facebook. Officials hope the new site will help analysts create social networks outside established channels.
In addition to the new tools, Wertheimer and his colleagues have created unusual training programs. One sends analysts to a monthlong retreat at a classified location where they work alongside private-sector experts to investigate complex intelligence topics. Another takes young analysts out of their assigned jobs for two years and puts them through an intensive training program where they learn the tradecraft but also such on-the-ground spy skills as defensive driving and weapons handling. Agencies will ultimately deploy these analysts to global hot spots to support spies in the field.
It's no accident that Wertheimer and his team are aiming these new tools and programs at the younger crowd. Sixty percent of U.S. intelligence analysts have five years of experience or less on the job. In the larger intelligence community of about 100,000 employees, which includes clandestine operatives and support staff, those young workers are about 40 percent of the rolls. America's spies are decidedly green, and they're not comfortable -- or particularly useful -- working in bureaucratic silos without Internet browsers, instant messaging, and social networking sites on their desktops.
In his quest for transformation, Wertheimer is playing to this youthful workforce that finds collaboration neither newfangled nor threatening. For these analysts, networking is just the way information moves. But to the intelligence establishment, information is power, and relinquishing it means losing that power, as the WMD commission and many other critics have repeatedly lamented. It seems illogical to the generation of electronic socializers, but when information moves around, and becomes known to people who don't have the "need to know," veteran members of the community view it as no longer special because it's no longer secret. Too much collaboration also threatens to reveal the sources and methods by which agencies obtain information -- secrets they must zealously guard lest those sources dry up or get killed.
Sharing and secrecy are opposing forces. So this is Wertheimer's task: Transform the massive intelligence bureaucracy into a collaborative network, in which loose lips are, in a way, encouraged; introduce technologies that many seasoned analysts neither understand nor trust; and build a cadre of young, ambitious rookies, who just can't believe they're not allowed to check their personal e-mail at work, into the future of the business.
The opposition is fierce. When The New York Times wrote about A-Space recently, analysts commented about the piece, and about Wertheimer, on a private intelligence community blog. Some recorded their dramatic dissent. "I guarantee," one intelligence employee wrote, "Mike Wertheimer will cause people to get killed over this."
"I am threatening the status quo," Wertheimer says. "And that's a hard pill to swallow for anybody."
Taking the Blame
Wertheimer, 50, is a mathematician who earned his master's and Ph.D. from the University of Pennsylvania. He spent 21 years as a cryptologist at the National Security Agency, and rose to become the agency's most senior technical leader. On paper, he fits the stereotype captured in an old joke among NSA hands: "How can you tell an extroverted analyst? He's the one who looks at your shoes when he's talking."
But Wertheimer defies typecasting. When he speaks, he looks people in the eye, but often from above -- he is 6 feet, 1 inch tall. He has arching eyebrows that signal when he's listening but also serve as a warning for when he's about to descend with an impassioned argument or an analogy that he thinks perfectly captures what he's up against. (In a recent conversation, Wertheimer compared the government's attempts at collaboration to the Borg, the supremely villainous race of cyber-aliens on Star Trek: The Next Generation who "assimilate" whole societies by stripping people of individual character traits and turn them into one giant collective.) If you spotted Wertheimer in a room, or even better, watched him work a room, you might wonder why he hasn't sought his fortune on the motivational speaking circuit.
When he speaks, you get the feeling that he's talking to you. He reveals a lot about himself, which might be unsettling if he weren't so earnest about connecting his flaws and fears to his intelligence work. At a recent conference on analytic transformation in Chicago, Wertheimer confessed to a crowd of more than 400 people that after the 9/11 attacks he felt personally responsible for not anticipating Al Qaeda's strike. He became depressed, he said, and was inconsolable until his father snapped him out of it. "I don't blame you for this," Wertheimer's dad told him, and then warned, "You're scaring your kids," who thought that whenever their father had to rush back to the office, something very bad was about to happen. Wertheimer briefly left government in 2003 to work as a technology consultant but returned two years later.
Wertheimer is like a number of other veteran intelligence officials who were involved in the global hunt for terrorists before 9/11. They feel that their own actions -- more precisely, their inactions -- allowed the disaster. Wertheimer says he blames himself and his colleagues. He thinks he personally failed and, accepting his part in a broken system, he seems to have no qualms about tearing it down and rebuilding.
"It is something that he can appreciate as being absolutely critical to the future of this country and the protection of the country, and when you hear him speak, you get caught up in that emotion," says Tim Sample, a former analyst and staff director of the House Select Committee on Intelligence who knows Wertheimer well. Sample is president of the nonprofit Intelligence and National Security Alliance, which co-hosted the Chicago conference with the intelligence director's office.
In large measure, Wertheimer's charisma comes from his willingness to defy tradition. "We are going to share more," he said in his Chicago speech. "We are going to take risks." Directing his remarks at those who would rather preserve the status quo, he said, "For the first time, the challenge is not why we can't do it; it's how you're going to find a way to secure this." Rather than appeasing members of the intelligence community who blanch at collaboration and its attendant security risks, Wertheimer lays the burden on their shoulders and tells them that if collaboration doesn't happen, they'll take the blame.
But if Wertheimer succeeds, it probably won't be by convincing his intransigent opponents. Rather, he will work with that younger generation at whom transformation is aimed. By and large, these newer members of the community are optimistic and, like him, believe that the intelligence community is dangerously broken.
"It's Huge"
Sean Wohltman, a 25-year-old counter-terrorism analyst with the National Geospatial-Intelligence Agency, embodies the kind of optimistic disillusionment that Wertheimer wants to harness. Two years after defending his master's thesis in geographic information science at Virginia Tech University, Wohltman joined the government "following a call for patriotism," he said. He encountered "disappointment and disillusionment" in his first three months on the job, however.
As Wohltman explained to the Chicago conference, "When I first logged on to what I expected to be a terminal from 24's [counter-terrorist unit] command center, I was instead driven to my agency's home page, which flashed information about an upcoming picnic and links to fill out my health insurance. And not only that, it launched in Netscape." Those in the audience who laughed understood that Netscape is an obsolete Internet browser.
Later, Wohltman explained why it mattered to him that the intelligence agencies were so far behind the technological curve. In 1999, when the popular and controversial music file-sharing system Napster debuted, he pointed out, Ricky Martin's "Livin' la Vida Loca" and other corporately manufactured pop hits topped the Billboard charts. Only artists from big record labels got mass recognition, and listeners were cut off from the bounty of independent and innovative artists who excelled in a variety of musical styles. But that year, Napster's collaborative technology allowed fans of lesser-known artists to share songs, which in turn boosted their recognition, fanned their popularity, and led to greater awareness of the wider music scene. It also fueled the market for independent music and challenged the record companies' dominance of the industry.
Taking Wohltman's analogy, Wertheimer says that the intelligence agencies could be compared to the record companies. Information is filtered through a hierarchical process that culminates in senior executives choosing what intelligence to disseminate to customers. Similar to Napster, tools such as Intellipedia and A-Space -- known as "disruptive technologies" -- bypass this process and get more information out to a wider audience.
But will collaboration guarantee better analysis? Did Napster improve music quality? Did it benefit the industry as a whole? Recording artists and companies sued Napster for copyright infringement, and the network shut down in 2001, eventually to be reborn as a pay-for-service system.
Napster did pave the way for other innovative technologies, which adapted to customers' demands to buy music a la carte, rather than having to pay for an entire album. Today, Apple's iTunes sells songs for 99 cents and threatens the record companies' control of their own products. Collaboration, in a sense, won out, and customers' demand for more music, delivered in new ways, has opened the market to more artists. "Will this lead to better music?" Wertheimer asks. "I can't believe that it will not."
Wertheimer and other transformation proponents often point to iTunes, and the hugely successful iPod music player, to support their theory that collaboration can fundamentally change and improve people's lives. And they reason that A-Space, Intellipedia, and other innovative services will create demand in the intelligence community and overwhelm the transformation naysayers.
Wertheimer channels the enthusiasm of Apple's CEO and co-founder, Steve Jobs, whose rousing keynote speeches, known as "Stevenotes," command more press coverage and world attention than speeches by most members of Congress. But as with Jobs, some skeptics question both the substance and the goal behind Wertheimer's zeal.
Early in Jobs's career, a co-worker coined the term "reality distortion field" to describe the aura that the Apple prophet cast over his spellbound audiences. The term could easily apply to Wertheimer's enthusiastic showmanship. Wikipedia describes RDF as "the idea that Steve Jobs is able to convince people to believe almost anything with a mix of charm, charisma, exaggeration, and marketing. RDF is said to distort an audience's sense of proportion or scale. Small advances are applauded as breakthroughs. Interesting developments become turning points, or huge leaps forward." (The phenomenon has been applied to other leaders, as well.)
Wertheimer does, in fact, applaud certain advances as breakthroughs that others -- particularly those outside of government -- might find underwhelming. For instance, one planned transformation program, the Library of National Intelligence, would be a repository of all the documents produced by all of the agencies. Eventually, Wertheimer hopes, analysts will search the library for key terms, and an automated system will help to judge who should have access to classified materials. He calls this program "huge."
Why is it huge? Some observers would have a hard time believing that the agencies didn't already have such a resource, the kind that most large organizations take for granted. LexisNexis, for example, contains copies of every article published in most of the country's periodicals. Following basic business practices, most companies compile and retain their internal documents for research and for legal purposes.
Wertheimer is careful to put things in perspective. "It's big," he says of the library. But then he quickly follows up: "For us, it's huge." And he's right. Much to the consternation of the WMD commission and others, this is a giant leap for the intelligence community, a kind of moon-landing moment.
But do collaborative libraries -- and wikis, blogs, networking websites, and special training -- make transformation worthwhile?
Change Without End
Mark Lowenthal retired in 2005 as the assistant director of central intelligence for analysis and production. Among seasoned intelligence officials, he is considered one of the most knowledgeable authorities on analysis, the agencies' shortcomings in that regard, and the education of young analysts in the ways of the tradecraft. So in Chicago, when Lowenthal stood up to question why Wertheimer and the DNI's office are expending so much energy on transformation, people listened intently.
"You are urging this transformation for an end that I do not understand," he told Wertheimer. "Collaboration is not an end in itself, to my mind. You want to do this, I think, ... to make analysis better. What does that mean? It means it would be faster? It would be more comprehensible? It would be more accurate more often? I don't think you have a way of knowing at the end of the day when you get there."
Lowenthal doesn't dismiss collaboration out of hand, and he has spent a sizable part of his career trying to create a true intelligence community. But his remarks reflected a palpable skepticism among those who think that it is impossible to know whether Wertheimer's ideas will actually fix intelligence. Lowenthal told him, "I think, unfortunately, a lot of this is pandering to a bunch of commissions that have no understanding of what we do for a living, or the nature of our work, and to a workforce. And I don't think that's a sufficient ground for a transformation. And so I'm left here wondering, what's the end state? For what reason?"
Wertheimer responded that he didn't have a satisfactory answer. The best he could offer, he said, were anecdotes. He has spent the past two years talking to analysts and trying to figure out what those who achieved real breakthroughs -- overcoming "hard problems," he said -- had in common.
The few successes were not enough to prove a theory, he admitted. But the one trait these breakthrough-makers shared was -- perhaps not surprisingly -- collaboration. These were analysts who challenged old assumptions, re-examined evidence that had been set aside as useless, and shared information beyond normal channels. They also, Wertheimer said, ignored their bosses' admonitions that such inquiries -- going back to ground that had been plowed unproductively before -- were "career killers." Bucking authority is another of Wertheimer's recurring themes. He says that a colleague once told him, "You will have succeeded when you become really hard to manage."
Wertheimer, however, plays down the notion of analysts as revolutionaries. "I don't like the thought that transformation is changing something from the past to something new," he says. Rather, transformation is about "creating an environment in which more things could happen than could happen in the past. It's liberating. Let's call it 'analytic liberation.' "
Wertheimer seems perfectly comfortable working in this gray area, where there is no obvious way to know whether his ideas are working and where concepts change on the fly (transformation becomes liberation) and the end goal isn't defined at the outset. Were it not for the DNI's backing, such a nebulous, high-risk approach to preventing another intelligence disaster might never take flight. Wertheimer might still go down in flames, but taking that risk appears to suit him just fine. "We can't afford the kinds of mistakes that we're making based on the way we're doing business today. It's just the bottom line," he said. Riffing off the intelligence blogger's comments, he added, "If I'm the first one to get killed, so be it."
The Hard Sell
Bravado may obscure Wertheimer's pragmatic streak. He is provocative and excitable, and sometimes brash. But those who know him well say that he is also humble and self-deprecating.
He frets that he will become too personally associated with his cause. "I'm a little worried about this being too personality-driven," he says. "This has got to be about ideas. We have to sell people on the ideas."
Wertheimer knows that the reason his pitch isn't resonating with enough people his own age is because he has failed to demonstrate how middle managers and veteran analysts -- the people who are feeling most threatened -- can take part in this grand enterprise, how they can be "liberated." Wertheimer, the realist, has promised to find a place for them. But he does not apologize for embracing young analysts and for assaulting the culture that reared him. "We don't allow our people to reach their full potential," he told the audience in Chicago. "This is a society, this is a community, that tamps down potential."
"We treat [analysis] like a guild," Wertheimer said later, a society of apprentices who study at the feet of masters. "This is like making a fine violin or studying opera. That [approach] makes a lot of sense at the scale that you build violins or have opera singers. But we're talking about massive [numbers] of young people coming in.... They learn on their own. They don't read the rule book. They don't read the owner's manual," he said. "They click buttons and investigate, and if they get bored, they do something else."
If the two sides of this generational divide are irreconcilable, Wertheimer doesn't seem worried, because the rookies have the clear majority. "It's simply a matter of time," he said. "Now, the question we all have in our minds is, how much time can we afford? We can't afford another day."
Several younger colleagues once asked Wertheimer to name his greatest career achievement at the National Security Agency. At one time, he said, he was the world's leading expert on a certain cryptographic technology, the smartest man alive on that one subject. But "that's not what makes me so accomplished," he said. "It's that I'm no longer the No. 1 expert, and that the experts are in this room, because I taught them. And they exceeded everything I could have done on my own."
That's one way Wertheimer judges success: Someone comes along and does it better. It doesn't quite answer his critics' concerns that his ideas might be flawed to begin with. But Wertheimer is a strong believer in the "wisdom of crowds." He and his bosses are betting that collaboration is the way to fix what's broken with intelligence and, by extension, to keep people from dying. If they are right that transformation, in all its forms, is the key to stopping another terrorist attack, or to avoiding another catastrophic intelligence failure, then it seems a decent bet that the next generation of analysts will follow Wertheimer's lead.
"If I can just start something for which a handful of folks better and smarter than me take over," he said, "if you could put that in my epitaph, I would die a happy man."
Published in National Journal
Labels: Director of National Intelligence, Human Capital, Intelligence, Management, Technology, Terrorism
Full Article
Intelligence Innovation Lags
Friday, August 03, 2007
America's declining influence over scientific and technological innovation has had "an enormous impact" on U.S. intelligence agencies, and "makes it more likely that our adversaries can employ the very same -- or perhaps even more advanced" -- science and technology than that available to the United States. That's the assessment from the Intelligence Science Board, which advises senior intelligence leaders.
In a report issued in November, parts of which were recently obtained by National Journal, the board warned that although the United States remains the world leader in some fields of science and engineering, that position is slipping -- and the slide imperils the intelligence community's ability to adapt to a dramatically changing technological landscape that terrorists are increasingly exploiting.
Terrorists have used the Internet, which has enabled a "worldwide diffusion" of knowledge, to gather and transmit scientific and technological know-how, leading to "incredible capabilities that our adversaries have exploited and used to further the goals of radical Islam," the report states. The assessment doesn't specify the capabilities, but terrorists are widely known to use the Internet to communicate with each other, disseminate propaganda, and publish information on building bombs and designing attacks.
The report, which is marked "For Official Use Only," was prepared for the Office of the Director of National Intelligence; National Journal obtained portions of it from a source outside that office. It casts the U.S. decline in overall research and development as an enormous challenge to the intelligence agencies' ability to collect information about new adversaries. The board calls for "an entirely new approach to increasing the contribution of" science and technology to intelligence capabilities, but it offers a bleak assessment of the progress made on that front. "Neither the intelligence community nor the S&T establishment," the report states, "has put forth viable strategies for accomplishing this change."
Against this backdrop, the DNI is launching a research-and-development effort to provide "breakthrough" technologies for the intelligence agencies, including sensors and communications devices that can help human spies collect more-detailed information. This research extends beyond the traditional realm of satellite imagery and eavesdropping to include an emphasis on devices that spies can use to narrowly target individuals and groups, and to anticipate their movements.
Beginning next year, R&D efforts that have application for many, or all, of the intelligence agencies will be centralized in a single outfit called the Intelligence Advanced Research Projects Activity and dubbed iARPA. Modeled after the Defense Department's hugely successful DARPA, which developed stealth aircraft and paved the way for the Internet, iARPA will pull together research funds from across the agencies to increase the chances of fielding new, better technologies, according to Steve Nixon, director of science and technology for the DNI.
The research agency will officially open its doors in October 2008. Its goal is to ensure that new technologies don't take the intelligence agencies by surprise, Nixon said. But it will also look for tools to surprise America's adversaries and to collect information about them in ways they haven't anticipated or don't understand. "We really need to pursue surprise in the intelligence community more than we have before," Nixon said.
During the Cold War, the United States deployed fleets of spy satellites to track Soviet military movements. But terrorists operate in a fundamentally different way than do nation states -- their network "resembles a metastasized cancer that has spread through the world body," according to the intelligence board. Terrorists are, by their very nature, harder to track and anticipate. For that reason, "precisely targeted intelligence represents the best way to combat spreading terrorism," and the intelligence community must do a better job of developing the tools to do that, the report states.
According to Nixon, iARPA will focus on improving intelligence collection and analysis. "We think we can do more to help analysts deal with information," he said. Today, much of the most valuable information about terrorism resides in the world of open sources -- the Internet, the media, and academia. The intelligence agencies have spent millions of dollars on efforts to keep this multiplicity of sources and huge volume of information from overwhelming their analysts.
The Intelligence Science Board emphasized that U.S. spies need to keep pace with the increasingly rapid development and deployment of new technologies but found that, in large measure, the government is in the dark about new R&D and unable to direct it.
The report starkly states: "The government now has far less control than before over the problems addressed, the selection of personnel to perform the work, and the locations where the work is carried out, and less knowledge than ever before of what work is actually being done." Decades ago, the federal government, and particularly military and space programs, were the primary drivers of American R&D. Over time, that balance shifted, and today the private sector directs almost all new research.
The new research unit will absorb research funds from three other agencies: the Disruptive Technology Office, once overseen by the National Security Agency and now under the DNI, which designs and vets computer programs that help analysts cope with large sets of data; a CIA research unit called the Intelligence Technology Innovation Center; and the National Technology Alliance, which focuses on a range of issues, including biological, chemical, and nuclear countermeasures. The alliance is housed at the National Geospatial Intelligence Agency, which produces imagery and detailed maps for military and homeland-security operations.
Some intelligence officials are hopeful about iARPA's potential. "It could be a good thing," said Mark Reardon, director of the National Technology Alliance. Founded in 1987, the NTI encourages small businesses, especially those not accustomed to working with the government, to bring new technologies to the intelligence community.
The CIA "has made a serious commitment of resources -- people and dollars -- to strengthen technology programs" at the community-wide level, meaning those that apply to more than one intelligence agency, said Paul Gimigliano, an agency spokesman. "Those resources would be at the heart of iARPA. But we still need, and will still have, a strong focus on research and innovation within the CIA itself," he said. The agency has a "full range of technical issues intrinsic to the agency's specialty, clandestine operations," he added.
Nixon said that the agencies whose funds iARPA is subsuming had worked on projects with outside applications but were all under pressure to meet their own needs. He emphasized that iARPA is not taking over all of the other agencies' research budgets. "We're talking about money that was only set aside for future community research."
The Intelligence Science Board urged caution when combining all research programs under one umbrella, arguing that doing so could stymie innovation and "maximize the probability of failure, not success" if the new efforts were inadequately funded. "That legacy would have agonizing consequences," the report stated.
The board also wrote that its members "enthusiastically support the iARPA concept" but asserted that existing research programs "lack adequate staffing and finances." (The intelligence research budgets are classified.) The board urged the director of national intelligence to use his authority to reallocate agency budgets and to fund iARPA "at a minimum of double the level of the existing organizations." A funding increase, the board argued, was needed to free up more money for new ideas and longer-term projects, "and avert poaching on programs already under way."
One former intelligence official, who asked not to be identified because Congress has yet to pass next year's intelligence budget, worried that Congress hasn't sufficiently funded iARPA, and questioned whether administration officials had pushed hard enough for more money. The official also described significant resistance at the individual agencies to giving up any resources, and cautioned that iARPA could stymie innovation if it "stovepipes" research and development all in one place.
Nixon, while not addressing the specifics of the report, said that iARPA will centrally manage contracts and projects but that outside researchers and other agencies will handle much of the work. He also said that, following the DARPA model, the new agency would limit the tenure of its managers as a way of ensuring a constant flow of new talent and ideas.
Published in National Journal
Friday, August 03, 2007
America's declining influence over scientific and technological innovation has had "an enormous impact" on U.S. intelligence agencies, and "makes it more likely that our adversaries can employ the very same -- or perhaps even more advanced" -- science and technology than that available to the United States. That's the assessment from the Intelligence Science Board, which advises senior intelligence leaders.
In a report issued in November, parts of which were recently obtained by National Journal, the board warned that although the United States remains the world leader in some fields of science and engineering, that position is slipping -- and the slide imperils the intelligence community's ability to adapt to a dramatically changing technological landscape that terrorists are increasingly exploiting.
Terrorists have used the Internet, which has enabled a "worldwide diffusion" of knowledge, to gather and transmit scientific and technological know-how, leading to "incredible capabilities that our adversaries have exploited and used to further the goals of radical Islam," the report states. The assessment doesn't specify the capabilities, but terrorists are widely known to use the Internet to communicate with each other, disseminate propaganda, and publish information on building bombs and designing attacks.
The report, which is marked "For Official Use Only," was prepared for the Office of the Director of National Intelligence; National Journal obtained portions of it from a source outside that office. It casts the U.S. decline in overall research and development as an enormous challenge to the intelligence agencies' ability to collect information about new adversaries. The board calls for "an entirely new approach to increasing the contribution of" science and technology to intelligence capabilities, but it offers a bleak assessment of the progress made on that front. "Neither the intelligence community nor the S&T establishment," the report states, "has put forth viable strategies for accomplishing this change."
Against this backdrop, the DNI is launching a research-and-development effort to provide "breakthrough" technologies for the intelligence agencies, including sensors and communications devices that can help human spies collect more-detailed information. This research extends beyond the traditional realm of satellite imagery and eavesdropping to include an emphasis on devices that spies can use to narrowly target individuals and groups, and to anticipate their movements.
Beginning next year, R&D efforts that have application for many, or all, of the intelligence agencies will be centralized in a single outfit called the Intelligence Advanced Research Projects Activity and dubbed iARPA. Modeled after the Defense Department's hugely successful DARPA, which developed stealth aircraft and paved the way for the Internet, iARPA will pull together research funds from across the agencies to increase the chances of fielding new, better technologies, according to Steve Nixon, director of science and technology for the DNI.
The research agency will officially open its doors in October 2008. Its goal is to ensure that new technologies don't take the intelligence agencies by surprise, Nixon said. But it will also look for tools to surprise America's adversaries and to collect information about them in ways they haven't anticipated or don't understand. "We really need to pursue surprise in the intelligence community more than we have before," Nixon said.
During the Cold War, the United States deployed fleets of spy satellites to track Soviet military movements. But terrorists operate in a fundamentally different way than do nation states -- their network "resembles a metastasized cancer that has spread through the world body," according to the intelligence board. Terrorists are, by their very nature, harder to track and anticipate. For that reason, "precisely targeted intelligence represents the best way to combat spreading terrorism," and the intelligence community must do a better job of developing the tools to do that, the report states.
According to Nixon, iARPA will focus on improving intelligence collection and analysis. "We think we can do more to help analysts deal with information," he said. Today, much of the most valuable information about terrorism resides in the world of open sources -- the Internet, the media, and academia. The intelligence agencies have spent millions of dollars on efforts to keep this multiplicity of sources and huge volume of information from overwhelming their analysts.
The Intelligence Science Board emphasized that U.S. spies need to keep pace with the increasingly rapid development and deployment of new technologies but found that, in large measure, the government is in the dark about new R&D and unable to direct it.
The report starkly states: "The government now has far less control than before over the problems addressed, the selection of personnel to perform the work, and the locations where the work is carried out, and less knowledge than ever before of what work is actually being done." Decades ago, the federal government, and particularly military and space programs, were the primary drivers of American R&D. Over time, that balance shifted, and today the private sector directs almost all new research.
The new research unit will absorb research funds from three other agencies: the Disruptive Technology Office, once overseen by the National Security Agency and now under the DNI, which designs and vets computer programs that help analysts cope with large sets of data; a CIA research unit called the Intelligence Technology Innovation Center; and the National Technology Alliance, which focuses on a range of issues, including biological, chemical, and nuclear countermeasures. The alliance is housed at the National Geospatial Intelligence Agency, which produces imagery and detailed maps for military and homeland-security operations.
Some intelligence officials are hopeful about iARPA's potential. "It could be a good thing," said Mark Reardon, director of the National Technology Alliance. Founded in 1987, the NTI encourages small businesses, especially those not accustomed to working with the government, to bring new technologies to the intelligence community.
The CIA "has made a serious commitment of resources -- people and dollars -- to strengthen technology programs" at the community-wide level, meaning those that apply to more than one intelligence agency, said Paul Gimigliano, an agency spokesman. "Those resources would be at the heart of iARPA. But we still need, and will still have, a strong focus on research and innovation within the CIA itself," he said. The agency has a "full range of technical issues intrinsic to the agency's specialty, clandestine operations," he added.
Nixon said that the agencies whose funds iARPA is subsuming had worked on projects with outside applications but were all under pressure to meet their own needs. He emphasized that iARPA is not taking over all of the other agencies' research budgets. "We're talking about money that was only set aside for future community research."
The Intelligence Science Board urged caution when combining all research programs under one umbrella, arguing that doing so could stymie innovation and "maximize the probability of failure, not success" if the new efforts were inadequately funded. "That legacy would have agonizing consequences," the report stated.
The board also wrote that its members "enthusiastically support the iARPA concept" but asserted that existing research programs "lack adequate staffing and finances." (The intelligence research budgets are classified.) The board urged the director of national intelligence to use his authority to reallocate agency budgets and to fund iARPA "at a minimum of double the level of the existing organizations." A funding increase, the board argued, was needed to free up more money for new ideas and longer-term projects, "and avert poaching on programs already under way."
One former intelligence official, who asked not to be identified because Congress has yet to pass next year's intelligence budget, worried that Congress hasn't sufficiently funded iARPA, and questioned whether administration officials had pushed hard enough for more money. The official also described significant resistance at the individual agencies to giving up any resources, and cautioned that iARPA could stymie innovation if it "stovepipes" research and development all in one place.
Nixon, while not addressing the specifics of the report, said that iARPA will centrally manage contracts and projects but that outside researchers and other agencies will handle much of the work. He also said that, following the DARPA model, the new agency would limit the tenure of its managers as a way of ensuring a constant flow of new talent and ideas.
Published in National Journal
Labels: Director of National Intelligence, Intelligence, Technology, Terrorism
Full Article
The Spy Gap
Tuesday, May 01, 2007
Intelligence agencies must decode a human capital crisis.
Tuesday, May 01, 2007
Intelligence agencies must decode a human capital crisis.
When Tom Waters decided to become a spy, the first thing on his mind wasn't how much he'd get paid.
On the morning of Sept. 11, 2001, Waters, then a 36-year-old business consultant living in Tampa, Fla., packed his bags for a business trip to Montreal. His girlfriend, Cathy, called to say a plane had hit the World Trade Center in New York. Waters turned on the television and watched as a second plane, United Airlines Flight 175, plunged into the South Tower. "I thought, 'Oh crap, this is not an accident,' " Waters says.
What he did next tells you everything that is good, and that is truly regrettable, about life as an employee of a U.S. intelligence agency.
Three days after Sept. 11, Waters, along with more than 150,000 others, applied to work for the CIA. The CIA typically receives tens of thousands of applications, and accepts fewer than 1 percent. To handle the deluge of job-seekers, hiring officials brought in retired officers and seconded other staff. Nearly a year later, after a battery of interviews, medical exams and psychiatric tests, the agency offered Waters a job, and he joined the first post-Sept. 11 class of the National Clandestine Service - the country's top spies.
Waters, who wrote a book about his experience, called Class 11: Inside the CIA's First Post-9/11 Spy Class (Dutton, 2006), says he and his fellow spies-in-training were singularly motivated: "Everyone was there to make sure another attack didn't happen." The character of this class was unusual. "There was a strong business flavor. Investment bankers, corporate attorneys." Not the expected bunch of recent college graduates with no work experience and few marketable skills.
Waters had chosen a particularly inopportune time to join. Since applying, he and his girlfriend had married and were trying to have children. Waters writes that he "disappeared" for the first year of his marriage, "even when we [did] manage to live under the same roof."
Class 11 chronicles Waters' year of demanding training. The narrative is steeped in his sense of awe, intrigue and unbridled excitement about the lifelong adventure ahead of him. There is no doubt that he wanted to spy for his country. But by late 2004, he and Cathy were expecting their first child and planning for another. The path to parenthood had been difficult and expensive - they blew through much of their savings on fertility treatments. Cathy wanted to stay home with the baby. Waters knew promotions and pay raises in the CIA were based on time served; there was no accounting for his years of professional expertise, which would fetch higher wages in the private sector. Waters questioned whether he could support his family on an entry-level salary and pay for a home in the Washington area, all while pushing 40.
"I sat down and did the numbers and scared the hell out of myself," he says. "I would be 65 by the time my children got out of college. The first phrase that came to mind was, 'Welcome to Wal-Mart.' "
So in February 2005, Waters quit. "That last day, walking out, that was hard," he says. If the money had been right, "I would have never left." Today, Waters is a contractor for the Defense Department, working in counterintelligence at a security facility in the Army's Special Operations Command, back in Tampa. He also has done contract work for the CIA. In many ways, he hasn't left the intelligence community, but now his shopping options extend beyond the discount chain.
Mind the Gap
Tom Waters could be the poster boy for a new breed of intelligence agency employee. They are the future spies, analysts, technologists and linguists who signed up in the grips of a nationalistic furor over terrorism. They believe America has enemies, and they want to fight them. They hail from the best schools and come equipped with skills intelligence agencies desperately need.
Many of them also have no intention of spending a career in government. Pledging allegiance to a single agency and a 30-year career track is a foreign concept. Monetary concerns figure heavily in their professional calculus. Mobility isn't a ladder, but a hopscotch board. They might have multiple careers, maybe retire early, go to cooking school. Old hands have a name for these 21st century rookies, not all of whom are young. They call them, derisively, the "millennials."
The intelligence community is divided by a generation gap, one that threatens to undermine its ability to perform its missions, including keeping the country safe from terrorists. The intelligence workforce is out of balance. It can be plotted as two humps on a graph. At the beginning of the experience spectrum are the millennials, green, just learning the ropes, no more than a half-decade of experience under their belts. They make up more than 35 percent of the total intelligence workforce. At the far end is a large number of highly skilled, longtime employees, moving closer to retirement by the day. In between those two humps, where there should be a stockpile of experienced middle managers, the future leaders of the community, there is instead a deep, unsettling valley.
The agencies' top leaders are laboring furiously to fill it. In the nearly six years since Sept. 11, the CIA and other agencies haven't wanted for applicants; there are more people who want jobs than there are billets. But training employees takes years. To fill the gap in the meantime, during wartime, the agencies have hired contractors in record numbers. The agencies have outsourced some of the most sensitive functions, including analysis, spying on foreign adversaries, prisoner interrogation and translation services.
The outsourcing could be temporary, assuming intelligence agencies eventually replenish their personnel stocks. Except that the agencies actually are competing with the contractors for workers. According to the five-year strategic human capital plan at the Office of the Director of National Intelligence, "those same contractors recruit our employees, already cleared and trained at government expense, and then 'lease' them back to us at considerably greater expense."
Today's competitive job market is defined not by the institution, but by the free agent. The federal intelligence community has become a place where the millennials learn spying tradecraft, obtain a coveted top-level security clearance and then bolt to contractors for heftier paychecks. This has become so common that intelligence observers now fear it could become the career path of choice - break into the private sector via the government.
Assessing the situation, Ronald Sanders, the intelligence community's top personnel manager, says the notorious phrase "human capital crisis" is not a bad choice to describe the predicament. "Certainly potential crisis is an apt description," says Sanders, chief human capital officer at ODNI.
The Wages of Peace
No one in the intelligence agencies is surprised it has come to this. The crisis was entirely predictable, they say, and can be traced, ironically, to a peace dividend. Following the collapse of the Soviet empire, Congress and the administration decreased intelligence funding and pruned back the workforce. The decision was not without controversy, but the prevailing wisdom held that with the country's main enemy out of the way, there was no need to maintain a wartime footing. Former CIA director George Tenet has said that in the 1990s, agencies eliminated or didn't fill 23,000 positions. "The intelligence community was literally gutted," Sanders says. "By design or by default, we were downsized dramatically. We lost core capability."
What was left of the Cold War workforce moved into the senior ranks and management positions. "Now, you turn around and look behind them, there's nobody there," Sanders says. That's the valley between the two humps.
Fast forward to Sept. 11, when the anemic agencies were thrust to the front lines of a new war on terrorism. The workforce had to scramble against a new enemy, one that few understood. The hiring push, and the contractor spree, ensued. Sanders says staffing levels are "finally getting back to where they were" before the 1990s cuts. But most of the new recruits are filling entry-level jobs. "Our bench strength at the midcareer level is really problematic," he says.
The millennials still aren't fully trained, and aren't ready to head into the valley. It takes, on average, three to five years to season an analyst, and about seven years of work "on the street" to sufficiently train for clandestine work, says Mark Lowenthal, who retired in 2005 as assistant director of central intelligence for analysis and production. He worked in the intelligence agencies for more than 30 years, and spent a good part of his career wrestling with the personnel crisis.
Historically, Lowenthal says, the agencies have trained independently. "If you join [the National Security Agency], you go to the NSA school. We put you in a stovepipe as soon as we get you." On the rare occasion employees want to transfer, managers see them as essentially untrained. "They treat you like they've never seen you before inside the system. You're an outsider," Lowenthal says.
Over time, employees developed narrower, agency-specific expertise about emerging threats. There was no spirit of collaboration, because the workforce wasn't designed for it. This is the institutional reason so many dots about terrorism remained unconnected before Sept. 11.
Now, policymakers are demanding that agencies share their knowledge and expand their targets beyond the old Soviet foe. "The subjects that we worry about have all changed dramatically," Sanders says. The experience gap impedes the agencies' evolution. Personnel managers know they can't fill it by speeding up training times. So they've decided to get smarter about using the expertise they have. To keep the human capital crisis from sinking the intelligence community, they say, the community needs to act like one.
Taking Stock
Before he retired, Lowenthal helped launch a communitywide catalog of intelligence analysts, a kind of Yellow Pages that lets managers see who has expertise on specific regions or issues. Such detail is essential for long-term human capital planning, managers say, and reflects a core belief - which is not universally shared - that an analyst is an analyst, regardless of which agency he calls home.
Managers have made some startling revelations in the catalog. For instance, "We are woefully deficient in the number of analysts who have expertise in sub-Saharan Africa," a region of great concern to policymakers, Sanders says. Previously, managers understood such shortfalls only "at the anecdotal level," he says, and couldn't efficiently plot to fill the gaps. In the coming months, managers plan to launch catalogs for intelligence collectors, technologists and acquisition specialists.
Knowing how employees spend their time also lets managers eliminate redundancies, which they can ill afford. Recently, ODNI asked agencies, "Who does what on Iraq?" "[It] took a couple of iterations before people understood the question," Thomas Fingar, the deputy director of national intelligence who oversees analysis policy, said in a speech in Denver in August. Some people replied, "We do everything on Iraq," and others said they did "important things on Iraq" and disseminated their work to "important customers" in all kinds of ways.
"We discovered a very large community of people acting like 8-year-olds playing soccer, bunched around a ball over here and a lot of areas of the field uncovered," Fingar said. But apparently, just knowing where the overlaps existed helped to get rid of them. "As soon as components of the analytic enterprise [the various agencies working on Iraq] saw that, they didn't need me to tell them to adjust; they began to adjust," Fingar said.
Managers are trying to fill other skills gaps quickly. To beef up the low numbers of linguists who can speak Arabic, Dari, Chinese and Korean - to name a few - agencies last year gave several hundred scholarships to college students. They agreed to study languages in exchange for a work commitment. ODNI also is paying for summer language immersion programs for elementary and high school students. "You've got to get to them as young as possible," says Lowenthal, who was in charge of language programs for analysts.
Officials want to close a gap in the security clearance process, as well. New Director of National Intelligence Michael McConnell wants to speed up that process, which can take more than a year, and to make it less rigorous for first- and second-generation Americans, the native language speakers who hail from immigrant neighborhoods. The clearance process generally nixes people with relatives and business ties overseas, fearing that recruits could be blackmailed or compromised.
All these near- and longer-term fixes might help keep the intelligence ship afloat. But there's also a softer side of management for which there's no easy solution - keeping employees happy.
In Search of Leaders
Every year, Fortune magazine publishes the authoritative ruling on where companies rank in terms of employee satisfaction, the "100 Best Companies to Work For" list. It's compiled through surveys that ask employees to respond to such statements as "I've got all the tools I need to do my job" or "There's a minimum of back-stabbing and politicking."
Fortune's Milton Moskowitz, who co-wrote the 2007 survey, says that regardless of a company's size or earnings, two key trends help dictate how great a workplace actually is: "a strong mission and a strong culture that people buy into," he says, and "communication between management and employees. Not just from the top down, but are there opportunities for employees of these companies to talk back."
The Fortune survey doesn't examine government agencies. But Moskowitz says the essential themes are constant. So, where would the intelligence agencies rank? According to the most recent Intelligence Community Employee Climate Survey, released in April, 74 percent of participants gave a "positive" response when asked, "Considering everything, how satisfied are you with your job?" Only 12 percent responded "negative." The positive rating exceeds that of the 2006 Federal Human Capital Survey, which gauges the governmentwide mood.
But intelligence employees aren't as positive about their managers. Only 57 percent of survey respondents said they "have a high level of respect for my organization's senior leaders." Twenty-four percent were neutral, and 17 percent had a negative response. Asked to rate their leaders' ability "generate high levels of motivation and commitment in the workforce" the numbers fell: 43 percent positive and 25 percent negative. The five-year human capital planning document concluded that "many employees across the [intelligence community] are looking for even stronger leadership, and leaders who will help them fulfill their potential."
Such people are called mentors. The millennials crave them. And that leaves some old hands scratching their heads.
The intelligence agencies have some official mentoring programs, but longtime employees say these don't amount to a widespread, institutional focus on rearing a new generation. Mentoring "is one thing we do badly," Lowenthal confesses. New recruits, particularly younger ones, "have this expectation that they will have a mentor. I don't know where they get it."
Intelligence veterans are flustered by their needier colleagues. Intelligence is a silent service, they say. Most victories never are celebrated publicly, and the culture "does not cater to individual attention," says a former CIA official.
This official recalls an anecdote that exposes the dark underbelly of the generation gap. A senior officer, who managed a pair of new analysts, arrived in the office one day to find that "one of the kids hadn't shown up for work," the former official says. Hours later, the young analyst appeared, and the boss asked, "Where have you been?" The analyst explained that "one of his friends had had a 'professional crisis. We had to sit down and work things out.' " The former official says his colleague was speechless, and later said in private, "You know, I had a bad day once. No one cared!"
Senior employees who think these usually younger millennials are soft blame the parents, suspecting they were too quick to reward the child's every achievement, no matter how insignificant. The old-timers call them "trophy kids," a nod to Ben Stiller's character in the film Meet the Fockers, whose parents built a shrine for their son's 9th place ribbons for various childhood sporting events. Stiller's future father-in-law, played by Robert DeNiro, is repulsed by this celebration of mediocrity. Fittingly, DeNiro's character is a retired CIA operative.
"This is not a system where everybody sits around the table with their Play-Doh and shares and applauds for each other," the former official says. "It values devotion to the system and overwork, and an absolute feeling of being part and parcel of that system." But that, the former official admits, "creates turnover." Whether that's an acceptable outcome depends on who's asking the question.
Sanders says in core skills - analysis and collection - "our retention is very high." His office has measured top-performing employees against the overall government figures. "The attrition rate for the people with the highest performance ratings is markedly lower than it is for overall attrition," Sanders says. "So, we are keeping the very best people."
But some former spies say otherwise. Lindsay Moran, who worked in the clandestine service at the CIA from 1998 until 2003, has written that the agency's official attrition rate - about 4.5 percent - is, "like almost everything else about the agency . . . deceptive." Spies, she argues, are leaving at a higher rate.
"When I was a clandestine service trainee, we used to joke about people who were on the 'five-year plan,' " Moran wrote in Government Executive in 2005. Recruits would join, undergo training and then quit after a short overseas tour. "Sometimes these officers left for personal reasons, but more often they came to the disheartening realization that the operations directorate [where the spies work] was poorly managed to the point of near dysfunction," she wrote. Contradicting Sanders, Moran wrote that the CIA suffers from "reverse Darwinism: The best left early, while mediocre officers stayed and inevitably were promoted."
Lowenthal bemoans attrition as an unfortunate byproduct of the intelligence system. Before he retired, the community was attracting bright crops of analysts. "They were not all refugees from failed dot-coms," he says. "They were joining because they felt we had been attacked, and they wanted to serve our country. What else could you ask for?"
The rookies come from companies where mentoring isn't a foreign concept, and from a workplace culture that encourages versatility. Once they get inside the intelligence system, with its demand for an outdated kind of devotion, the excitement that drove them to service dissipates. "We do things to them in terms of career management that beats that out of them," Lowenthal says.
But the millennials and the trophy kids have a thing or two to teach their bosses about management.
Generation Next
"Intelligence reform" is an umbrella term that encompasses the changes in workforce culture that agency managers want to make. They want to enhance employees' use of technology, to allow a new generation of analysts and collectors to collaborate, to share information so they can connect the dots. To a lot of managers, these are buzzwords, but they have real meaning. And no one understands that better than the millennials.
"If you think about what skills those kids bring in, they have grown up with cell phones, e-mails," says Tom Waters, the former spy. "They do not know how to stovepipe information. It's completely foreign to them. Their encyclopedia is not Britannica, it's Wikipedia."
These new workers approach their jobs in a fundamentally different way, Waters says, one that's an anathema to many old-timers, but completely in line with where legions of experts and critics say the community needs to go. "They'll hear something, and they're going to immediately bounce it off their buddies, who are cleared." Problem-solving sessions could look a lot like two young analysts sitting down together and "working it all out." Intelligence could evolve into a far more open, and informal, craft.
Managers are starting to catch on. In the past year, the intelligence community has launched its own version of Wikipedia, called Intellipedia, which lets more than 3,600 users share information - and challenge it - in a classified setting. Analysts write posts and add to entries about the most difficult targets the agencies face. This year, employees will begin using other online collaboration tools, including one that gives credit by name to anyone who provides "insight that fills an intelligence gap," according to a DNI planning document.
Intelligence managers also want to sate younger workers' appetite for mobility. In the future, all promotions to senior positions will require joint-duty assignments. Employees must serve at more than one agency and try their hands at different skills. Sanders says he has spoken to hundreds of rookies full of wanderlust. "I can scratch that itch," he tells them.
Sanders and his colleagues are in a rush against retirement to institutionalize their reforms. "I don't think we have time for this to take 10 years," he says. "We're about two years into something that I hope we can get done in four, and at least say, we've reached the tipping point."
However agencies get there - probably through a generational shift - managers are banking on the fact that, for a select and sufficient few, the allure of the intelligence business always will be unique, and will bring the most dedicated to their door.
In Class 11, Waters writes about his first day at CIA headquarters, when he and his colleagues huddled around the famous agency seal, carved in granite on the lobby floor. "We grin like maniacs. . . . This is where presidents and dignitaries take pictures commemorating their visits. To stand here is to truly appreciate the exclusivity of our new jobs."
Today, Waters still has some entree into that exclusive club. His contractor work brings him, on occasion, back to headquarters. And though that trip is tinged with nostalgia, he says some things remain the same. "I've got that same, stupid grin on my face when I drive in again." he says.
Published in Government Executive.Labels: Human Capital, Intelligence, Management
Full Article
Signals and Noise
Friday, June 16, 2006
People like to say that the world changed on 9/11. That it became a more confusing place. But for two men, as buildings and bodies burned, the world became much clearer.
On the morning of September 11, 2001, John Poindexter, a 65-year-old retired rear admiral and President Reagan's onetime national security adviser, was driving to his office at a technology firm in Arlington, Va. He was 5 miles north of the Pentagon.
Poindexter's wife, Linda, rang his cellphone. Airplanes had flown into the twin towers in New York City, and one just crashed into the Pentagon, she said. "But Mark is OK. He wasn't in the building." Mark, one of the Poindexters' five sons, was a commander on the chief of naval operations' staff. His offices sat where the plane crashed, but most of the staff had cleared out earlier to accommodate Pentagon renovations.
"First, I was relieved that Mark was not in the building," Poindexter recalled in interviews in 2004. "Next, I realized this was a well-coordinated attack of the type that we had been working to prevent."
Poindexter was the senior vice president at Syntek Technologies. Under contract with the Defense Advanced Research Projects Agency (DARPA), the Pentagon's renowned innovation center, he helped to design early-warning systems for countering terrorism and other security crises. The technologies would sift through huge, disconnected databases for useful intelligence -- telltale events, names, or places that hinted at malicious intentions -- and then connect the pieces to predict an attack.
"I wondered if the intelligence community had ever considered the use of commercial airplanes as weapons by terrorists," Poindexter said. The signals were there, hiding in a sea of noise. At least 19 hijackers had crossed the border, used credit cards to buy plane tickets, made phone calls to associates, taken pilot training. They left digital footprints every step of the way.
Poindexter arrived at Syntek and found his co-workers huddled around a television. "The first tower had collapsed before I got there, and I watched as the second one came crashing down, in what seemed like slow motion," Poindexter said.
"I was discouraged," he continued. "We had not been able to gain acceptance by the intelligence community of the technologies and concepts that we had developed. It had been a long, slow process over the past six years." Poindexter's staff left for home. "I stayed most of the day, thinking about what needed to be done."
Some 30 miles away, at the headquarters of the National Security Agency in Fort Meade, Md., Michael Hayden, a 56-year-old Air Force lieutenant general and the agency's director, had been working for two hours when the first plane pierced the World Trade Center's North Tower. Almost immediately, submachine-gun-toting guards and bomb-sniffing dogs fanned out across the NSA campus, the nerve center of the most sophisticated electronic spying network ever devised.
As the planes struck their targets, Hayden ordered all non-essential workers to evacuate. He called his wife, Jeanine, asked her to find their three children and headed to the counter-terrorism center.
The agency's "CT shop" housed the experts and linguists who tracked terrorists' foreign communications. Lately, they had intercepted more than usual. The center's offices were located near the top floor of a high-rise.
On 9/11, "for obvious reasons, we had tried to move as many folks as possible into our adjacent lower buildings, but we really couldn't afford to move the counter-terrorism shop," Hayden told a 9/11 congressional inquiry in October 2002. Hayden found the CT staff "emotionally shattered" and crying, but "defiantly tacking up blackout curtains on their windows to mask their location."
Domestic terrorist attacks, though a surprise, were not altogether unanticipated after the 1993 bombing of the World Trade Center. But Hayden knew that on the all-important home front, the NSA was deaf. "Sadly, NSA had no [signals] suggesting that Al Qaeda was specifically targeting New York and Washington, D.C., or even that it was planning an attack on U.S. soil," Hayden told the inquiry. "Indeed, NSA had no knowledge before September 11 that any of the attackers were in the United States."
To avoid charges of domestic spying, the NSA could not monitor Americans inside the country and some foreigners here -- absent a court order. They didn't constitute "foreign-intelligence value," in agency parlance. As Hayden explained in January at the National Press Club, even if the NSA had known of the hijackers' presence, "[they] would have been presumed to have been protected persons, U.S. persons," and therefore of no foreign-intelligence value, he said, his voice tensing. The agency also struggled to keep up with the overwhelming amount of raw intelligence it received every day, most of which was not related to terrorism.
Hayden understood that the terrorists had hatched their plans in this country. They had communicated here, moved about publicly, and left signals. If other terrorists were here, Hayden wanted to find them. "The standard by which we decided ... what [information] was relevant and valuable, and therefore, what was reasonable [to collect], would understandably change, I think, as smoke billowed from two American cities and a Pennsylvania farm field. And we acted accordingly."
Poindexter and Hayden knew that the signals of a future attack dwelled in a sea of noise full of mostly innocent activities. To find the enemies among us, they'd have to look, and listen, everywhere. Over the next two years, Poindexter and Hayden would hunt for signals on the sea. Sometimes they crossed paths.
While Poindexter's and Hayden's journeys were ostensibly separate, they hoped to arrive at the same destination -- knowing what terrorists would do before they acted.
Hayden left the NSA in 2005, to become the second-in-command of all intelligence agencies, but his successor continued his efforts. Some thought Poindexter's trek was finished when, three years ago, Congress eliminated funding for his early-warning research, amid fierce criticism from privacy-rights groups and civil libertarians. But Poindexter's brainchild lives on, in pursuit of the same elusive goal, and one of its biggest patrons is none other than Hayden's old harbor, the NSA. Today, the two men's visions appear more intertwined than ever.
Setting Sail
On the morning of September 12, Poindexter called his friend Brian Sharkey, with whom he had worked on the early-warning systems. They lamented that they hadn't achieved their ultimate vision -- "total information awareness" of terrorist planning.
They decided to urge DARPA to back a full-fledged "TIA" system, as Poindexter called it, comprising the data-mining and analysis tools they had been designing, along with new ones. TIA would train its eyes not only on government databases but also on those caches of valuable, and presumably private, information where terrorists left their footprints, such as credit card purchases, e-mails, and plane and car rental reservations.
"We knew we must work fast and build a convincing case," Poindexter said in an interview. On October 15, 2001, he pitched his plan to DARPA's director, Tony Tether, comparing TIA to another pursuit of a war-ending weapon. Poindexter titled his presentation "A Manhattan Project for Counter-Terrorism."
The government had once harnessed the brightest minds to build the atom bomb. Now Poindexter wanted the sharpest computer scientists and terrorist experts to build an information weapon. He even suggested ensconcing TIA team members at a secret government facility, surrounded by high fences and concertina wire, to remind them of the seriousness, urgency, and sensitivity of their work.
Tether was impressed, and he said that if Poindexter returned to government and ran TIA, DARPA would fund it. Two months later, Poindexter became the director of the agency's Information Awareness Office and kicked off a slew of multimillion-dollar research projects. One of them was designed to create privacy protections so that TIA wouldn't ensnare anyone who wasn't a terrorist. Poindexter's original plan to make TIA classified was changed; making the program public helped to attract new ideas.
While Poindexter pitched DARPA, Hayden met with Bush administration officials about the NSA's role in a future war. The agency was monitoring communications among known or suspected terrorists, regardless of geographic location, under existing authority that allowed domestic surveillance as part of a terrorism investigation. But that authority would eventually expire.
Shortly after the 9/11 attacks, then-CIA Director George Tenet asked Hayden, "Is there anything more you can do?" In response, Hayden said at his recent nomination hearing to be CIA director, "I said, 'Not within my current authorities.' And [Tenet] invited me to come down and talk to the administration about what more could be done."
Hayden proposed monitoring terrorists' communications into and out of the United States indefinitely. Such a program would have to have specific boundaries, he testified. It would have to be "technologically possible," "operationally relevant" to the mission -- foiling or catching terrorists -- and "lawful."
The NSA "would work ... where all three of those [requirements] intersected," Hayden said. It wasn't the surveillance envisioned under the 1978 Foreign Intelligence Surveillance Act, Hayden conceded. This was "hot pursuit" of communications, a distinction that still isn't well understood, but one that Hayden said gave the NSA a faster way to find terrorist signals.
President Bush was impressed. Hayden "showed me the plans.... I said, 'That makes a lot of sense to me,' " Bush said in a speech in February. "I remember some of those phone calls coming out of California," where some of the 9/11 hijackers were living, "just thinking, maybe if we'd have listened to those on a quick-response basis, you know, it might have helped prevent the attacks." On October 4, 2001, the president issued an order "that laid out the underpinnings for what I described," Hayden said at his confirmation hearing. "The math was pretty straightforward. I could not not do this."
Joining Forces
Unbeknownst to each other, Poindexter and Hayden started rigging up separate efforts. In February 2002, Poindexter established a secure, classified computer network for testing analysis software and tools that might be worked into TIA. As the system came together, this experimental network would be the engineers' Bonneville Salt Flats, a place to test-drive the state of the art. If tools passed muster there, they might end up in the design Poindexter had in mind.
"If there was a vendor with some great gizmo, they'd have to go through an arduous one- or two-year process to get that accredited by an intelligence agency," said Robert Popp, who was the No. 2 TIA official and Poindexter's deputy. "That didn't fit our parameters. We wanted to kick around these various technologies to see their utility. The network could put it through that whole two-year process in a few months."
Since intelligence agencies would be some of the ultimate users of TIA, Poindexter wanted them involved. He already had good contacts from his earlier work as a contractor on early-warning systems. He invited agencies to participate in TIA experiments by establishing "nodes," desktop computers connected directly to the network and housed in the agencies' offices. No agency collected more raw, noisy intelligence than the NSA, which was desperate to find ways to interpret the signals. It would be a natural TIA user, and so in late 2002, Poindexter met with NSA officials, including Hayden, and encouraged them to consider his approach.
The NSA agreed to participate in the experiments, and started installing nodes on the TIA network in early 2003. Poindexter also invited the Defense Intelligence Agency, the CIA, and several military combatant commands and intelligence brigades. All of the agencies used real data in the experiments. And the network was designed to let them share their intelligence. They could merge and cross-check, all in a closed environment. In that sense, the network was more than a test bed. It was also an information exchange.
Hayden seemed reticent about TIA, according to people who were privy to the early experiments. He was loathe to be seen publicly supporting the program. That may have been because the NSA was pursuing its own Holy Grail of analysis, apart from Poindexter's work. Indeed, the NSA's effort went back some years but had largely failed.
In the late 1990s, the NSA considered a novel approach to intercepting huge amounts of e-mail and phone traffic as part of a project called ThinThread. According to The Baltimore Sun, which revealed the program's existence last month, "ThinThread's information-sorting system was viewed by some in the agency as a competitor to Trailblazer, a $1.2 billion program that was being developed with similar goals.
The NSA was committed to Trailblazer, which later ran into trouble and has been essentially abandoned." A component of ThinThread exists today and is part of the domestic surveillance program, but it is less sophisticated and has created "a subpar tool for sniffing out information," The Sun reported.
In September 2002, just before the NSA joined Poindexter's laboratory, the agency's primary research unit began another TIA-like quest. The Advanced Research and Development Activity (ARDA), housed at NSA headquarters, awarded $64 million in contracts for the Novel Intelligence From Massive Data program, which was, according to former government officials, a spin-off of work that Poindexter and his team had begun almost a year earlier. At least six of the contractors who worked on TIA also worked on the NSA's version. Hayden's ship, it seems, was watching Poindexter's closely.
Rise and Fall
By mid-2002, the NSA was already secretly collecting huge amounts of phone and Internet data, as part of the terrorism program that Bush authorized. The agency was keen on finding a way to manage it all, but had found no technologies that could meet its dual needs -- sustaining a massive influx of information, in real time, and locating meaningful signals in it -- said sources who knew of the problem.
According to two former government officials, the NSA tried using the data-sorting and analysis tools developed under TIA. The early results, however, were unspectacular. When NSA researchers matched their data against those experimental computer programs, the tools crashed under the strain, one of the former officials said. The researchers did not conduct the tests on the network itself, sources said, suggesting that the NSA took tools that the network developed and used them on its own, without the knowledge of Poindexter's staff.
Documents show that the TIA network participants have tested at least four dozen tools using real intelligence data. The documents don't indicate which tools the NSA or any other agency specifically examined, but they do show that the NSA tested its own, homegrown versions on the TIA network as well.
The NSA was one of biggest players on the TIA network, but not the only one. As months passed, more agencies joined, and some began using TIA for real intelligence operations.
For instance, in 2003 the Pentagon's Criminal Investigation Task Force, which was established to fuse law enforcement and intelligence techniques in fighting terrorism, was interrogating detainees at the U.S. military facility at Guantanamo Bay, Cuba. Stacks of interrogation reports piled up, and the interrogators struggled to make sense of the information they contained. Some detainees frequently mentioned the same names or places. Some detainees claimed to know each other. Others didn't. The interrogators turned to the TIA network to help sort out the hundreds of reports and potential leads.
"They provided the interrogation reports to analysts, and [the analysts], using several link-analysis tools provided by TIA, tried to discover interesting nonobvious relationships," Popp said. Link analysis detects connections between people through common associates or backgrounds, and creates web-like diagrams of the connections.
"The link-analysis tools showed the interrogators things that were not apparent to them -- very valuable, useful information that they could then use in follow-up interrogations." Popp said that the investigators also knew after they concluded their interrogations that some detainees were not terrorists, so those reports were used to create a sort of baseline for what a nonterrorist looked like. The tools could then be calibrated to disregard certain attributes and search for others that were salient, Popp said.
TIA made more data available to the network members. Poindexter's team built a database of simulated intelligence reports about terrorists, including fake accounts of their daily activities that left transactional footprints, so that members could see how well the tools worked on information that mirrored their own.
The TIA researchers nicknamed the database "Ali Baba," a former official said, after the fictional Arabian Nights character who opens a cave hiding fabulous treasures by uttering the words "Open Sesame." Today, troops in Iraq use "Ali Baba" as a slang catchall for insurgents and suspected terrorists.
The TIA network also added real databases of known or suspected terrorists, as well as the people, places, and activities that had been linked to them. These caches, known as "entity databases," were highly classified and were open to other agencies with nodes on the network, according to former TIA officials and documents on the program.
As critics were chastising intelligence agencies for not sharing enough information about terrorism before 9/11, the TIA network partners were actively swapping leads and finding ways to give one another access to their highly classified intelligence.
Poindexter set out an ambitious schedule to enlarge the network and build an eventual TIA system. Every three months, an experiment was aimed at a specific milestone, such as creating an entity database, finding new ways for analysts to collaborate, or testing tools that uncovered terrorist aliases and hidden links between groups. Each experiment period had a code name -- "Mistral," "Sirocco," "Rafale," "Noreaster." The nomenclature paid homage to Poindexter's passion: sailing. Each name is a type of wind.
The TIA network was quickly becoming the most active experiment of its kind. In the network's first year, the number of individual users at agencies increased more than 35 times, from seven to 250. By August 2003, the network had 23 nodes and 320 users.
And then, the bottom fell out.
TIA had come under intense scrutiny from lawmakers and privacy advocates in late 2002, when a series of news articles brought the program to the attention of national policy makers. One piece, by New York Times columnist William Safire, assailed the program as a "far-out Orwellian scenario." It seized on Poindexter's plan to look at databases of personal information as a potential intelligence source. Safire derided TIA as the ultimate snooping machine.
TIA's existence was never a secret, and technology journalists had written about the program. But the national media attention raised questions about just how far the Bush administration was willing to go in the war on terrorism.
Safire also reminded readers that Poindexter was the central figure in the Reagan administration's greatest scandal. Poindexter oversaw the secret sale of missiles to Iran, in exchange for American hostages, and then funneled the proceeds to the anti-communist Contras in Nicaragua. In 1990, he was convicted on multiple felony counts stemming from the affair; an appeals court overturned the convictions a year later. "This ring-knocking master of deceit is back again with a plan even more scandalous than Iran-Contra," Safire wrote.
Poindexter had feared his past would catch up with him and tar TIA, he said in interviews. After Safire's column ran, Defense Secretary Donald Rumsfeld barred Poindexter from speaking publicly. Lawmakers were outraged that the government had even proposed TIA, much less put a once-convicted felon in charge.
Poindexter continued his work, but late in July 2003, The Times revealed that his group was studying a futures market that would let terrorism analysts place bets on likely attacks. Although academics and economists praised the idea -- futures markets can accurately predict commodities prices, housing sales, and sometimes even elections -- it looked perverse when it was attached to Poindexter's shop. The Pentagon forced Poindexter to resign less than two weeks later.
Aggrieved lawmakers and civil libertarians declared victory in September, when Congress eliminated funding in the Defense Department budget for TIA. But they might have missed the fine print. Lawmakers allowed classified intelligence funds to be spent on a "program ... for processing, analysis, and collaboration tools for counter-terrorism foreign intelligence." The program was TIA. And it was about to move to a new home, at the headquarters of the NSA.
Inherit the Winds
As National Journal revealed in February, the NSA's Advanced Research and Development Activity took over TIA and carried on the experimental network in late 2003. ARDA continued vetting new tools and even kept the aggressive experiment schedule, still named after different winds, documents show.
But it discontinued some programs, most notably a multimillion-dollar effort to build privacy-protection technologies. ARDA also abandoned the effort to build audit trails in TIA, which would have permanently recorded any abuse by users.
The experimental network's name was changed from TIA, to erase any connection to its past. Today it's called the Research Development and Experimental Collaboration (RDEC, pronounced ARdeck). The NSA is the biggest player, with at least 15 nodes as of December 2004, according to official documents. "I think it's considerably more today," said a former government official knowledgeable about RDEC. A spokesman for the NSA said he had no information to provide about the network.
Popp, the former TIA deputy director, emphasized that he didn't know if the NSA is using RDEC directly for the domestic surveillance program. "NSA is a big place," he said.
However, some of the tools that TIA developed and experimented with, Popp said, "no question, are the same sorts of tools that the NSA eavesdropping program could possibly use -- meaningfully -- for analytical purposes, based on what's publicly known about it. This certainly seems plausible to me." Popp has recently co-edited a book on technologies for counter-terrorism, and legal and policy structures for implementing them.
"I would bet that the tools NSA is using today [as part of the domestic program] are not the ones they started out with," said a former government official who was close to TIA and the NSA.
RDEC could enhance the domestic surveillance program if the NSA used it as an information-sharing device, to cross-check names and events with other agencies and firm up links, former officials said. In January, The Washington Post reported that the NSA shared information obtained from the domestic program with other agencies, including the Defense Intelligence Agency and the Counterintelligence Field Activity, a Pentagon counter-terrorism group that has collected information about war protesters near military facilities. Both agencies have nodes on RDEC.
The Defense Intelligence Agency, which like the NSA is overseen by the Pentagon, is one of the largest RDEC users. In an interview, Lewis Shepherd, the chief of the agency's Requirements and Research Group, said that RDEC is "the most successful attempt at bringing together a wide variety of analysts and agencies to work and think outside of the box collaboratively," specifically on counter-terrorism. "[It] opens access to a variety of data sources to different tools that haven't been able to access that data."
For example, RDEC lets analysts conduct repeated keyword searches on many different data streams, Shepherd said. It "sparks out-of-the-box innovation in how we do information-sharing."
Asked to elaborate on that innovation, Shepherd said, "It's all classified." But he offered the NSA as a general example. The agency's analysts are well trained in working with electronic signals, but they don't have much history in using other sources, such as satellite photos. RDEC lets NSA analysts, and others, "refine" the way they do their work, Shepherd said.
The former government official who was close to TIA and the NSA said it was "conceivable" that the NSA would use the RDEC to share information from the domestic program with other agencies. "It's a very good forum for doing that," the former official said.
Legacy
On October 6, 2001, two days after Bush cleared Hayden to turn the NSA's ears inward, Hayden met with about 80 agency employees in a large conference room. They became the workforce of the secret program, and Hayden told them what they were allowed to do. "I was explaining what the president had authorized," Hayden recalled at his CIA nomination hearing. "And I ended up by saying, 'And we're going to do exactly what he said and not one photon or one electron more.' And I think that's what we've done."
Hayden had set boundaries -- what was technologically possible, relevant, and lawful. But he has vowed that the NSA will live on the edge of those boundaries. A great fan of sports analogies, Hayden has said in private and public gatherings that for years the NSA played defense against its adversaries. A legal line of scrimmage kept the agency from tackling terrorists inside the country.
But after 9/11, the lines of play were redrawn. The NSA would go right up to the boundaries. "My spikes will have chalk on them," Hayden reportedly told one group when describing the NSA's new game plan. He was clear: "We're pretty aggressive within the law. As a professional, I'm troubled if I'm not using the full authority allowed by law."
Poindexter also thought that 9/11 clarified his purpose. "The attacks brought ... the war to our home," he wrote in his resignation letter in 2003. "After ... 9/11, I felt compelled to do what I could to make sure that never happened again." No one had done enough on 9/10 to stop the next day's horrors. Poindexter and Hayden wouldn't make the same mistake twice.
Poindexter is gone from government, but he still maintains contacts within the intelligence community and exerts a quiet influence. Hayden left the NSA in April 2005 to become the first deputy director of national intelligence. From that office, he oversaw all intelligence activities. Later this year, the office will take over management of the Advanced Research and Development Activity, which runs RDEC. Hayden took over as CIA director in May.
Although they've moved on, Poindexter and Hayden have left a wide wake. Whether or not Poindexter's masterwork has become the centerpiece of Hayden's terrorist hunt, their sails were cut from the same cloth. Their goals were the same. The former official who was close to TIA and the NSA thinks that Hayden didn't want to be associated with Poindexter, either publicly or in government, given his controversial nature.
"I think that Hayden was concerned that [Poindexter's] research was going to call attention, and that would eventually lead people to ask questions about what NSA was doing," the former official said. When TIA was ensnared in controversy, Hayden stayed quiet about the NSA's involvement.
But Hayden was watching, and following the admiral's lead, the former official thinks. Today, what the NSA is known to be doing looks enough like TIA to suggest that Poindexter inspired Hayden and his team. "It's clear to me now, in hindsight, why Hayden really was so unwilling to publicly acknowledge TIA," the former official said. "It's because Hayden was doing many of the things Poindexter did."
Published in National Journal.
Friday, June 16, 2006
People like to say that the world changed on 9/11. That it became a more confusing place. But for two men, as buildings and bodies burned, the world became much clearer.
On the morning of September 11, 2001, John Poindexter, a 65-year-old retired rear admiral and President Reagan's onetime national security adviser, was driving to his office at a technology firm in Arlington, Va. He was 5 miles north of the Pentagon.
Poindexter's wife, Linda, rang his cellphone. Airplanes had flown into the twin towers in New York City, and one just crashed into the Pentagon, she said. "But Mark is OK. He wasn't in the building." Mark, one of the Poindexters' five sons, was a commander on the chief of naval operations' staff. His offices sat where the plane crashed, but most of the staff had cleared out earlier to accommodate Pentagon renovations.
"First, I was relieved that Mark was not in the building," Poindexter recalled in interviews in 2004. "Next, I realized this was a well-coordinated attack of the type that we had been working to prevent."
Poindexter was the senior vice president at Syntek Technologies. Under contract with the Defense Advanced Research Projects Agency (DARPA), the Pentagon's renowned innovation center, he helped to design early-warning systems for countering terrorism and other security crises. The technologies would sift through huge, disconnected databases for useful intelligence -- telltale events, names, or places that hinted at malicious intentions -- and then connect the pieces to predict an attack.
"I wondered if the intelligence community had ever considered the use of commercial airplanes as weapons by terrorists," Poindexter said. The signals were there, hiding in a sea of noise. At least 19 hijackers had crossed the border, used credit cards to buy plane tickets, made phone calls to associates, taken pilot training. They left digital footprints every step of the way.
Poindexter arrived at Syntek and found his co-workers huddled around a television. "The first tower had collapsed before I got there, and I watched as the second one came crashing down, in what seemed like slow motion," Poindexter said.
"I was discouraged," he continued. "We had not been able to gain acceptance by the intelligence community of the technologies and concepts that we had developed. It had been a long, slow process over the past six years." Poindexter's staff left for home. "I stayed most of the day, thinking about what needed to be done."
Some 30 miles away, at the headquarters of the National Security Agency in Fort Meade, Md., Michael Hayden, a 56-year-old Air Force lieutenant general and the agency's director, had been working for two hours when the first plane pierced the World Trade Center's North Tower. Almost immediately, submachine-gun-toting guards and bomb-sniffing dogs fanned out across the NSA campus, the nerve center of the most sophisticated electronic spying network ever devised.
As the planes struck their targets, Hayden ordered all non-essential workers to evacuate. He called his wife, Jeanine, asked her to find their three children and headed to the counter-terrorism center.
The agency's "CT shop" housed the experts and linguists who tracked terrorists' foreign communications. Lately, they had intercepted more than usual. The center's offices were located near the top floor of a high-rise.
On 9/11, "for obvious reasons, we had tried to move as many folks as possible into our adjacent lower buildings, but we really couldn't afford to move the counter-terrorism shop," Hayden told a 9/11 congressional inquiry in October 2002. Hayden found the CT staff "emotionally shattered" and crying, but "defiantly tacking up blackout curtains on their windows to mask their location."
Domestic terrorist attacks, though a surprise, were not altogether unanticipated after the 1993 bombing of the World Trade Center. But Hayden knew that on the all-important home front, the NSA was deaf. "Sadly, NSA had no [signals] suggesting that Al Qaeda was specifically targeting New York and Washington, D.C., or even that it was planning an attack on U.S. soil," Hayden told the inquiry. "Indeed, NSA had no knowledge before September 11 that any of the attackers were in the United States."
To avoid charges of domestic spying, the NSA could not monitor Americans inside the country and some foreigners here -- absent a court order. They didn't constitute "foreign-intelligence value," in agency parlance. As Hayden explained in January at the National Press Club, even if the NSA had known of the hijackers' presence, "[they] would have been presumed to have been protected persons, U.S. persons," and therefore of no foreign-intelligence value, he said, his voice tensing. The agency also struggled to keep up with the overwhelming amount of raw intelligence it received every day, most of which was not related to terrorism.
Hayden understood that the terrorists had hatched their plans in this country. They had communicated here, moved about publicly, and left signals. If other terrorists were here, Hayden wanted to find them. "The standard by which we decided ... what [information] was relevant and valuable, and therefore, what was reasonable [to collect], would understandably change, I think, as smoke billowed from two American cities and a Pennsylvania farm field. And we acted accordingly."
Poindexter and Hayden knew that the signals of a future attack dwelled in a sea of noise full of mostly innocent activities. To find the enemies among us, they'd have to look, and listen, everywhere. Over the next two years, Poindexter and Hayden would hunt for signals on the sea. Sometimes they crossed paths.
While Poindexter's and Hayden's journeys were ostensibly separate, they hoped to arrive at the same destination -- knowing what terrorists would do before they acted.
Hayden left the NSA in 2005, to become the second-in-command of all intelligence agencies, but his successor continued his efforts. Some thought Poindexter's trek was finished when, three years ago, Congress eliminated funding for his early-warning research, amid fierce criticism from privacy-rights groups and civil libertarians. But Poindexter's brainchild lives on, in pursuit of the same elusive goal, and one of its biggest patrons is none other than Hayden's old harbor, the NSA. Today, the two men's visions appear more intertwined than ever.
Setting Sail
On the morning of September 12, Poindexter called his friend Brian Sharkey, with whom he had worked on the early-warning systems. They lamented that they hadn't achieved their ultimate vision -- "total information awareness" of terrorist planning.
They decided to urge DARPA to back a full-fledged "TIA" system, as Poindexter called it, comprising the data-mining and analysis tools they had been designing, along with new ones. TIA would train its eyes not only on government databases but also on those caches of valuable, and presumably private, information where terrorists left their footprints, such as credit card purchases, e-mails, and plane and car rental reservations.
"We knew we must work fast and build a convincing case," Poindexter said in an interview. On October 15, 2001, he pitched his plan to DARPA's director, Tony Tether, comparing TIA to another pursuit of a war-ending weapon. Poindexter titled his presentation "A Manhattan Project for Counter-Terrorism."
The government had once harnessed the brightest minds to build the atom bomb. Now Poindexter wanted the sharpest computer scientists and terrorist experts to build an information weapon. He even suggested ensconcing TIA team members at a secret government facility, surrounded by high fences and concertina wire, to remind them of the seriousness, urgency, and sensitivity of their work.
Tether was impressed, and he said that if Poindexter returned to government and ran TIA, DARPA would fund it. Two months later, Poindexter became the director of the agency's Information Awareness Office and kicked off a slew of multimillion-dollar research projects. One of them was designed to create privacy protections so that TIA wouldn't ensnare anyone who wasn't a terrorist. Poindexter's original plan to make TIA classified was changed; making the program public helped to attract new ideas.
While Poindexter pitched DARPA, Hayden met with Bush administration officials about the NSA's role in a future war. The agency was monitoring communications among known or suspected terrorists, regardless of geographic location, under existing authority that allowed domestic surveillance as part of a terrorism investigation. But that authority would eventually expire.
Shortly after the 9/11 attacks, then-CIA Director George Tenet asked Hayden, "Is there anything more you can do?" In response, Hayden said at his recent nomination hearing to be CIA director, "I said, 'Not within my current authorities.' And [Tenet] invited me to come down and talk to the administration about what more could be done."
Hayden proposed monitoring terrorists' communications into and out of the United States indefinitely. Such a program would have to have specific boundaries, he testified. It would have to be "technologically possible," "operationally relevant" to the mission -- foiling or catching terrorists -- and "lawful."
The NSA "would work ... where all three of those [requirements] intersected," Hayden said. It wasn't the surveillance envisioned under the 1978 Foreign Intelligence Surveillance Act, Hayden conceded. This was "hot pursuit" of communications, a distinction that still isn't well understood, but one that Hayden said gave the NSA a faster way to find terrorist signals.
President Bush was impressed. Hayden "showed me the plans.... I said, 'That makes a lot of sense to me,' " Bush said in a speech in February. "I remember some of those phone calls coming out of California," where some of the 9/11 hijackers were living, "just thinking, maybe if we'd have listened to those on a quick-response basis, you know, it might have helped prevent the attacks." On October 4, 2001, the president issued an order "that laid out the underpinnings for what I described," Hayden said at his confirmation hearing. "The math was pretty straightforward. I could not not do this."
Joining Forces
Unbeknownst to each other, Poindexter and Hayden started rigging up separate efforts. In February 2002, Poindexter established a secure, classified computer network for testing analysis software and tools that might be worked into TIA. As the system came together, this experimental network would be the engineers' Bonneville Salt Flats, a place to test-drive the state of the art. If tools passed muster there, they might end up in the design Poindexter had in mind.
"If there was a vendor with some great gizmo, they'd have to go through an arduous one- or two-year process to get that accredited by an intelligence agency," said Robert Popp, who was the No. 2 TIA official and Poindexter's deputy. "That didn't fit our parameters. We wanted to kick around these various technologies to see their utility. The network could put it through that whole two-year process in a few months."
Since intelligence agencies would be some of the ultimate users of TIA, Poindexter wanted them involved. He already had good contacts from his earlier work as a contractor on early-warning systems. He invited agencies to participate in TIA experiments by establishing "nodes," desktop computers connected directly to the network and housed in the agencies' offices. No agency collected more raw, noisy intelligence than the NSA, which was desperate to find ways to interpret the signals. It would be a natural TIA user, and so in late 2002, Poindexter met with NSA officials, including Hayden, and encouraged them to consider his approach.
The NSA agreed to participate in the experiments, and started installing nodes on the TIA network in early 2003. Poindexter also invited the Defense Intelligence Agency, the CIA, and several military combatant commands and intelligence brigades. All of the agencies used real data in the experiments. And the network was designed to let them share their intelligence. They could merge and cross-check, all in a closed environment. In that sense, the network was more than a test bed. It was also an information exchange.
Hayden seemed reticent about TIA, according to people who were privy to the early experiments. He was loathe to be seen publicly supporting the program. That may have been because the NSA was pursuing its own Holy Grail of analysis, apart from Poindexter's work. Indeed, the NSA's effort went back some years but had largely failed.
In the late 1990s, the NSA considered a novel approach to intercepting huge amounts of e-mail and phone traffic as part of a project called ThinThread. According to The Baltimore Sun, which revealed the program's existence last month, "ThinThread's information-sorting system was viewed by some in the agency as a competitor to Trailblazer, a $1.2 billion program that was being developed with similar goals.
The NSA was committed to Trailblazer, which later ran into trouble and has been essentially abandoned." A component of ThinThread exists today and is part of the domestic surveillance program, but it is less sophisticated and has created "a subpar tool for sniffing out information," The Sun reported.
In September 2002, just before the NSA joined Poindexter's laboratory, the agency's primary research unit began another TIA-like quest. The Advanced Research and Development Activity (ARDA), housed at NSA headquarters, awarded $64 million in contracts for the Novel Intelligence From Massive Data program, which was, according to former government officials, a spin-off of work that Poindexter and his team had begun almost a year earlier. At least six of the contractors who worked on TIA also worked on the NSA's version. Hayden's ship, it seems, was watching Poindexter's closely.
Rise and Fall
By mid-2002, the NSA was already secretly collecting huge amounts of phone and Internet data, as part of the terrorism program that Bush authorized. The agency was keen on finding a way to manage it all, but had found no technologies that could meet its dual needs -- sustaining a massive influx of information, in real time, and locating meaningful signals in it -- said sources who knew of the problem.
According to two former government officials, the NSA tried using the data-sorting and analysis tools developed under TIA. The early results, however, were unspectacular. When NSA researchers matched their data against those experimental computer programs, the tools crashed under the strain, one of the former officials said. The researchers did not conduct the tests on the network itself, sources said, suggesting that the NSA took tools that the network developed and used them on its own, without the knowledge of Poindexter's staff.
Documents show that the TIA network participants have tested at least four dozen tools using real intelligence data. The documents don't indicate which tools the NSA or any other agency specifically examined, but they do show that the NSA tested its own, homegrown versions on the TIA network as well.
The NSA was one of biggest players on the TIA network, but not the only one. As months passed, more agencies joined, and some began using TIA for real intelligence operations.
For instance, in 2003 the Pentagon's Criminal Investigation Task Force, which was established to fuse law enforcement and intelligence techniques in fighting terrorism, was interrogating detainees at the U.S. military facility at Guantanamo Bay, Cuba. Stacks of interrogation reports piled up, and the interrogators struggled to make sense of the information they contained. Some detainees frequently mentioned the same names or places. Some detainees claimed to know each other. Others didn't. The interrogators turned to the TIA network to help sort out the hundreds of reports and potential leads.
"They provided the interrogation reports to analysts, and [the analysts], using several link-analysis tools provided by TIA, tried to discover interesting nonobvious relationships," Popp said. Link analysis detects connections between people through common associates or backgrounds, and creates web-like diagrams of the connections.
"The link-analysis tools showed the interrogators things that were not apparent to them -- very valuable, useful information that they could then use in follow-up interrogations." Popp said that the investigators also knew after they concluded their interrogations that some detainees were not terrorists, so those reports were used to create a sort of baseline for what a nonterrorist looked like. The tools could then be calibrated to disregard certain attributes and search for others that were salient, Popp said.
TIA made more data available to the network members. Poindexter's team built a database of simulated intelligence reports about terrorists, including fake accounts of their daily activities that left transactional footprints, so that members could see how well the tools worked on information that mirrored their own.
The TIA researchers nicknamed the database "Ali Baba," a former official said, after the fictional Arabian Nights character who opens a cave hiding fabulous treasures by uttering the words "Open Sesame." Today, troops in Iraq use "Ali Baba" as a slang catchall for insurgents and suspected terrorists.
The TIA network also added real databases of known or suspected terrorists, as well as the people, places, and activities that had been linked to them. These caches, known as "entity databases," were highly classified and were open to other agencies with nodes on the network, according to former TIA officials and documents on the program.
As critics were chastising intelligence agencies for not sharing enough information about terrorism before 9/11, the TIA network partners were actively swapping leads and finding ways to give one another access to their highly classified intelligence.
Poindexter set out an ambitious schedule to enlarge the network and build an eventual TIA system. Every three months, an experiment was aimed at a specific milestone, such as creating an entity database, finding new ways for analysts to collaborate, or testing tools that uncovered terrorist aliases and hidden links between groups. Each experiment period had a code name -- "Mistral," "Sirocco," "Rafale," "Noreaster." The nomenclature paid homage to Poindexter's passion: sailing. Each name is a type of wind.
The TIA network was quickly becoming the most active experiment of its kind. In the network's first year, the number of individual users at agencies increased more than 35 times, from seven to 250. By August 2003, the network had 23 nodes and 320 users.
And then, the bottom fell out.
TIA had come under intense scrutiny from lawmakers and privacy advocates in late 2002, when a series of news articles brought the program to the attention of national policy makers. One piece, by New York Times columnist William Safire, assailed the program as a "far-out Orwellian scenario." It seized on Poindexter's plan to look at databases of personal information as a potential intelligence source. Safire derided TIA as the ultimate snooping machine.
TIA's existence was never a secret, and technology journalists had written about the program. But the national media attention raised questions about just how far the Bush administration was willing to go in the war on terrorism.
Safire also reminded readers that Poindexter was the central figure in the Reagan administration's greatest scandal. Poindexter oversaw the secret sale of missiles to Iran, in exchange for American hostages, and then funneled the proceeds to the anti-communist Contras in Nicaragua. In 1990, he was convicted on multiple felony counts stemming from the affair; an appeals court overturned the convictions a year later. "This ring-knocking master of deceit is back again with a plan even more scandalous than Iran-Contra," Safire wrote.
Poindexter had feared his past would catch up with him and tar TIA, he said in interviews. After Safire's column ran, Defense Secretary Donald Rumsfeld barred Poindexter from speaking publicly. Lawmakers were outraged that the government had even proposed TIA, much less put a once-convicted felon in charge.
Poindexter continued his work, but late in July 2003, The Times revealed that his group was studying a futures market that would let terrorism analysts place bets on likely attacks. Although academics and economists praised the idea -- futures markets can accurately predict commodities prices, housing sales, and sometimes even elections -- it looked perverse when it was attached to Poindexter's shop. The Pentagon forced Poindexter to resign less than two weeks later.
Aggrieved lawmakers and civil libertarians declared victory in September, when Congress eliminated funding in the Defense Department budget for TIA. But they might have missed the fine print. Lawmakers allowed classified intelligence funds to be spent on a "program ... for processing, analysis, and collaboration tools for counter-terrorism foreign intelligence." The program was TIA. And it was about to move to a new home, at the headquarters of the NSA.
Inherit the Winds
As National Journal revealed in February, the NSA's Advanced Research and Development Activity took over TIA and carried on the experimental network in late 2003. ARDA continued vetting new tools and even kept the aggressive experiment schedule, still named after different winds, documents show.
But it discontinued some programs, most notably a multimillion-dollar effort to build privacy-protection technologies. ARDA also abandoned the effort to build audit trails in TIA, which would have permanently recorded any abuse by users.
The experimental network's name was changed from TIA, to erase any connection to its past. Today it's called the Research Development and Experimental Collaboration (RDEC, pronounced ARdeck). The NSA is the biggest player, with at least 15 nodes as of December 2004, according to official documents. "I think it's considerably more today," said a former government official knowledgeable about RDEC. A spokesman for the NSA said he had no information to provide about the network.
Popp, the former TIA deputy director, emphasized that he didn't know if the NSA is using RDEC directly for the domestic surveillance program. "NSA is a big place," he said.
However, some of the tools that TIA developed and experimented with, Popp said, "no question, are the same sorts of tools that the NSA eavesdropping program could possibly use -- meaningfully -- for analytical purposes, based on what's publicly known about it. This certainly seems plausible to me." Popp has recently co-edited a book on technologies for counter-terrorism, and legal and policy structures for implementing them.
"I would bet that the tools NSA is using today [as part of the domestic program] are not the ones they started out with," said a former government official who was close to TIA and the NSA.
RDEC could enhance the domestic surveillance program if the NSA used it as an information-sharing device, to cross-check names and events with other agencies and firm up links, former officials said. In January, The Washington Post reported that the NSA shared information obtained from the domestic program with other agencies, including the Defense Intelligence Agency and the Counterintelligence Field Activity, a Pentagon counter-terrorism group that has collected information about war protesters near military facilities. Both agencies have nodes on RDEC.
The Defense Intelligence Agency, which like the NSA is overseen by the Pentagon, is one of the largest RDEC users. In an interview, Lewis Shepherd, the chief of the agency's Requirements and Research Group, said that RDEC is "the most successful attempt at bringing together a wide variety of analysts and agencies to work and think outside of the box collaboratively," specifically on counter-terrorism. "[It] opens access to a variety of data sources to different tools that haven't been able to access that data."
For example, RDEC lets analysts conduct repeated keyword searches on many different data streams, Shepherd said. It "sparks out-of-the-box innovation in how we do information-sharing."
Asked to elaborate on that innovation, Shepherd said, "It's all classified." But he offered the NSA as a general example. The agency's analysts are well trained in working with electronic signals, but they don't have much history in using other sources, such as satellite photos. RDEC lets NSA analysts, and others, "refine" the way they do their work, Shepherd said.
The former government official who was close to TIA and the NSA said it was "conceivable" that the NSA would use the RDEC to share information from the domestic program with other agencies. "It's a very good forum for doing that," the former official said.
Legacy
On October 6, 2001, two days after Bush cleared Hayden to turn the NSA's ears inward, Hayden met with about 80 agency employees in a large conference room. They became the workforce of the secret program, and Hayden told them what they were allowed to do. "I was explaining what the president had authorized," Hayden recalled at his CIA nomination hearing. "And I ended up by saying, 'And we're going to do exactly what he said and not one photon or one electron more.' And I think that's what we've done."
Hayden had set boundaries -- what was technologically possible, relevant, and lawful. But he has vowed that the NSA will live on the edge of those boundaries. A great fan of sports analogies, Hayden has said in private and public gatherings that for years the NSA played defense against its adversaries. A legal line of scrimmage kept the agency from tackling terrorists inside the country.
But after 9/11, the lines of play were redrawn. The NSA would go right up to the boundaries. "My spikes will have chalk on them," Hayden reportedly told one group when describing the NSA's new game plan. He was clear: "We're pretty aggressive within the law. As a professional, I'm troubled if I'm not using the full authority allowed by law."
Poindexter also thought that 9/11 clarified his purpose. "The attacks brought ... the war to our home," he wrote in his resignation letter in 2003. "After ... 9/11, I felt compelled to do what I could to make sure that never happened again." No one had done enough on 9/10 to stop the next day's horrors. Poindexter and Hayden wouldn't make the same mistake twice.
Poindexter is gone from government, but he still maintains contacts within the intelligence community and exerts a quiet influence. Hayden left the NSA in April 2005 to become the first deputy director of national intelligence. From that office, he oversaw all intelligence activities. Later this year, the office will take over management of the Advanced Research and Development Activity, which runs RDEC. Hayden took over as CIA director in May.
Although they've moved on, Poindexter and Hayden have left a wide wake. Whether or not Poindexter's masterwork has become the centerpiece of Hayden's terrorist hunt, their sails were cut from the same cloth. Their goals were the same. The former official who was close to TIA and the NSA thinks that Hayden didn't want to be associated with Poindexter, either publicly or in government, given his controversial nature.
"I think that Hayden was concerned that [Poindexter's] research was going to call attention, and that would eventually lead people to ask questions about what NSA was doing," the former official said. When TIA was ensnared in controversy, Hayden stayed quiet about the NSA's involvement.
But Hayden was watching, and following the admiral's lead, the former official thinks. Today, what the NSA is known to be doing looks enough like TIA to suggest that Poindexter inspired Hayden and his team. "It's clear to me now, in hindsight, why Hayden really was so unwilling to publicly acknowledge TIA," the former official said. "It's because Hayden was doing many of the things Poindexter did."
Published in National Journal.
Labels: Intelligence, National Security Agency, Technology, Terrorism, Total Information Awareness
Full Article
More than Meets the Ear
Friday, March 17, 2006
The National Security Agency's warantless surveillance program is broader than officials have described.
The Bush administration has assiduously avoided any talk about the actual workings of its program to intercept the phone calls and e-mails of people in the United States who are suspected of having links to terrorists abroad. Officials' unwavering script goes like this: Present the legal justifications for the president to authorize domestic electronic surveillance without warrants, but say nothing about how the National Security Agency actually does it -- or about what else the agency might be doing.
But when Attorney General Alberto Gonzales appeared before the Senate Judiciary Committee on February 6 to answer questions about the program, what he didn't say pulled back the curtain on how the NSA decides which calls and e-mails to monitor. The agency bases those decisions on a broad and less focused surveillance than officials have publicly described, a surveillance that may, or may not, be legal.
In a hearing that lasted more than eight hours, Gonzales, who didn't testify under oath, dutifully batted away senators' inquiries about "operational details" and stayed silent, under determined questioning by some Democrats, about other warrantless programs that the president might have secretly authorized. When the hearing finally ended, so did Gonzales's comments on the program.
Until 22 days later. On February 28, Gonzales sent committee Chairman Arlen Specter, R-Pa., a six-page letter, partly to respond to questions he was unprepared to answer at the hearing, but also "to clarify certain of my responses" in the earlier testimony. In the letter, Gonzales took pains to correct any "misimpressions" that he might have created about whether the Justice Department had assessed the legality of intercepting purely domestic communications, for example, as opposed to those covered by the NSA program, in which one party is outside the United States. The attorney general didn't say that Justice had contemplated the legality of purely domestic eavesdropping without a warrant, but he also didn't say it hadn't.
Gonzales's letter was intriguing for what else it didn't say, especially on one point: With exacting language, he narrowed the scope of his comments to address only "questions relating to the specific NSA activities that have been publicly confirmed by the president." Then, as if to avoid any confusion, Gonzales added, "Those activities involve the interception by the NSA of the contents of communications" involving suspected terrorists and people in the United States.
Slightly, and with a single word, Gonzales was tipping his hand. The content of electronic communications is usually considered to be the spoken words of a phone call or the written words in an electronic message. The term does not include the wealth of so-called transactional data that accompany every communication: a phone number, and what calls were placed to and from that number; the time a call was placed; whether the call was answered and how long it lasted, down to the second; the time and date that an e-mail message was sent, as well as its unique address and routing path, which reveals the location of the computer that sent it and, presumably, the author.
Considering that terrorists often talk and write in code, the transactional data of a communication, properly exploited, could yield more valuable intelligence than the content itself. "You will get a very full picture of a person's associations and their patterns of activity," said Jim Dempsey, the policy director of the Center for Democracy and Technology, an electronic-privacy advocacy group. "You'll know who they're talking to, when they're talking, how long, how frequently.... It's a lot [of information]. I mean, a lot."
According to sources who are familiar with the details of what the White House calls the "terrorist surveillance program," and who asked to remain anonymous because the program is still classified, analyzing transactional data is one of the first and most important steps the agency takes in deciding which phone calls to listen to and which electronic messages to read. Far from the limited or targeted surveillance that Gonzales, President Bush, and intelligence officials have described, this traffic analysis examines thousands, perhaps hundreds of thousands, of individuals, because nearly every phone number and nearly every e-mail address is connected to a person.
Patterns in the Sea
Analysis of telephone traffic patterns helps analysts and investigators spot relationships among people that aren't always obvious. For instance, imagine that a man in Portland, Ore., receives a call from someone at a pay phone in Brooklyn, N.Y., every Tuesday at 9 a.m. Also every Tuesday, but minutes earlier, the pay phone caller rings up a man in Miami. An investigator might look at that pattern and suspect that the men in Portland and Miami are communicating through the Brooklyn caller, who's acting as a kind of courier, to mask their relationship. Patterns like this have led criminal investigators into the inner workings of drug cartels and have proved vital in breaking these cartels up.
Terrorists employ similar masking techniques. They use go-betweens to circuitously route calls, and they change cellphones often to avoid detection. Transactional data, however, capture those behaviors. If NSA analysts -- or their computers -- can find these patterns or signatures, then they might find the terrorists, or at least know which ones they should monitor.
Just after 9/11, according to knowledgeable sources, the NSA began intercepting the communications of specific foreign persons and groups named on a list. The sources didn't specify whether persons inside the United States were monitored as part of that list. But a former government official who is knowledgeable about NSA activities and the warrantless surveillance program said that this original list of people and groups, or others like it, could have formed the base of the NSA's surveillance of transactional data, the parts of a communication that aren't considered content.
If the agency started with a list of phone numbers, it could find all the numbers dialed from those phones. The NSA could then learn what numbers were called from that second list of numbers, and what calls that list received, and so on, "pushing out" the lists until the agency had identified a vast network of callers and their transactional data, the former official said. The agency might eavesdrop on only a few conversations or e-mails. But starting with even an initial target list of, say, 10 phone numbers quickly yields a web of hundreds of thousands of communications, because the volume increases exponentially with every new layer of callers.
To find meaningful patterns in transactional data, analysts need a lot of it. They must set baselines about what constitutes "normal" behavior versus "suspicious" activity. Administration officials have said that the NSA doesn't intercept the contents of a communication unless officials have a "reasonable" basis to conclude that at least one party is linked to a terrorist organization. To make any reasonable determination like that, the agency needs hundreds of thousands, or even millions, of call records, preferably as soon as they are created, said a senior person in the defense industry who is familiar with the NSA program and is an expert in the analytical tools used to find patterns and connections. Asked if this means that the NSA program is much broader and less targeted than administration officials have described, the expert replied, "I think that's correct."
In theory, finding reasonable connections in data is a straightforward and largely automated process. Analysts use computer programs based on algorithms -- mathematical procedures for solving a particular problem -- much the same way that meteorologists use data models to forecast the weather. Counter-terrorism algorithms look for the transactional indicators that match what analysts recognize as signs of a plot.
Of course, those algorithms must be sophisticated enough to spot many not-so-obvious patterns in a mass of data that are mostly uninteresting, and they work best when the data come from many sources. Algorithms have proven useful for detecting frequent criminal activity, such as credit card fraud. "Historical data clearly indicate that if a credit card turns up in two cities on two continents on the same day, that's a useful pattern," says Jeff Jonas, a computer scientist who invented a technology to connect known scam artists who are on casinos' watch lists with new potential grifters, and is now the chief scientist of IBM Entity Analytics. "The challenge of predicting terrorism is that unlike fraud, we don't have the same volume of historical data to learn from," Jonas said. "Compounding this is the fact that terrorists are constantly changing their methods and do their best to avoid leaving any digital footprints in the first place."
The obvious solution would be to write an algorithm that is flexible and fast enough to weigh millions of pieces of evidence, including exculpatory ones, against each other. But according to technology experts, and even the NSA's own stated research accomplishments, that technology has not been perfected.
The Bleeding Edge
The NSA began soon after the 9/11 terrorist attacks to collect transactional data from telecommunications companies. Several telecom executives said in press accounts that their companies gave the NSA access to their switches, the terminals that handle most of the country's electronic traffic. One executive told National Journal that NSA officials urged him to hand over his company's call logs. When he resisted, the officials implied that most of his competitors had acceded to the agency's request.
Not long after the surveillance program started, in October 2001, the NSA began looking for new tools to mine the telecom data. The agency, the industry expert said, considered some that the Defense Department's Total Information Awareness program was developing. TIA was an ambitious and controversial experiment to find patterns of terrorist activity in a much broader range of transactions than just telephone data. But NSA officials rejected the TIA tools because they were "too brittle," the expert said, meaning that they failed to manage the torrent of data that the NSA wanted to analyze. He noted the irony of rejecting the TIA technologies -- which privacy advocates had characterized as huge, all-seeing, digital dragnets -- because they couldn't handle the size of the NSA's load.
In the fall of 2002, a federal research-and-development agency that builds technologies primarily for the NSA launched another search for pattern-detection solutions. The Advanced Research and Development Activity, ARDA, issued $64 million in contracts for the Novel Intelligence for Massive Data, or NIMD, program. Its goal was "to help analysts deal with information overload, detect early indicators of strategic surprise, and avoid analytic errors," according to ARDA's public call for proposals released last year. In essence, NIMD is an early-warning system, which is how the administration has described the terrorist surveillance program. In 2003, ARDA also took over research of the tools being developed under TIA.
While the NSA was searching for the next generation of data-sifters, it continued to rely on less sophisticated tools. For an example, the former government official who spoke to NJ cited applications that organize data into broad categories, allowing analysts to see some relationships but obscuring some of the nuance in the underlying information. The results of this kind of category analysis can be displayed on a graph. But the graph might reveal only how many times a particular word appears in a conversation, not necessarily the significance of the word or how it relates to other words. Technologists sarcastically call these diagrams BAGs -- big-ass graphs.
Such was the state of affairs when the NSA started looking for terrorist patterns in a telephonic ocean. So, instead of looking for a tool that could cull through the data, the agency decided to "reverse" the process, starting with the data set and working backward, looking for algorithms that could work with it.
The NSA has made some breakthroughs, the industry expert said, but its solution relies in part on a technological "trick," which he wouldn't disclose. Another data-mining expert, who also asked not to be identified because the NSA's work is classified, said that computer engineers probably started with the telecom companies' call data, looked for patterns, and then wrote algorithms to detect them as they went along, tweaking the algorithms as needed.
Such an ad hoc approach is brittle in its own right. For starters, if analysts are working with algorithms designed to detect only certain patterns, they could be missing others, the technology expert said. At the same time, the more dependent the algorithms are on identifying very specific patterns of behavior, the more vulnerable the NSA's monitoring is to being foiled if terrorists discover what the agency is watching for, or if they change their behavior. A more complex algorithm that considers thousands, or even millions, of patterns is harder to defeat.
The industry expert added that NSA officials have worried that "if you knew what the technical trick was they were doing [to make the surveillance program function], you wouldn't have to know what specific algorithms" the agency was using. This reliance on a "trick" makes the program very vulnerable to defeat and helps explain why the Bush administration is so keen on cloaking its inner workings."
It's pretty bleeding-edge," the expert said, referring to a technology that's unperfected and therefore prone to instability. "We're talking about dumping hundreds of thousands or millions of records" into a system. In an unsophisticated system, connections among people can emerge that look suspicious but are actually meaningless. A book agent who represents a journalist who once interviewed Osama bin Laden, for example, doesn't herself necessarily know bin Laden. But she might turn up in an NSA search of transactional data. "False positives will happen," the expert said.
Gonzales and former NSA Director Michael V. Hayden have said that career agency employees decide to eavesdrop only if they have a "reasonable" basis to believe one party to a communication is a terrorist or connected to a terrorist organization. But what determines reasonableness? In a January speech at the National Press Club, Hayden drew a distinction between the Fourth Amendment's requirement that "no warrants shall issue, but upon probable cause," and its protection against "unreasonable searches and seizures."
When a journalist in the crowd questioned his logic, Hayden heatedly replied, "If there's any amendment to the Constitution that employees of the National Security Agency are familiar with, it's the Fourth. And it is a reasonableness standard in the Fourth Amendment.... I am convinced that we are lawful, because what it is we're doing [intercepting content] is reasonable." He said that the terrorist attacks fundamentally altered the NSA's thinking. "The standard of what [information] was relevant and valuable, and therefore, what was reasonable, would understandably change, I think, as smoke billowed from two American cities and a Pennsylvania farm field. And we acted accordingly."
Aside from the question of whether NSA employees, rather than federal judges, are qualified to determine what constitutes a reasonable search, that determination provides much of the basis for deciding whose communications will be intercepted without a warrant. If the technology the NSA is using to determine what constitutes a reasonable search is unsophisticated, the industry expert said, "you're talking about tapping a phone based on a statistical correlation."
A New Legal Battle?
Gonzales's narrowly tailored letter to Sen. Specter raised more questions than it answered. Democrats were outraged by what they saw as the attorney general's attempt to alter his testimony and to obstruct senators' attempts to fully assess the program's legal basis. "Much of your letter is devoted to not providing answers to the questions of a number of us regarding legal justifications for activities beyond those narrowly conceded by you to have already been confirmed by the president," Sen. Patrick Leahy of Vermont, the Judiciary Committee's ranking Democrat, wrote to the attorney general in a follow-up letter.
Leahy also raised the question of what else Gonzales hadn't told lawmakers. The attorney general's letter contained "disturbing suggestions ... that there are other secret programs," Leahy wrote. In Gonzales's letter to Specter, the attorney general had referred to "other intelligence activities" and to his inability to discuss them; he left open the possibility that the president may not have authorized these activities. Gonzales wrote, "When I testified in response to questions from Sen. Leahy, 'Sir, I have tried to outline ... what the president has authorized, and that is all that he has authorized,' I was confining my remarks to the Terrorist Surveillance Program as described by the president."
Gonzales's testimony was meant to defend the program's legality. But as more about the NSA's operations become known, new legal questions arise, including one that goes to the heart of how officials reasonably identify suspected terrorists.
Under normal criminal law, content is defined as "any information concerning the substance, purport, or meaning of [a] communication," but the definition of content under the law that governs electronic eavesdropping on U.S. persons for intelligence purposes is different and is potentially in conflict with normal jurisprudence. That law, the Foreign Intelligence Surveillance Act, states that content "includes any information concerning the identity of the parties ... or the existence, substance, purport, or meaning of [their] communication."
A phone number can be used to identify a person, said Dempsey of the Center for Democracy and Technology, who for nine years was assistant counsel to the House Judiciary Subcommittee on Civil and Constitutional Rights. Does that mean that a phone number is "content" under the law? FISA, enacted in 1978, didn't envision today's technology, when anyone with an Internet connection can use a phone number to find someone's name, address, and even an aerial photograph of his house, Dempsey said.
"I just cannot read [FISA] and figure out what it means in the context of analysis of [transactional] data," he added. "Presumably somebody in the administration thinks they understand it.... Whether that's providing any clear guidance" to the people working on the NSA program, "that's not clear."
Friday, March 17, 2006
The National Security Agency's warantless surveillance program is broader than officials have described.
The Bush administration has assiduously avoided any talk about the actual workings of its program to intercept the phone calls and e-mails of people in the United States who are suspected of having links to terrorists abroad. Officials' unwavering script goes like this: Present the legal justifications for the president to authorize domestic electronic surveillance without warrants, but say nothing about how the National Security Agency actually does it -- or about what else the agency might be doing.
But when Attorney General Alberto Gonzales appeared before the Senate Judiciary Committee on February 6 to answer questions about the program, what he didn't say pulled back the curtain on how the NSA decides which calls and e-mails to monitor. The agency bases those decisions on a broad and less focused surveillance than officials have publicly described, a surveillance that may, or may not, be legal.
In a hearing that lasted more than eight hours, Gonzales, who didn't testify under oath, dutifully batted away senators' inquiries about "operational details" and stayed silent, under determined questioning by some Democrats, about other warrantless programs that the president might have secretly authorized. When the hearing finally ended, so did Gonzales's comments on the program.
Until 22 days later. On February 28, Gonzales sent committee Chairman Arlen Specter, R-Pa., a six-page letter, partly to respond to questions he was unprepared to answer at the hearing, but also "to clarify certain of my responses" in the earlier testimony. In the letter, Gonzales took pains to correct any "misimpressions" that he might have created about whether the Justice Department had assessed the legality of intercepting purely domestic communications, for example, as opposed to those covered by the NSA program, in which one party is outside the United States. The attorney general didn't say that Justice had contemplated the legality of purely domestic eavesdropping without a warrant, but he also didn't say it hadn't.
Gonzales's letter was intriguing for what else it didn't say, especially on one point: With exacting language, he narrowed the scope of his comments to address only "questions relating to the specific NSA activities that have been publicly confirmed by the president." Then, as if to avoid any confusion, Gonzales added, "Those activities involve the interception by the NSA of the contents of communications" involving suspected terrorists and people in the United States.
Slightly, and with a single word, Gonzales was tipping his hand. The content of electronic communications is usually considered to be the spoken words of a phone call or the written words in an electronic message. The term does not include the wealth of so-called transactional data that accompany every communication: a phone number, and what calls were placed to and from that number; the time a call was placed; whether the call was answered and how long it lasted, down to the second; the time and date that an e-mail message was sent, as well as its unique address and routing path, which reveals the location of the computer that sent it and, presumably, the author.
Considering that terrorists often talk and write in code, the transactional data of a communication, properly exploited, could yield more valuable intelligence than the content itself. "You will get a very full picture of a person's associations and their patterns of activity," said Jim Dempsey, the policy director of the Center for Democracy and Technology, an electronic-privacy advocacy group. "You'll know who they're talking to, when they're talking, how long, how frequently.... It's a lot [of information]. I mean, a lot."
According to sources who are familiar with the details of what the White House calls the "terrorist surveillance program," and who asked to remain anonymous because the program is still classified, analyzing transactional data is one of the first and most important steps the agency takes in deciding which phone calls to listen to and which electronic messages to read. Far from the limited or targeted surveillance that Gonzales, President Bush, and intelligence officials have described, this traffic analysis examines thousands, perhaps hundreds of thousands, of individuals, because nearly every phone number and nearly every e-mail address is connected to a person.
Patterns in the Sea
Analysis of telephone traffic patterns helps analysts and investigators spot relationships among people that aren't always obvious. For instance, imagine that a man in Portland, Ore., receives a call from someone at a pay phone in Brooklyn, N.Y., every Tuesday at 9 a.m. Also every Tuesday, but minutes earlier, the pay phone caller rings up a man in Miami. An investigator might look at that pattern and suspect that the men in Portland and Miami are communicating through the Brooklyn caller, who's acting as a kind of courier, to mask their relationship. Patterns like this have led criminal investigators into the inner workings of drug cartels and have proved vital in breaking these cartels up.
Terrorists employ similar masking techniques. They use go-betweens to circuitously route calls, and they change cellphones often to avoid detection. Transactional data, however, capture those behaviors. If NSA analysts -- or their computers -- can find these patterns or signatures, then they might find the terrorists, or at least know which ones they should monitor.
Just after 9/11, according to knowledgeable sources, the NSA began intercepting the communications of specific foreign persons and groups named on a list. The sources didn't specify whether persons inside the United States were monitored as part of that list. But a former government official who is knowledgeable about NSA activities and the warrantless surveillance program said that this original list of people and groups, or others like it, could have formed the base of the NSA's surveillance of transactional data, the parts of a communication that aren't considered content.
If the agency started with a list of phone numbers, it could find all the numbers dialed from those phones. The NSA could then learn what numbers were called from that second list of numbers, and what calls that list received, and so on, "pushing out" the lists until the agency had identified a vast network of callers and their transactional data, the former official said. The agency might eavesdrop on only a few conversations or e-mails. But starting with even an initial target list of, say, 10 phone numbers quickly yields a web of hundreds of thousands of communications, because the volume increases exponentially with every new layer of callers.
To find meaningful patterns in transactional data, analysts need a lot of it. They must set baselines about what constitutes "normal" behavior versus "suspicious" activity. Administration officials have said that the NSA doesn't intercept the contents of a communication unless officials have a "reasonable" basis to conclude that at least one party is linked to a terrorist organization. To make any reasonable determination like that, the agency needs hundreds of thousands, or even millions, of call records, preferably as soon as they are created, said a senior person in the defense industry who is familiar with the NSA program and is an expert in the analytical tools used to find patterns and connections. Asked if this means that the NSA program is much broader and less targeted than administration officials have described, the expert replied, "I think that's correct."
In theory, finding reasonable connections in data is a straightforward and largely automated process. Analysts use computer programs based on algorithms -- mathematical procedures for solving a particular problem -- much the same way that meteorologists use data models to forecast the weather. Counter-terrorism algorithms look for the transactional indicators that match what analysts recognize as signs of a plot.
Of course, those algorithms must be sophisticated enough to spot many not-so-obvious patterns in a mass of data that are mostly uninteresting, and they work best when the data come from many sources. Algorithms have proven useful for detecting frequent criminal activity, such as credit card fraud. "Historical data clearly indicate that if a credit card turns up in two cities on two continents on the same day, that's a useful pattern," says Jeff Jonas, a computer scientist who invented a technology to connect known scam artists who are on casinos' watch lists with new potential grifters, and is now the chief scientist of IBM Entity Analytics. "The challenge of predicting terrorism is that unlike fraud, we don't have the same volume of historical data to learn from," Jonas said. "Compounding this is the fact that terrorists are constantly changing their methods and do their best to avoid leaving any digital footprints in the first place."
The obvious solution would be to write an algorithm that is flexible and fast enough to weigh millions of pieces of evidence, including exculpatory ones, against each other. But according to technology experts, and even the NSA's own stated research accomplishments, that technology has not been perfected.
The Bleeding Edge
The NSA began soon after the 9/11 terrorist attacks to collect transactional data from telecommunications companies. Several telecom executives said in press accounts that their companies gave the NSA access to their switches, the terminals that handle most of the country's electronic traffic. One executive told National Journal that NSA officials urged him to hand over his company's call logs. When he resisted, the officials implied that most of his competitors had acceded to the agency's request.
Not long after the surveillance program started, in October 2001, the NSA began looking for new tools to mine the telecom data. The agency, the industry expert said, considered some that the Defense Department's Total Information Awareness program was developing. TIA was an ambitious and controversial experiment to find patterns of terrorist activity in a much broader range of transactions than just telephone data. But NSA officials rejected the TIA tools because they were "too brittle," the expert said, meaning that they failed to manage the torrent of data that the NSA wanted to analyze. He noted the irony of rejecting the TIA technologies -- which privacy advocates had characterized as huge, all-seeing, digital dragnets -- because they couldn't handle the size of the NSA's load.
In the fall of 2002, a federal research-and-development agency that builds technologies primarily for the NSA launched another search for pattern-detection solutions. The Advanced Research and Development Activity, ARDA, issued $64 million in contracts for the Novel Intelligence for Massive Data, or NIMD, program. Its goal was "to help analysts deal with information overload, detect early indicators of strategic surprise, and avoid analytic errors," according to ARDA's public call for proposals released last year. In essence, NIMD is an early-warning system, which is how the administration has described the terrorist surveillance program. In 2003, ARDA also took over research of the tools being developed under TIA.
While the NSA was searching for the next generation of data-sifters, it continued to rely on less sophisticated tools. For an example, the former government official who spoke to NJ cited applications that organize data into broad categories, allowing analysts to see some relationships but obscuring some of the nuance in the underlying information. The results of this kind of category analysis can be displayed on a graph. But the graph might reveal only how many times a particular word appears in a conversation, not necessarily the significance of the word or how it relates to other words. Technologists sarcastically call these diagrams BAGs -- big-ass graphs.
Such was the state of affairs when the NSA started looking for terrorist patterns in a telephonic ocean. So, instead of looking for a tool that could cull through the data, the agency decided to "reverse" the process, starting with the data set and working backward, looking for algorithms that could work with it.
The NSA has made some breakthroughs, the industry expert said, but its solution relies in part on a technological "trick," which he wouldn't disclose. Another data-mining expert, who also asked not to be identified because the NSA's work is classified, said that computer engineers probably started with the telecom companies' call data, looked for patterns, and then wrote algorithms to detect them as they went along, tweaking the algorithms as needed.
Such an ad hoc approach is brittle in its own right. For starters, if analysts are working with algorithms designed to detect only certain patterns, they could be missing others, the technology expert said. At the same time, the more dependent the algorithms are on identifying very specific patterns of behavior, the more vulnerable the NSA's monitoring is to being foiled if terrorists discover what the agency is watching for, or if they change their behavior. A more complex algorithm that considers thousands, or even millions, of patterns is harder to defeat.
The industry expert added that NSA officials have worried that "if you knew what the technical trick was they were doing [to make the surveillance program function], you wouldn't have to know what specific algorithms" the agency was using. This reliance on a "trick" makes the program very vulnerable to defeat and helps explain why the Bush administration is so keen on cloaking its inner workings."
It's pretty bleeding-edge," the expert said, referring to a technology that's unperfected and therefore prone to instability. "We're talking about dumping hundreds of thousands or millions of records" into a system. In an unsophisticated system, connections among people can emerge that look suspicious but are actually meaningless. A book agent who represents a journalist who once interviewed Osama bin Laden, for example, doesn't herself necessarily know bin Laden. But she might turn up in an NSA search of transactional data. "False positives will happen," the expert said.
Gonzales and former NSA Director Michael V. Hayden have said that career agency employees decide to eavesdrop only if they have a "reasonable" basis to believe one party to a communication is a terrorist or connected to a terrorist organization. But what determines reasonableness? In a January speech at the National Press Club, Hayden drew a distinction between the Fourth Amendment's requirement that "no warrants shall issue, but upon probable cause," and its protection against "unreasonable searches and seizures."
When a journalist in the crowd questioned his logic, Hayden heatedly replied, "If there's any amendment to the Constitution that employees of the National Security Agency are familiar with, it's the Fourth. And it is a reasonableness standard in the Fourth Amendment.... I am convinced that we are lawful, because what it is we're doing [intercepting content] is reasonable." He said that the terrorist attacks fundamentally altered the NSA's thinking. "The standard of what [information] was relevant and valuable, and therefore, what was reasonable, would understandably change, I think, as smoke billowed from two American cities and a Pennsylvania farm field. And we acted accordingly."
Aside from the question of whether NSA employees, rather than federal judges, are qualified to determine what constitutes a reasonable search, that determination provides much of the basis for deciding whose communications will be intercepted without a warrant. If the technology the NSA is using to determine what constitutes a reasonable search is unsophisticated, the industry expert said, "you're talking about tapping a phone based on a statistical correlation."
A New Legal Battle?
Gonzales's narrowly tailored letter to Sen. Specter raised more questions than it answered. Democrats were outraged by what they saw as the attorney general's attempt to alter his testimony and to obstruct senators' attempts to fully assess the program's legal basis. "Much of your letter is devoted to not providing answers to the questions of a number of us regarding legal justifications for activities beyond those narrowly conceded by you to have already been confirmed by the president," Sen. Patrick Leahy of Vermont, the Judiciary Committee's ranking Democrat, wrote to the attorney general in a follow-up letter.
Leahy also raised the question of what else Gonzales hadn't told lawmakers. The attorney general's letter contained "disturbing suggestions ... that there are other secret programs," Leahy wrote. In Gonzales's letter to Specter, the attorney general had referred to "other intelligence activities" and to his inability to discuss them; he left open the possibility that the president may not have authorized these activities. Gonzales wrote, "When I testified in response to questions from Sen. Leahy, 'Sir, I have tried to outline ... what the president has authorized, and that is all that he has authorized,' I was confining my remarks to the Terrorist Surveillance Program as described by the president."
Gonzales's testimony was meant to defend the program's legality. But as more about the NSA's operations become known, new legal questions arise, including one that goes to the heart of how officials reasonably identify suspected terrorists.
Under normal criminal law, content is defined as "any information concerning the substance, purport, or meaning of [a] communication," but the definition of content under the law that governs electronic eavesdropping on U.S. persons for intelligence purposes is different and is potentially in conflict with normal jurisprudence. That law, the Foreign Intelligence Surveillance Act, states that content "includes any information concerning the identity of the parties ... or the existence, substance, purport, or meaning of [their] communication."
A phone number can be used to identify a person, said Dempsey of the Center for Democracy and Technology, who for nine years was assistant counsel to the House Judiciary Subcommittee on Civil and Constitutional Rights. Does that mean that a phone number is "content" under the law? FISA, enacted in 1978, didn't envision today's technology, when anyone with an Internet connection can use a phone number to find someone's name, address, and even an aerial photograph of his house, Dempsey said.
"I just cannot read [FISA] and figure out what it means in the context of analysis of [transactional] data," he added. "Presumably somebody in the administration thinks they understand it.... Whether that's providing any clear guidance" to the people working on the NSA program, "that's not clear."
Labels: Intelligence, Law, National Security Agency, Technology, Terrorism
Full Article
TIA Lives On
Thursday, February 23, 2006
A controversial counter-terrorism program, which lawmakers halted more than two years ago amid outcries from privacy advocates, was stopped in name only and has quietly continued within the intelligence agency now fending off charges that it has violated the privacy of U.S. citizens.
Research under the Defense Department's Total Information Awareness program -- which developed technologies to predict terrorist attacks by mining government databases and the personal records of people in the United States -- was moved from the Pentagon's research-and-development agency to another group, which builds technologies primarily for the National Security Agency, according to documents obtained by National Journal and to intelligence sources familiar with the move. The names of key projects were changed, apparently to conceal their identities, but their funding remained intact, often under the same contracts.
It is no secret that some parts of TIA lived on behind the veil of the classified intelligence budget. However, the projects that moved, their new code names, and the agencies that took them over haven't previously been disclosed. Sources aware of the transfers declined to speak on the record for this story because, they said, the identities of the specific programs are classified.
Two of the most important components of the TIA program were moved to the Advanced Research and Development Activity, housed at NSA headquarters in Fort Meade, Md., documents and sources confirm. One piece was the Information Awareness Prototype System, the core architecture that tied together numerous information extraction, analysis, and dissemination tools developed under TIA. The prototype system included privacy-protection technologies that may have been discontinued or scaled back following the move to ARDA.
A $19 million contract to build the prototype system was awarded in late 2002 to Hicks & Associates, a consulting firm in Arlington, Va., that is run by former Defense and military officials. Congress's decision to pull TIA's funding in late 2003 "caused a significant amount of uncertainty for all of us about the future of our work," Hicks executive Brian Sharkey wrote in an e-mail to subcontractors at the time. "Fortunately," Sharkey continued, "a new sponsor has come forward that will enable us to continue much of our previous work." Sources confirm that this new sponsor was ARDA. Along with the new sponsor came a new name. "We will be describing this new effort as 'Basketball,' " Sharkey wrote, apparently giving no explanation of the name's significance. Another e-mail from a Hicks employee, Marc Swedenburg, reminded the company's staff that "TIA has been terminated and should be referenced in that fashion."
Sharkey played a key role in TIA's birth, when he and a close friend, retired Navy Vice Adm. John Poindexter, President Reagan's national security adviser, brought the idea to Defense officials shortly after the 9/11 attacks. The men had teamed earlier on intelligence-technology programs for the Defense Advanced Research Projects Agency, which agreed to host TIA and hired Poindexter to run it in 2002. In August 2003, Poindexter was forced to resign as TIA chief amid howls that his central role in the Iran-Contra scandal of the mid-1980s made him unfit to run a sensitive intelligence program.
It's unclear whether work on Basketball continues. Sharkey didn't respond to an interview request, and Poindexter said he had no comment about former TIA programs. But a publicly available Defense Department document, detailing various "cooperative agreements and other transactions" conducted in fiscal 2004, shows that Basketball was fully funded at least until the end of that year (September 2004). The document shows that the system was being tested at a research center jointly run by ARDA and SAIC Corp., a major defense and intelligence contractor that is the sole owner of Hicks & Associates. The document describes Basketball as a "closed-loop, end-to-end prototype system for early warning and decision-making," exactly the same language used in contract documents for the TIA prototype system when it was awarded to Hicks in 2002. An SAIC spokesman declined to comment for this story.
Another key TIA project that moved to ARDA was Genoa II, which focused on building information technologies to help analysts and policy makers anticipate and pre-empt terrorist attacks. Genoa II was renamed Topsail when it moved to ARDA, intelligence sources confirmed. (The name continues the program's nautical nomenclature; "genoa" is a synonym for the headsail of a ship.)
As recently as October 2005, SAIC was awarded a $3.7 million contract under Topsail. According to a government-issued press release announcing the award, "The objective of Topsail is to develop decision-support aids for teams of intelligence analysts and policy personnel to assist in anticipating and pre-empting terrorist threats to U.S. interests." That language repeats almost verbatim the boilerplate descriptions of Genoa II contained in contract documents, Pentagon budget sheets, and speeches by the Genoa II program's former managers.
As early as February 2003, the Pentagon planned to use Genoa II technologies at the Army's Information Awareness Center at Fort Belvoir, Va., according to an unclassified Defense budget document. The awareness center was an early tester of various TIA tools, according to former employees. A 2003 Pentagon report to Congress shows that the Army center was part of an expansive network of intelligence agencies, including the NSA, that experimented with the tools. The center was also home to the Army's Able Danger program, which has come under scrutiny after some of its members said they used data-analysis tools to discover the name and photograph of 9/11 ringleader Mohamed Atta more than a year before the attacks.
Devices developed under Genoa II's predecessor -- which Sharkey also managed when he worked for the Defense Department -- were used during the invasion of Afghanistan and as part of "the continuing war on terrorism," according to an unclassified Defense budget document. Today, however, the future of Topsail is in question. A spokesman for the Air Force Research Laboratory in Rome, N.Y., which administers the program's contracts, said it's "in the process of being canceled due to lack of funds."
It is unclear when funding for Topsail was terminated. But earlier this month, at a Senate Intelligence Committee hearing, one of TIA's strongest critics questioned whether intelligence officials knew that some of its programs had been moved to other agencies. Sen. Ron Wyden, D-Ore., asked Director of National Intelligence John Negroponte and FBI Director Robert Mueller whether it was "correct that when [TIA] was closed, that several ... projects were moved to various intelligence agencies.... I and others on this panel led the effort to close [TIA]; we want to know if Mr. Poindexter's programs are going on somewhere else."
Negroponte and Mueller said they didn't know. But Negroponte's deputy, Gen. Michael V. Hayden, who until recently was director of the NSA, said, "I'd like to answer in closed session." Asked for comment, Wyden's spokeswoman referred to his hearing statements.
The NSA is now at the center of a political firestorm over President Bush's program to eavesdrop on the phone calls and e-mails of people in the United States who the agency believes are connected to terrorists abroad. While the documents on the TIA programs don't show that their tools are used in the domestic eavesdropping, and knowledgeable sources wouldn't discuss the matter, the TIA programs were designed specifically to develop the kind of "early-warning system" that the president said the NSA is running.
Documents detailing TIA, Genoa II, Basketball, and Topsail use the phrase "early-warning system" repeatedly to describe the programs' ultimate aims. In speeches, Poindexter has described TIA as an early-warning and decision-making system. He conceived of TIA in part because of frustration over the lack of such tools when he was national security chief for Reagan.
Tom Armour, the Genoa II program manager, declined to comment for this story. But in a previous interview, he said that ARDA -- which absorbed the TIA programs -- has pursued technologies that would be useful for analyzing large amounts of phone and e-mail traffic. "That's, in fact, what the interest is," Armour said. When TIA was still funded, its program managers and researchers had "good coordination" with their counterparts at ARDA and discussed their projects on a regular basis, Armour said. The former No. 2 official in Poindexter's office, Robert Popp, averred that the NSA didn't use TIA tools in domestic eavesdropping as part of his research.
But asked whether the agency could have used the tools apart from TIA, Popp replied, "I can't speak to that." Asked to comment on TIA projects that moved to ARDA, Don Weber, an NSA spokesman said, "As I'm sure you understand, we can neither confirm nor deny actual or alleged projects or operational capabilities; therefore, we have no information to provide."
ARDA now is undergoing some changes of its own. The outfit is being taken out of the NSA, placed under the control of Negroponte's office, and given a new name. It will be called the "Disruptive Technology Office," a reference to a term of art describing any new invention that suddenly, and often dramatically, replaces established procedures. Officials with the intelligence director's office did not respond to multiple requests for comment on this story.
Thursday, February 23, 2006
A controversial counter-terrorism program, which lawmakers halted more than two years ago amid outcries from privacy advocates, was stopped in name only and has quietly continued within the intelligence agency now fending off charges that it has violated the privacy of U.S. citizens.
Research under the Defense Department's Total Information Awareness program -- which developed technologies to predict terrorist attacks by mining government databases and the personal records of people in the United States -- was moved from the Pentagon's research-and-development agency to another group, which builds technologies primarily for the National Security Agency, according to documents obtained by National Journal and to intelligence sources familiar with the move. The names of key projects were changed, apparently to conceal their identities, but their funding remained intact, often under the same contracts.
It is no secret that some parts of TIA lived on behind the veil of the classified intelligence budget. However, the projects that moved, their new code names, and the agencies that took them over haven't previously been disclosed. Sources aware of the transfers declined to speak on the record for this story because, they said, the identities of the specific programs are classified.
Two of the most important components of the TIA program were moved to the Advanced Research and Development Activity, housed at NSA headquarters in Fort Meade, Md., documents and sources confirm. One piece was the Information Awareness Prototype System, the core architecture that tied together numerous information extraction, analysis, and dissemination tools developed under TIA. The prototype system included privacy-protection technologies that may have been discontinued or scaled back following the move to ARDA.
A $19 million contract to build the prototype system was awarded in late 2002 to Hicks & Associates, a consulting firm in Arlington, Va., that is run by former Defense and military officials. Congress's decision to pull TIA's funding in late 2003 "caused a significant amount of uncertainty for all of us about the future of our work," Hicks executive Brian Sharkey wrote in an e-mail to subcontractors at the time. "Fortunately," Sharkey continued, "a new sponsor has come forward that will enable us to continue much of our previous work." Sources confirm that this new sponsor was ARDA. Along with the new sponsor came a new name. "We will be describing this new effort as 'Basketball,' " Sharkey wrote, apparently giving no explanation of the name's significance. Another e-mail from a Hicks employee, Marc Swedenburg, reminded the company's staff that "TIA has been terminated and should be referenced in that fashion."
Sharkey played a key role in TIA's birth, when he and a close friend, retired Navy Vice Adm. John Poindexter, President Reagan's national security adviser, brought the idea to Defense officials shortly after the 9/11 attacks. The men had teamed earlier on intelligence-technology programs for the Defense Advanced Research Projects Agency, which agreed to host TIA and hired Poindexter to run it in 2002. In August 2003, Poindexter was forced to resign as TIA chief amid howls that his central role in the Iran-Contra scandal of the mid-1980s made him unfit to run a sensitive intelligence program.
It's unclear whether work on Basketball continues. Sharkey didn't respond to an interview request, and Poindexter said he had no comment about former TIA programs. But a publicly available Defense Department document, detailing various "cooperative agreements and other transactions" conducted in fiscal 2004, shows that Basketball was fully funded at least until the end of that year (September 2004). The document shows that the system was being tested at a research center jointly run by ARDA and SAIC Corp., a major defense and intelligence contractor that is the sole owner of Hicks & Associates. The document describes Basketball as a "closed-loop, end-to-end prototype system for early warning and decision-making," exactly the same language used in contract documents for the TIA prototype system when it was awarded to Hicks in 2002. An SAIC spokesman declined to comment for this story.
Another key TIA project that moved to ARDA was Genoa II, which focused on building information technologies to help analysts and policy makers anticipate and pre-empt terrorist attacks. Genoa II was renamed Topsail when it moved to ARDA, intelligence sources confirmed. (The name continues the program's nautical nomenclature; "genoa" is a synonym for the headsail of a ship.)
As recently as October 2005, SAIC was awarded a $3.7 million contract under Topsail. According to a government-issued press release announcing the award, "The objective of Topsail is to develop decision-support aids for teams of intelligence analysts and policy personnel to assist in anticipating and pre-empting terrorist threats to U.S. interests." That language repeats almost verbatim the boilerplate descriptions of Genoa II contained in contract documents, Pentagon budget sheets, and speeches by the Genoa II program's former managers.
As early as February 2003, the Pentagon planned to use Genoa II technologies at the Army's Information Awareness Center at Fort Belvoir, Va., according to an unclassified Defense budget document. The awareness center was an early tester of various TIA tools, according to former employees. A 2003 Pentagon report to Congress shows that the Army center was part of an expansive network of intelligence agencies, including the NSA, that experimented with the tools. The center was also home to the Army's Able Danger program, which has come under scrutiny after some of its members said they used data-analysis tools to discover the name and photograph of 9/11 ringleader Mohamed Atta more than a year before the attacks.
Devices developed under Genoa II's predecessor -- which Sharkey also managed when he worked for the Defense Department -- were used during the invasion of Afghanistan and as part of "the continuing war on terrorism," according to an unclassified Defense budget document. Today, however, the future of Topsail is in question. A spokesman for the Air Force Research Laboratory in Rome, N.Y., which administers the program's contracts, said it's "in the process of being canceled due to lack of funds."
It is unclear when funding for Topsail was terminated. But earlier this month, at a Senate Intelligence Committee hearing, one of TIA's strongest critics questioned whether intelligence officials knew that some of its programs had been moved to other agencies. Sen. Ron Wyden, D-Ore., asked Director of National Intelligence John Negroponte and FBI Director Robert Mueller whether it was "correct that when [TIA] was closed, that several ... projects were moved to various intelligence agencies.... I and others on this panel led the effort to close [TIA]; we want to know if Mr. Poindexter's programs are going on somewhere else."
Negroponte and Mueller said they didn't know. But Negroponte's deputy, Gen. Michael V. Hayden, who until recently was director of the NSA, said, "I'd like to answer in closed session." Asked for comment, Wyden's spokeswoman referred to his hearing statements.
The NSA is now at the center of a political firestorm over President Bush's program to eavesdrop on the phone calls and e-mails of people in the United States who the agency believes are connected to terrorists abroad. While the documents on the TIA programs don't show that their tools are used in the domestic eavesdropping, and knowledgeable sources wouldn't discuss the matter, the TIA programs were designed specifically to develop the kind of "early-warning system" that the president said the NSA is running.
Documents detailing TIA, Genoa II, Basketball, and Topsail use the phrase "early-warning system" repeatedly to describe the programs' ultimate aims. In speeches, Poindexter has described TIA as an early-warning and decision-making system. He conceived of TIA in part because of frustration over the lack of such tools when he was national security chief for Reagan.
Tom Armour, the Genoa II program manager, declined to comment for this story. But in a previous interview, he said that ARDA -- which absorbed the TIA programs -- has pursued technologies that would be useful for analyzing large amounts of phone and e-mail traffic. "That's, in fact, what the interest is," Armour said. When TIA was still funded, its program managers and researchers had "good coordination" with their counterparts at ARDA and discussed their projects on a regular basis, Armour said. The former No. 2 official in Poindexter's office, Robert Popp, averred that the NSA didn't use TIA tools in domestic eavesdropping as part of his research.
But asked whether the agency could have used the tools apart from TIA, Popp replied, "I can't speak to that." Asked to comment on TIA projects that moved to ARDA, Don Weber, an NSA spokesman said, "As I'm sure you understand, we can neither confirm nor deny actual or alleged projects or operational capabilities; therefore, we have no information to provide."
ARDA now is undergoing some changes of its own. The outfit is being taken out of the NSA, placed under the control of Negroponte's office, and given a new name. It will be called the "Disruptive Technology Office," a reference to a term of art describing any new invention that suddenly, and often dramatically, replaces established procedures. Officials with the intelligence director's office did not respond to multiple requests for comment on this story.
Labels: Intelligence, National Security Agency, Technology, Total Information Awareness
Full Article
Intelligence Designs
Friday, December 02, 2005
In the spring of 2000, a year and a half before the 9/11 attacks, Erik Kleinsmith made a decision that history may judge as a colossal mistake.
Then a 35-year-old Army major assigned to a little-known intelligence organization at Fort Belvoir in Virginia, Kleinsmith had compiled an enormous cache of information -- most of it electronically stored -- about the Al Qaeda terrorist network. It described the group's presence in countries around the world, including the United States.
It was of great interest to military planners eager to strike the terrorists' weak spots. And it may have contained the names of some of the 9/11 hijackers, including the ringleader, Mohamed Atta.
The intelligence data totaled 2.5 terabytes, equal to about 12 percent of all printed pages held by the Library of Congress. Neither the FBI nor the CIA had ever seen the information. And that spring, Kleinsmith destroyed every bit of it.
Why did he do that? And how did a midlevel officer in a minor intelligence outfit obtain that information in the first place? Those questions lie behind the latest phase of a simmering controversy in Washington: whether something could have been done to prevent the terror attacks of September 11.
Kleinsmith worked for an Army project code-named "Able Danger." This past summer, a number of former project members -- none of whom had worked for Kleinsmith -- came forward to say that Able Danger had identified Atta and linked him to a convicted terrorist who is still serving time in federal prison for his role in the 1993 bombing of the World Trade Center.
The Able Danger members recalled charts showing names and pictures of suspects, and their links to each other. Rep. Curt Weldon, an outspoken Pennsylvania Republican and longtime supporter of intelligence reform, has demanded to know why the charts were never shared with an agency positioned to halt the attacks.
He also points out that the 9/11 commission failed to include any mention of Able Danger in its final report, which is regarded as an authoritative history of the attacks. The Pentagon searched more than 80,000 documents and found no chart with the name "Mohamed Atta." Weldon has accused the government of a cover-up and called for a criminal investigation.
But Able Danger, for all its intrigue, is just one piece of the unusual intelligence practices that Kleinsmith was engaged in, years before 9/11. In the late 1990s, Kleinsmith was the chief of intelligence for the Army's Land Information Warfare Activity, a support unit assigned to the Intelligence and Security Command. LIWA had broad authority to assist the Army and all military commands in conducting "information operations," a broad discipline that includes information warfare, public deception in combat, and intelligence analysis.
The Army's hub in this effort was the aptly named Information Dominance Center, based at Fort Belvoir. Since the late 1990s, the IDC has been home to some of the most innovative, unconventional, and controversial minds in the intelligence business. In its futuristic-style building -- its interior spaces designed by a Hollywood set artist to mimic the bridge of the starship Enterprise, complete with a large captain's chair in the center of the main room -- the IDC covered a range of topics.
Analysts tracked computer hackers who were targeting military networks, watched for potential avenues of Chinese government espionage, and charted the working relationships among foreign terrorists. To do this, the IDC relied heavily on a novel technique called "data mining."
On a recent afternoon at a coffee shop in Springfield, Va., not far from the IDC, Kleinsmith explained how data mining works. Putting pen to paper, Kleinsmith sketched clumps of circles, then surrounded some with concentric, wavy perimeters, until he'd drawn a crude version of a topographical map.
In data mining, he explained, a powerful search engine is used to "harvest" tens of thousands of Web pages that contain key words of interest -- "Al Qaeda" and "bin Laden," for instance. Another tool, called a data visualization program, then creates a three-dimensional map showing which words appear most often and how they relate.
The features and contours of the map tell an analyst about the underlying information's significance, Kleinsmith said. High peaks represent words that appear frequently. Peaks close together signal words that share some context. The analysts can click on a peak and pull up the information that helped create it. With data mining, analysts don't just read information, they "see" it. Kleinsmith called this kind of data mining "intelligence on steroids," and it was the IDC's hallmark.
Data mining works best with large sets of information, so it's particularly useful for Internet searches. At the IDC, Kleinsmith and three colleagues mapped Al Qaeda for Able Danger by mining open sources and fusing their results with classified government intelligence. But in addition to the mass of information they returned on suspected terrorists, they collected thousands of names of U.S. citizens.
People's names and personal information litter the Internet. Data harvesting, by its very nature, is indiscriminate and sweeping. Unavoidably, along with "Osama Bin Laden," an often-mentioned name like "Bill Clinton" will be harvested. That says a lot about the power, and the limits, of data mining, and why Kleinsmith destroyed what he had; the military is not supposed to be gathering information on U.S. citizens.
A First Test
From its earliest days, the IDC was a haven for renegades who wanted to use technology to step outside traditional intelligence-gathering, which relies heavily on classified sources and labor-intensive analysis. The center had high-level champions, including Lt. Gen. Keith Alexander, who from 2000 to 2003 directed the Intelligence and Security Command, the IDC's parent. Alexander now heads the National Security Agency, which operates the most-sophisticated electronic eavesdropping devices in the world.
Alexander also worked closely with James Heath, who headed the IDC in the late 1990s and whom former employees recall as a mix of driven genius and mad scientist. According to one such former employee of the center, Heath saw the IDC as "an experimentation table" on which to try out all kinds of new tools, depending on what the Army wanted at the time. Analysts and technicians worked together, "speaking the same language" and building useful data-mining tools. This dynamic didn't exist in other intelligence agencies, the former employee noted.
The IDC earned a reputation for innovation, but it also stepped over the bounds of traditional military intelligence. One of its first outside fans was Curt Weldon. Rep. Weldon had been advocating a "national collaborative center" to fuse law enforcement and intelligence units, and their information, from across the government.
In 1997, as the U.S. intervened in the Balkan War, senior Russian officials wanted Weldon (who had had good and long-standing contacts with the Russians) to meet in Belgrade with Yugoslavia's then-president, Slobodan Milosevic, to negotiate a peace settlement.
As Weldon stated on the House floor in 2002, the Russians offered to arrange a meeting between Weldon and Dragomir Karic, a rich Serb closely tied to Milosevic. Perhaps, the Russians said, Karic could act as a go-between with the Serbian president. But according to Weldon, State Department officials said they'd never heard of Karic, and thought the meeting was a ploy to manipulate the congressman.
Weldon met with Karic on neutral territory, in Vienna. But before leaving the States, he asked then-CIA Director George Tenet for background on the Serb. Tenet "called me back the next day and gave me two or three sentences ... and said they thought he was tied in with the corruption in Russia, but did not know much else about him," Weldon said.
Unsatisfied, Weldon contacted his "friends at the Information Dominance Center," which he considered a model for his own intelligence collaboration venture. The IDC "came back to me with eight pages about this man," who the analysts said "was very close to Milosevic personally." Former IDC employees confirmed that they provided Weldon with detailed information on Karic.
The talks with Karic bore no fruit. But when Weldon returned to Washington, he said, the FBI and CIA asked to debrief him on what he knew about Karic. Weldon delivered a thorough dossier.
"I told them that there were four Karic brothers; that they were the owners of the largest banking system in the former Yugoslavia; that they employed some 60,000 people; that their bank had tried to finance the sale of an SA-10 [missile system] from Russia to Milosevic; that their bank had been involved in a $4 billion German bond scam; that one of the brothers had financed Milosevic's election; that the house Milosevic lived in was really their house; that, in fact, the Karic brothers' wives were best of friends with Milosevic's wife; and that they were the closest people to this leader."
Surprised to hear such details on a man they barely knew of, the agents presumed Weldon got the information from the Russians. When he told them that the facts came from the Army's Information Dominance Center, Weldon recalls, the agents replied, "What ... is the Information Dominance Center?"
The event convinced Weldon that the CIA and the FBI didn't "get it," and that the IDC was the wave of the future. He became its biggest proponent in Congress, and sang its praises to the highest levels of the Defense Department.
After Weldon submitted the Karic dossier, word of the IDC's work spread outside the Army realm, Kleinsmith said. He had put just two analysts on the Weldon project, and they had taken only a day to generate the Karic profile. It "shocked me that we were outdoing these other organizations," namely the CIA, Kleinsmith said.
The China Problem
Intrigued with the Karic work, senior Pentagon officials decided to see if the tiny band of analysts could prove their mettle on a bigger problem. Officials were concerned about the possible leakage of U.S. military technology abroad, through unauthorized exports or through espionage. In the spring of 1999, the Pentagon "initiated a onetime project, to use data-correlation tools to decide if we could use those methods as a superior approach for counterintelligence," said John Hamre, the deputy Defense secretary at the time. "It was an experiment."
The people involved said the experiment looked specifically at technology transfers to China, whose military posed the gravest post-Cold War threat to the United States. Kleinsmith says the particular technology the IDC researched was arbitrary. "I think we flipped a coin" to decide. The point was to show the Pentagon that data mining could identify front companies, potential leaks of technology, and other vulnerabilities. "What we found was absolutely enormous," Kleinsmith said.
Former IDC employees and others familiar with the work say the China research exposed a variety of avenues through which military technology designs could end up in Chinese government hands. The IDC created a diagram showing how organizations and people in the United States were connected to the Chinese. Hamre had visited the center, and according to Weldon, reported back, "It is amazing what they are doing there."
The experiment "went well," the former IDC employee said. "Unfortunately, it went too well." During construction of those link diagrams, the names of a number of U.S. citizens popped up, including some very prominent figures. Condoleezza Rice, then the provost at Stanford University, appeared in one of the harvests, the by-product of a presumably innocuous connection between other subjects and the university, which hosts notable Chinese scholars.
William Cohen, then the secretary of Defense, also appeared. As one former senior Defense official explained, the IDC's results "raised eyebrows," and leaders in the Pentagon grew nervous about the political implications of turning up such high-profile names, or those of any American citizens who were not the subject of a legally authorized intelligence investigation. Rumors still abound about other notable figures caught up in the IDC's harvest. "I heard they turned up Hillary Clinton," the official said. The experiment was not continued.
"We determined that there were significant methodological problems," Hamre said of the IDC's techniques. Data-correlation analyses on raw information "produce impossibly large numbers of potential correlations. The numbers are too large to be operationally helpful."
But it appears not everyone in the military establishment agreed. Over the next several months, Kleinsmith estimated he gave more than 200 briefings on the IDC to members of Congress, generals, and senior government officials. "I could tell in three to four minutes if someone 'got it,' " Kleinsmith said. Hamre got it, he noted. And so, it seems, did officials with the Army's Special Operations Command, who, despite the unease over the China experiment, came to the IDC asking for information about a then-shadowy organization called Al Qaeda.
Able Danger
In the fall of 1999, top officials in the Special Operations Command were looking for a way to take the nascent fight on terrorism to its source. Al Qaeda had recently destroyed the U.S. embassies in Kenya and Tanzania. Special Operations' top officers, including the commander, Gen. Peter Schoomaker, "wanted the mission of 'putting boots on the ground' to get at [Osama] bin Laden and Al Qaeda," according to the 9/11 commission report.
But the military leadership believed that without concrete intelligence about Al Qaeda, a strike on the group was doomed to fail. President Clinton told the 9/11 commission, "If we had really good intelligence about ... where [bin Laden] was, I would have done it." Plans were already under way to attack Al Qaeda using AC-130 gunships. What was lacking was actionable intelligence to tell the military whom to hit and where.
Kleinsmith said that a pair of Special Operations officials visited him at the IDC in December 1999. At the instruction of the Joint Chiefs of Staff, the officials wanted as much intelligence on Al Qaeda and other transnational terrorists that could be mustered. They called the project Able Danger. (The word "able" has been commonly used for military exercises for more than two decades.)
The officials asked Kleinsmith about the technologies the IDC was using. "They didn't talk specifics," Kleinsmith said, but it was clear that "we had something they could really use." Later, he offered to "run some data" and produce a preliminary analysis. Within 90 minutes, Kleinsmith said, his analysts found evidence that Al Qaeda had a "worldwide footprint," including "a surprising presence in the U.S. That's when we started losing sleep."
In January 2000, Special Operations gave Kleinsmith and his team the green light to find as much information as they could. "They told us, 'Start with the words "Al Qaeda," and go,' " he said. A month later, the IDC conducted the first Able Danger harvest. The initial results, while impressive, were hardly what Special Operations forces needed to put boots on the ground.
The harvest "was a mile wide and an inch deep," Kleinsmith said. It included more than two terabytes of information, too vast an amount to provide specific targets. The IDC analysts could see the broad outlines of Al Qaeda, particularly its transformation from an idealistic movement into an operational network that could possibly inflict damage. Names, locations, and capabilities, and even the group's financial sources, were "coming together," Kleinsmith said. But the data set was still too big.
That didn't stop the analysts from trying to pare the information down. The former IDC employee said analysts played what they called "the Kevin Bacon game," referring to the popular notion that the prolific film actor can be linked to any other actor through no more than five people. (The game is based on the "six degrees of separation" theory that anyone on Earth can be linked to anyone else through five intermediaries.)
"Let's say you had a bad guy at each end of a string," the employee said. The analysts looked for the people between them, and then those people's ties to each other and to still others, asking whether any of the links came back to the initial bad guys. The analysts played this game routinely to firm up the connections in the large data sets. Eventually, they were able to isolate some 20 people about whom Special Operations wanted further, deeper analysis, Kleinsmith said.
The team developed charts to serve as "simplified explanations" of what they found. But those charts, now famously alluded to by Weldon and others as having named Mohamed Atta, sometimes measured 20 feet in length and were covered with small type, the former IDC employee said. The charts were so big, in fact, that analysts had to hang them on walls just to read them. The former employee doesn't remember seeing Atta's picture.
The IDC might have followed Atta's trail if it had been told to do so, the former employee said. But just pulling names at random from the chart was pointless. And a simple connection between two people on a chart was not evidence of any criminality or pending attack. "Do you have any idea how many people on the planet would go to jail just because they knew somebody bad?" the former employee asked.
The IDC produced an impressive array of intelligence, but it also came dangerously close to an important legal line. The basic harvesting methodology guaranteed that the names of U.S. citizens would appear. "You'll pull in 16,000 people in a harvest," Kleinsmith said. It's "100 percent likely" that an American will be there. And sometimes the names themselves seemed meaningless.
If an analyst found "Clinton," Kleinsmith noted, that could mean George Clinton, the funk musician, or the town of Clinton, Md. Was the collection accidental or intentional? Regulations that restrict domestic surveillance of U.S. citizens don't necessarily apply to names that are swept up inadvertently in a data harvest. The IDC team pulled in hundreds of names every hour, Kleinsmith said. When asked which prominent Americans were included, he replied, "Everybody was coming up."
Data Destruction
As quickly as the IDC garnered powerful fans, it also earned some enemies. The center was not a chartered member of the formal intelligence community -- the 14 agencies that in 1999 officially constituted the country's spy apparatus. For a support organization, buried several layers deep in the Army, to tread on territory normally reserved for big-name agencies like the CIA and the Defense Intelligence Agency, and to present intelligence gleaned from the Internet, of all places, was simply anathema to people steeped in decades of intelligence rules and culture. The IDC analysts were mavericks.
In particular, the Defense Intelligence Agency questioned the analysts' results on a number of projects, not just Able Danger, the former IDC employee said. "We'd show them our stuff, and they'd say, 'Show us the math.' " But the answers didn't always add up so neatly. The combination of data mining and hunches sometimes produced results that the bigger intelligence agencies viewed as murky, even if military commanders found them compelling.
At a Pentagon briefing on Able Danger in September of this year, Thomas Gandy, the Army's director of counterintelligence and human intelligence, cautioned reporters about inferring too much information from the "links" the IDC established, particularly because its data-mining tools were far less sophisticated than the ones used today. "Just that there are links established doesn't really mean anything," Gandy said. "In the primacy of this technology, you get some very goofy links that require research."
Kleinsmith and the former employee, as well as others who worked tangentially to the IDC over the years, insisted that the IDC analysts were senior and seasoned, and that they recognized the fact that simple links required further investigation. Yet the analysts' enthusiasm for a less tidy sort of inquiry, which often raised more questions than answers, divided intelligence professionals. Some former government officials, who declined to be named, derided the IDC analysts as "zealots" and said their work never produced the eureka-like results that some, particularly former Able Danger members, now claim.
One senior IDC analyst, Eileen Preisser, who worked with Kleinsmith on Able Danger and other projects, was characterized by a former Defense official as "an uncontrolled flake." Kleinsmith, who called Preisser an "analytical genius," admitted that she "has constant trouble in working with others in the community." Preisser has worked in several intelligence jobs, inside and outside the government, and those who know her see her as the prototypical IDC believer.
She "is especially critical of those folks who she feels did not, or do not, 'get' the technology," Kleinsmith said. "Instead of working within the system, maneuvering around the tough spots, negotiating and dealing, she tends to burn her way through an issue to get where she needs to go." Preisser now works for the National Geospatial Intelligence Agency. A spokeswoman there said Preisser declined all requests for interviews.
In early 2000, in the midst of Able Danger, a lawyer with the Army's general counsel visited Kleinsmith. As Kleinsmith testified before the Senate Judiciary Committee in September, the lawyer reminded him that under Army regulations, any data the IDC collected on U.S. persons -- even inadvertently -- had to be destroyed within 90 days. If analysts could establish a legitimate reason to investigate a person further, they could keep the corresponding data.
But with potentially tens of thousands of names, checking each one would have been impossible, Kleinsmith said. In the Pentagon briefing, Gandy concurred: "I don't think they had the capability to scrub it in the fashion that the oversight rules could live with."
By the spring of 2000, Kleinsmith said, the IDC had the list of 20 individuals whom Special Operations wanted investigated further under Able Danger. But in March, Kleinsmith was ordered to cease all work on the project. He believes the order came from outside the IDC's command. From May to June, Kleinsmith and his team destroyed the information, and possibly the linkages between Mohamed Atta, Al Qaeda, and convicted terrorists already sitting in U.S. prisons.
"It was terrible," Kleinsmith said.
'So It Begins'
After the data purge, the heartbeat of the IDC slowed. In late September 2000, the center was authorized to begin new work on Able Danger, Kleinsmith said. A data harvest would take no time to replicate, but the analysis on people and locations was much harder to reproduce.
But Able Danger never ramped up a second time. On October 12, while the USS Cole was docked in Yemen's port city of Aden, Al Qaeda suicide bombers rammed the destroyer with a small explosive-laden boat, killing 17 U.S. sailors and wounding 39. From then on, U.S. Central Command, responsible for the Middle East, became the IDC's primary customer, Kleinsmith said. Special Operations Command, unhappy because the IDC's attention had shifted, moved Able Danger to a private intelligence research center run by Raytheon in Garland, Texas, Kleinsmith said.
A Raytheon spokesman did not respond to a request for comment. But Eileen Preisser, the IDC analyst who had worked on Able Danger with Kleinsmith, was working for Raytheon after the September 11 attacks. In a 2001 interview with National Journal, she spoke of projects she was involved with that were essentially the same as those at the IDC.
After the Cole bombing, the IDC concentrated on projects not related to Al Qaeda. "We went on to do some other things, other projects," the former IDC employee said. Less than a year later, the 9/11 attackers struck. Looking back, Kleinsmith doesn't claim that he saw the attacks coming. Rather, he felt resigned. "I wasn't surprised," he said. He had studied Al Qaeda's evolution and believed he knew its capabilities. "I thought, 'So it begins.'
Total Information Awareness
The 9/11 attacks breathed some new life into the Information Dominance Center. In late 2001, retired Navy Adm. John Poindexter, who had served as President Reagan's national security adviser, met with the director of the Defense Advanced Research Projects Agency, where Poindexter was soon to be employed. Poindexter was looking for a site to test new technologies under his Total Information Awareness program, which, not unlike the IDC, aimed to use open-source data and government information to understand terrorism.
TIA also looked at tools to examine commercial databases containing information on U.S. citizens, within the context of privacy regulations.
Poindexter wanted a proving ground staffed by seasoned, technology-inclined analysts, a "Manhattan Project" for counterterrorism, he said. The DARPA director, Tony Tether, told him to consider the IDC. After meeting with Gen. Alexander, the Army commander overseeing the center, Poindexter agreed to test some of the TIA tools at the IDC.
"TIA was a very good concept," the former IDC employee said. The center offered TIA "a high-speed testing bed" for its new technologies. "Some of the tools sucked, and some of them were good ideas," the employee said. The frustration came from officials' reluctance to use the tools for active intelligence projects. Poindexter emphasized that TIA was a research project and wasn't using data mining as part of any real intelligence operations. TIA was an experiment.
But the experiment was short-lived. In late 2002, Poindexter's role in TIA was revealed in the press. The controversial retired admiral's past caught up with him -- Poindexter was the central figure in the Iran-Contra scandal, which diverted the profits from covert arms sales to Iran to anti-Communist rebels in Nicaragua.
Members of Congress derided TIA as an Orwellian excess of the post-9/11 era. The funding was pulled. Kleinsmith, who had left the Army by the time TIA arrived, seemed perplexed by lawmakers' concerns. "We've had this capability for years," he remembered thinking. "Who cares?"
TIA's detractors declared a victory for privacy protection when they killed the project. Poindexter was forced to resign in August 2003. But research on TIA tools has hardly ceased.
Rather, it has moved into the intelligence agencies, where the work and the budgets for it are classified, Poindexter said, noting that now Congress has more-limited oversight and should be more concerned about privacy infringements. The former IDC employee concurred, saying "The [TIA] concept hasn't died off. It continues. And it continues elsewhere now, and I can't talk about that. The tools are continuing to be developed."
What-Ifs
Five years after Able Danger, Erik Kleinsmith seems oddly at ease for a key figure in a brewing political controversy. Inevitably, Kleinsmith would be a major witness in any investigation of the project. No one has suggested he did anything other than follow Army regulations in destroying the Able Danger documents.
Kleinsmith remains unconvinced that, despite the IDC's innovations, the 9/11 attacks were foreseeable. But "I do go to bed every night ... [thinking] that if we had not been shut down, we would have at least been able to prevent something or assist the United States in some way," Kleinsmith told the Senate Judiciary Committee during September's hearing. "Could we have prevented 9/11?" He paused, and then said: "I don't think I can ever speculate to that extent, that we could have done that."
Today, Kleinsmith is an employee with Lockheed Martin, working as a contractor to the Army's Information Operations Center, an IDC spin-off that is chartered to support the global war on terrorism. He oversees an intelligence training team of about 28 instructors, five of whom are working in Iraq to train U.S. analysts in data mining.
"One of the most amazing aspects of the Able Danger team is that, for a time, you had what I believe was the perfect combination of technology, data, and expert analysts that combined to create analysis that was above and beyond what the intelligence community was producing," Kleinsmith said. The results of the China experiment brought Special Operations Command to the IDC. That's proof enough for Kleinsmith that his group was providing what no one else could.
"I have been asked by several folks on Capitol Hill, members and staffers alike, whether the capability still exists to do what we did," Kleinsmith said. "My answer is, 'yes and no.' " Paradoxically, analysts are being trained to rely on the technological tools -- what Kleinsmith called "buttonology" -- too much, instead of thinking creatively on their own, he explained.
The technology is powerful, but needs to augment the analyst's work, he said. "There are still those who want to train analysts on how the engine of the car works instead of how to drive the car."
Kleinsmith recognized that the IDC's methods caused some consternation, but he takes pride in his former work and looks at the controversy pragmatically. "We understood that [there were objections], but we also understood that a lot of our customers didn't care."
Today, Kleinsmith is still struggling with the same puzzles. And, to hear him tell it, apart from the advancements in technology, little has changed. So much is still unknown, and undone, about the terrorist threat to the United States, he said. He can simply watch television to know that law enforcement isn't rounding up the terrorist cells he believes his team identified in the United States five years ago.
Ultimately, Kleinsmith sounds less like a man burdened by his past than one nervous about the future. No one seems to be acting on the information the IDC found that terrorists had taken up residence in the United States, far from New York, he said. And, as if they were listening, waiting for him to tip his hand, Kleinsmith cautiously added, "I'd just prefer not to say where they are."
Published in National Journal
Friday, December 02, 2005
In the spring of 2000, a year and a half before the 9/11 attacks, Erik Kleinsmith made a decision that history may judge as a colossal mistake.
Then a 35-year-old Army major assigned to a little-known intelligence organization at Fort Belvoir in Virginia, Kleinsmith had compiled an enormous cache of information -- most of it electronically stored -- about the Al Qaeda terrorist network. It described the group's presence in countries around the world, including the United States.
It was of great interest to military planners eager to strike the terrorists' weak spots. And it may have contained the names of some of the 9/11 hijackers, including the ringleader, Mohamed Atta.
The intelligence data totaled 2.5 terabytes, equal to about 12 percent of all printed pages held by the Library of Congress. Neither the FBI nor the CIA had ever seen the information. And that spring, Kleinsmith destroyed every bit of it.
Why did he do that? And how did a midlevel officer in a minor intelligence outfit obtain that information in the first place? Those questions lie behind the latest phase of a simmering controversy in Washington: whether something could have been done to prevent the terror attacks of September 11.
Kleinsmith worked for an Army project code-named "Able Danger." This past summer, a number of former project members -- none of whom had worked for Kleinsmith -- came forward to say that Able Danger had identified Atta and linked him to a convicted terrorist who is still serving time in federal prison for his role in the 1993 bombing of the World Trade Center.
The Able Danger members recalled charts showing names and pictures of suspects, and their links to each other. Rep. Curt Weldon, an outspoken Pennsylvania Republican and longtime supporter of intelligence reform, has demanded to know why the charts were never shared with an agency positioned to halt the attacks.
He also points out that the 9/11 commission failed to include any mention of Able Danger in its final report, which is regarded as an authoritative history of the attacks. The Pentagon searched more than 80,000 documents and found no chart with the name "Mohamed Atta." Weldon has accused the government of a cover-up and called for a criminal investigation.
But Able Danger, for all its intrigue, is just one piece of the unusual intelligence practices that Kleinsmith was engaged in, years before 9/11. In the late 1990s, Kleinsmith was the chief of intelligence for the Army's Land Information Warfare Activity, a support unit assigned to the Intelligence and Security Command. LIWA had broad authority to assist the Army and all military commands in conducting "information operations," a broad discipline that includes information warfare, public deception in combat, and intelligence analysis.
The Army's hub in this effort was the aptly named Information Dominance Center, based at Fort Belvoir. Since the late 1990s, the IDC has been home to some of the most innovative, unconventional, and controversial minds in the intelligence business. In its futuristic-style building -- its interior spaces designed by a Hollywood set artist to mimic the bridge of the starship Enterprise, complete with a large captain's chair in the center of the main room -- the IDC covered a range of topics.
Analysts tracked computer hackers who were targeting military networks, watched for potential avenues of Chinese government espionage, and charted the working relationships among foreign terrorists. To do this, the IDC relied heavily on a novel technique called "data mining."
On a recent afternoon at a coffee shop in Springfield, Va., not far from the IDC, Kleinsmith explained how data mining works. Putting pen to paper, Kleinsmith sketched clumps of circles, then surrounded some with concentric, wavy perimeters, until he'd drawn a crude version of a topographical map.
In data mining, he explained, a powerful search engine is used to "harvest" tens of thousands of Web pages that contain key words of interest -- "Al Qaeda" and "bin Laden," for instance. Another tool, called a data visualization program, then creates a three-dimensional map showing which words appear most often and how they relate.
The features and contours of the map tell an analyst about the underlying information's significance, Kleinsmith said. High peaks represent words that appear frequently. Peaks close together signal words that share some context. The analysts can click on a peak and pull up the information that helped create it. With data mining, analysts don't just read information, they "see" it. Kleinsmith called this kind of data mining "intelligence on steroids," and it was the IDC's hallmark.
Data mining works best with large sets of information, so it's particularly useful for Internet searches. At the IDC, Kleinsmith and three colleagues mapped Al Qaeda for Able Danger by mining open sources and fusing their results with classified government intelligence. But in addition to the mass of information they returned on suspected terrorists, they collected thousands of names of U.S. citizens.
People's names and personal information litter the Internet. Data harvesting, by its very nature, is indiscriminate and sweeping. Unavoidably, along with "Osama Bin Laden," an often-mentioned name like "Bill Clinton" will be harvested. That says a lot about the power, and the limits, of data mining, and why Kleinsmith destroyed what he had; the military is not supposed to be gathering information on U.S. citizens.
A First Test
From its earliest days, the IDC was a haven for renegades who wanted to use technology to step outside traditional intelligence-gathering, which relies heavily on classified sources and labor-intensive analysis. The center had high-level champions, including Lt. Gen. Keith Alexander, who from 2000 to 2003 directed the Intelligence and Security Command, the IDC's parent. Alexander now heads the National Security Agency, which operates the most-sophisticated electronic eavesdropping devices in the world.
Alexander also worked closely with James Heath, who headed the IDC in the late 1990s and whom former employees recall as a mix of driven genius and mad scientist. According to one such former employee of the center, Heath saw the IDC as "an experimentation table" on which to try out all kinds of new tools, depending on what the Army wanted at the time. Analysts and technicians worked together, "speaking the same language" and building useful data-mining tools. This dynamic didn't exist in other intelligence agencies, the former employee noted.
The IDC earned a reputation for innovation, but it also stepped over the bounds of traditional military intelligence. One of its first outside fans was Curt Weldon. Rep. Weldon had been advocating a "national collaborative center" to fuse law enforcement and intelligence units, and their information, from across the government.
In 1997, as the U.S. intervened in the Balkan War, senior Russian officials wanted Weldon (who had had good and long-standing contacts with the Russians) to meet in Belgrade with Yugoslavia's then-president, Slobodan Milosevic, to negotiate a peace settlement.
As Weldon stated on the House floor in 2002, the Russians offered to arrange a meeting between Weldon and Dragomir Karic, a rich Serb closely tied to Milosevic. Perhaps, the Russians said, Karic could act as a go-between with the Serbian president. But according to Weldon, State Department officials said they'd never heard of Karic, and thought the meeting was a ploy to manipulate the congressman.
Weldon met with Karic on neutral territory, in Vienna. But before leaving the States, he asked then-CIA Director George Tenet for background on the Serb. Tenet "called me back the next day and gave me two or three sentences ... and said they thought he was tied in with the corruption in Russia, but did not know much else about him," Weldon said.
Unsatisfied, Weldon contacted his "friends at the Information Dominance Center," which he considered a model for his own intelligence collaboration venture. The IDC "came back to me with eight pages about this man," who the analysts said "was very close to Milosevic personally." Former IDC employees confirmed that they provided Weldon with detailed information on Karic.
The talks with Karic bore no fruit. But when Weldon returned to Washington, he said, the FBI and CIA asked to debrief him on what he knew about Karic. Weldon delivered a thorough dossier.
"I told them that there were four Karic brothers; that they were the owners of the largest banking system in the former Yugoslavia; that they employed some 60,000 people; that their bank had tried to finance the sale of an SA-10 [missile system] from Russia to Milosevic; that their bank had been involved in a $4 billion German bond scam; that one of the brothers had financed Milosevic's election; that the house Milosevic lived in was really their house; that, in fact, the Karic brothers' wives were best of friends with Milosevic's wife; and that they were the closest people to this leader."
Surprised to hear such details on a man they barely knew of, the agents presumed Weldon got the information from the Russians. When he told them that the facts came from the Army's Information Dominance Center, Weldon recalls, the agents replied, "What ... is the Information Dominance Center?"
The event convinced Weldon that the CIA and the FBI didn't "get it," and that the IDC was the wave of the future. He became its biggest proponent in Congress, and sang its praises to the highest levels of the Defense Department.
After Weldon submitted the Karic dossier, word of the IDC's work spread outside the Army realm, Kleinsmith said. He had put just two analysts on the Weldon project, and they had taken only a day to generate the Karic profile. It "shocked me that we were outdoing these other organizations," namely the CIA, Kleinsmith said.
The China Problem
Intrigued with the Karic work, senior Pentagon officials decided to see if the tiny band of analysts could prove their mettle on a bigger problem. Officials were concerned about the possible leakage of U.S. military technology abroad, through unauthorized exports or through espionage. In the spring of 1999, the Pentagon "initiated a onetime project, to use data-correlation tools to decide if we could use those methods as a superior approach for counterintelligence," said John Hamre, the deputy Defense secretary at the time. "It was an experiment."
The people involved said the experiment looked specifically at technology transfers to China, whose military posed the gravest post-Cold War threat to the United States. Kleinsmith says the particular technology the IDC researched was arbitrary. "I think we flipped a coin" to decide. The point was to show the Pentagon that data mining could identify front companies, potential leaks of technology, and other vulnerabilities. "What we found was absolutely enormous," Kleinsmith said.
Former IDC employees and others familiar with the work say the China research exposed a variety of avenues through which military technology designs could end up in Chinese government hands. The IDC created a diagram showing how organizations and people in the United States were connected to the Chinese. Hamre had visited the center, and according to Weldon, reported back, "It is amazing what they are doing there."
The experiment "went well," the former IDC employee said. "Unfortunately, it went too well." During construction of those link diagrams, the names of a number of U.S. citizens popped up, including some very prominent figures. Condoleezza Rice, then the provost at Stanford University, appeared in one of the harvests, the by-product of a presumably innocuous connection between other subjects and the university, which hosts notable Chinese scholars.
William Cohen, then the secretary of Defense, also appeared. As one former senior Defense official explained, the IDC's results "raised eyebrows," and leaders in the Pentagon grew nervous about the political implications of turning up such high-profile names, or those of any American citizens who were not the subject of a legally authorized intelligence investigation. Rumors still abound about other notable figures caught up in the IDC's harvest. "I heard they turned up Hillary Clinton," the official said. The experiment was not continued.
"We determined that there were significant methodological problems," Hamre said of the IDC's techniques. Data-correlation analyses on raw information "produce impossibly large numbers of potential correlations. The numbers are too large to be operationally helpful."
But it appears not everyone in the military establishment agreed. Over the next several months, Kleinsmith estimated he gave more than 200 briefings on the IDC to members of Congress, generals, and senior government officials. "I could tell in three to four minutes if someone 'got it,' " Kleinsmith said. Hamre got it, he noted. And so, it seems, did officials with the Army's Special Operations Command, who, despite the unease over the China experiment, came to the IDC asking for information about a then-shadowy organization called Al Qaeda.
Able Danger
In the fall of 1999, top officials in the Special Operations Command were looking for a way to take the nascent fight on terrorism to its source. Al Qaeda had recently destroyed the U.S. embassies in Kenya and Tanzania. Special Operations' top officers, including the commander, Gen. Peter Schoomaker, "wanted the mission of 'putting boots on the ground' to get at [Osama] bin Laden and Al Qaeda," according to the 9/11 commission report.
But the military leadership believed that without concrete intelligence about Al Qaeda, a strike on the group was doomed to fail. President Clinton told the 9/11 commission, "If we had really good intelligence about ... where [bin Laden] was, I would have done it." Plans were already under way to attack Al Qaeda using AC-130 gunships. What was lacking was actionable intelligence to tell the military whom to hit and where.
Kleinsmith said that a pair of Special Operations officials visited him at the IDC in December 1999. At the instruction of the Joint Chiefs of Staff, the officials wanted as much intelligence on Al Qaeda and other transnational terrorists that could be mustered. They called the project Able Danger. (The word "able" has been commonly used for military exercises for more than two decades.)
The officials asked Kleinsmith about the technologies the IDC was using. "They didn't talk specifics," Kleinsmith said, but it was clear that "we had something they could really use." Later, he offered to "run some data" and produce a preliminary analysis. Within 90 minutes, Kleinsmith said, his analysts found evidence that Al Qaeda had a "worldwide footprint," including "a surprising presence in the U.S. That's when we started losing sleep."
In January 2000, Special Operations gave Kleinsmith and his team the green light to find as much information as they could. "They told us, 'Start with the words "Al Qaeda," and go,' " he said. A month later, the IDC conducted the first Able Danger harvest. The initial results, while impressive, were hardly what Special Operations forces needed to put boots on the ground.
The harvest "was a mile wide and an inch deep," Kleinsmith said. It included more than two terabytes of information, too vast an amount to provide specific targets. The IDC analysts could see the broad outlines of Al Qaeda, particularly its transformation from an idealistic movement into an operational network that could possibly inflict damage. Names, locations, and capabilities, and even the group's financial sources, were "coming together," Kleinsmith said. But the data set was still too big.
That didn't stop the analysts from trying to pare the information down. The former IDC employee said analysts played what they called "the Kevin Bacon game," referring to the popular notion that the prolific film actor can be linked to any other actor through no more than five people. (The game is based on the "six degrees of separation" theory that anyone on Earth can be linked to anyone else through five intermediaries.)
"Let's say you had a bad guy at each end of a string," the employee said. The analysts looked for the people between them, and then those people's ties to each other and to still others, asking whether any of the links came back to the initial bad guys. The analysts played this game routinely to firm up the connections in the large data sets. Eventually, they were able to isolate some 20 people about whom Special Operations wanted further, deeper analysis, Kleinsmith said.
The team developed charts to serve as "simplified explanations" of what they found. But those charts, now famously alluded to by Weldon and others as having named Mohamed Atta, sometimes measured 20 feet in length and were covered with small type, the former IDC employee said. The charts were so big, in fact, that analysts had to hang them on walls just to read them. The former employee doesn't remember seeing Atta's picture.
The IDC might have followed Atta's trail if it had been told to do so, the former employee said. But just pulling names at random from the chart was pointless. And a simple connection between two people on a chart was not evidence of any criminality or pending attack. "Do you have any idea how many people on the planet would go to jail just because they knew somebody bad?" the former employee asked.
The IDC produced an impressive array of intelligence, but it also came dangerously close to an important legal line. The basic harvesting methodology guaranteed that the names of U.S. citizens would appear. "You'll pull in 16,000 people in a harvest," Kleinsmith said. It's "100 percent likely" that an American will be there. And sometimes the names themselves seemed meaningless.
If an analyst found "Clinton," Kleinsmith noted, that could mean George Clinton, the funk musician, or the town of Clinton, Md. Was the collection accidental or intentional? Regulations that restrict domestic surveillance of U.S. citizens don't necessarily apply to names that are swept up inadvertently in a data harvest. The IDC team pulled in hundreds of names every hour, Kleinsmith said. When asked which prominent Americans were included, he replied, "Everybody was coming up."
Data Destruction
As quickly as the IDC garnered powerful fans, it also earned some enemies. The center was not a chartered member of the formal intelligence community -- the 14 agencies that in 1999 officially constituted the country's spy apparatus. For a support organization, buried several layers deep in the Army, to tread on territory normally reserved for big-name agencies like the CIA and the Defense Intelligence Agency, and to present intelligence gleaned from the Internet, of all places, was simply anathema to people steeped in decades of intelligence rules and culture. The IDC analysts were mavericks.
In particular, the Defense Intelligence Agency questioned the analysts' results on a number of projects, not just Able Danger, the former IDC employee said. "We'd show them our stuff, and they'd say, 'Show us the math.' " But the answers didn't always add up so neatly. The combination of data mining and hunches sometimes produced results that the bigger intelligence agencies viewed as murky, even if military commanders found them compelling.
At a Pentagon briefing on Able Danger in September of this year, Thomas Gandy, the Army's director of counterintelligence and human intelligence, cautioned reporters about inferring too much information from the "links" the IDC established, particularly because its data-mining tools were far less sophisticated than the ones used today. "Just that there are links established doesn't really mean anything," Gandy said. "In the primacy of this technology, you get some very goofy links that require research."
Kleinsmith and the former employee, as well as others who worked tangentially to the IDC over the years, insisted that the IDC analysts were senior and seasoned, and that they recognized the fact that simple links required further investigation. Yet the analysts' enthusiasm for a less tidy sort of inquiry, which often raised more questions than answers, divided intelligence professionals. Some former government officials, who declined to be named, derided the IDC analysts as "zealots" and said their work never produced the eureka-like results that some, particularly former Able Danger members, now claim.
One senior IDC analyst, Eileen Preisser, who worked with Kleinsmith on Able Danger and other projects, was characterized by a former Defense official as "an uncontrolled flake." Kleinsmith, who called Preisser an "analytical genius," admitted that she "has constant trouble in working with others in the community." Preisser has worked in several intelligence jobs, inside and outside the government, and those who know her see her as the prototypical IDC believer.
She "is especially critical of those folks who she feels did not, or do not, 'get' the technology," Kleinsmith said. "Instead of working within the system, maneuvering around the tough spots, negotiating and dealing, she tends to burn her way through an issue to get where she needs to go." Preisser now works for the National Geospatial Intelligence Agency. A spokeswoman there said Preisser declined all requests for interviews.
In early 2000, in the midst of Able Danger, a lawyer with the Army's general counsel visited Kleinsmith. As Kleinsmith testified before the Senate Judiciary Committee in September, the lawyer reminded him that under Army regulations, any data the IDC collected on U.S. persons -- even inadvertently -- had to be destroyed within 90 days. If analysts could establish a legitimate reason to investigate a person further, they could keep the corresponding data.
But with potentially tens of thousands of names, checking each one would have been impossible, Kleinsmith said. In the Pentagon briefing, Gandy concurred: "I don't think they had the capability to scrub it in the fashion that the oversight rules could live with."
By the spring of 2000, Kleinsmith said, the IDC had the list of 20 individuals whom Special Operations wanted investigated further under Able Danger. But in March, Kleinsmith was ordered to cease all work on the project. He believes the order came from outside the IDC's command. From May to June, Kleinsmith and his team destroyed the information, and possibly the linkages between Mohamed Atta, Al Qaeda, and convicted terrorists already sitting in U.S. prisons.
"It was terrible," Kleinsmith said.
'So It Begins'
After the data purge, the heartbeat of the IDC slowed. In late September 2000, the center was authorized to begin new work on Able Danger, Kleinsmith said. A data harvest would take no time to replicate, but the analysis on people and locations was much harder to reproduce.
But Able Danger never ramped up a second time. On October 12, while the USS Cole was docked in Yemen's port city of Aden, Al Qaeda suicide bombers rammed the destroyer with a small explosive-laden boat, killing 17 U.S. sailors and wounding 39. From then on, U.S. Central Command, responsible for the Middle East, became the IDC's primary customer, Kleinsmith said. Special Operations Command, unhappy because the IDC's attention had shifted, moved Able Danger to a private intelligence research center run by Raytheon in Garland, Texas, Kleinsmith said.
A Raytheon spokesman did not respond to a request for comment. But Eileen Preisser, the IDC analyst who had worked on Able Danger with Kleinsmith, was working for Raytheon after the September 11 attacks. In a 2001 interview with National Journal, she spoke of projects she was involved with that were essentially the same as those at the IDC.
After the Cole bombing, the IDC concentrated on projects not related to Al Qaeda. "We went on to do some other things, other projects," the former IDC employee said. Less than a year later, the 9/11 attackers struck. Looking back, Kleinsmith doesn't claim that he saw the attacks coming. Rather, he felt resigned. "I wasn't surprised," he said. He had studied Al Qaeda's evolution and believed he knew its capabilities. "I thought, 'So it begins.'
Total Information Awareness
The 9/11 attacks breathed some new life into the Information Dominance Center. In late 2001, retired Navy Adm. John Poindexter, who had served as President Reagan's national security adviser, met with the director of the Defense Advanced Research Projects Agency, where Poindexter was soon to be employed. Poindexter was looking for a site to test new technologies under his Total Information Awareness program, which, not unlike the IDC, aimed to use open-source data and government information to understand terrorism.
TIA also looked at tools to examine commercial databases containing information on U.S. citizens, within the context of privacy regulations.
Poindexter wanted a proving ground staffed by seasoned, technology-inclined analysts, a "Manhattan Project" for counterterrorism, he said. The DARPA director, Tony Tether, told him to consider the IDC. After meeting with Gen. Alexander, the Army commander overseeing the center, Poindexter agreed to test some of the TIA tools at the IDC.
"TIA was a very good concept," the former IDC employee said. The center offered TIA "a high-speed testing bed" for its new technologies. "Some of the tools sucked, and some of them were good ideas," the employee said. The frustration came from officials' reluctance to use the tools for active intelligence projects. Poindexter emphasized that TIA was a research project and wasn't using data mining as part of any real intelligence operations. TIA was an experiment.
But the experiment was short-lived. In late 2002, Poindexter's role in TIA was revealed in the press. The controversial retired admiral's past caught up with him -- Poindexter was the central figure in the Iran-Contra scandal, which diverted the profits from covert arms sales to Iran to anti-Communist rebels in Nicaragua.
Members of Congress derided TIA as an Orwellian excess of the post-9/11 era. The funding was pulled. Kleinsmith, who had left the Army by the time TIA arrived, seemed perplexed by lawmakers' concerns. "We've had this capability for years," he remembered thinking. "Who cares?"
TIA's detractors declared a victory for privacy protection when they killed the project. Poindexter was forced to resign in August 2003. But research on TIA tools has hardly ceased.
Rather, it has moved into the intelligence agencies, where the work and the budgets for it are classified, Poindexter said, noting that now Congress has more-limited oversight and should be more concerned about privacy infringements. The former IDC employee concurred, saying "The [TIA] concept hasn't died off. It continues. And it continues elsewhere now, and I can't talk about that. The tools are continuing to be developed."
What-Ifs
Five years after Able Danger, Erik Kleinsmith seems oddly at ease for a key figure in a brewing political controversy. Inevitably, Kleinsmith would be a major witness in any investigation of the project. No one has suggested he did anything other than follow Army regulations in destroying the Able Danger documents.
Kleinsmith remains unconvinced that, despite the IDC's innovations, the 9/11 attacks were foreseeable. But "I do go to bed every night ... [thinking] that if we had not been shut down, we would have at least been able to prevent something or assist the United States in some way," Kleinsmith told the Senate Judiciary Committee during September's hearing. "Could we have prevented 9/11?" He paused, and then said: "I don't think I can ever speculate to that extent, that we could have done that."
Today, Kleinsmith is an employee with Lockheed Martin, working as a contractor to the Army's Information Operations Center, an IDC spin-off that is chartered to support the global war on terrorism. He oversees an intelligence training team of about 28 instructors, five of whom are working in Iraq to train U.S. analysts in data mining.
"One of the most amazing aspects of the Able Danger team is that, for a time, you had what I believe was the perfect combination of technology, data, and expert analysts that combined to create analysis that was above and beyond what the intelligence community was producing," Kleinsmith said. The results of the China experiment brought Special Operations Command to the IDC. That's proof enough for Kleinsmith that his group was providing what no one else could.
"I have been asked by several folks on Capitol Hill, members and staffers alike, whether the capability still exists to do what we did," Kleinsmith said. "My answer is, 'yes and no.' " Paradoxically, analysts are being trained to rely on the technological tools -- what Kleinsmith called "buttonology" -- too much, instead of thinking creatively on their own, he explained.
The technology is powerful, but needs to augment the analyst's work, he said. "There are still those who want to train analysts on how the engine of the car works instead of how to drive the car."
Kleinsmith recognized that the IDC's methods caused some consternation, but he takes pride in his former work and looks at the controversy pragmatically. "We understood that [there were objections], but we also understood that a lot of our customers didn't care."
Today, Kleinsmith is still struggling with the same puzzles. And, to hear him tell it, apart from the advancements in technology, little has changed. So much is still unknown, and undone, about the terrorist threat to the United States, he said. He can simply watch television to know that law enforcement isn't rounding up the terrorist cells he believes his team identified in the United States five years ago.
Ultimately, Kleinsmith sounds less like a man burdened by his past than one nervous about the future. No one seems to be acting on the information the IDC found that terrorists had taken up residence in the United States, far from New York, he said. And, as if they were listening, waiting for him to tip his hand, Kleinsmith cautiously added, "I'd just prefer not to say where they are."
Published in National Journal
Labels: Homeland Security, Intelligence, Technology, Terrorism
Full Article
The Private Spy Among Us
Thursday, November 10, 2005
To help the government track suspected terrorists and spies who may be visiting or residing in this country, the FBI and the Defense Department for the past three years have been paying a Georgia-based company for access to its vast databases that contain billions of personal records about nearly every person -- citizens and noncitizens alike -- in the United States.
According to federal documents obtained by National Journal and Government Executive, among the services that ChoicePoint provides to the government is access to a previously undisclosed, and vaguely described, "exclusive" data-searching system. This system in effect gives law enforcement and intelligence agents the ability to use the private data broker to do something that they legally can't -- keep tabs on nearly every American citizen and foreigner in the United States.
ChoicePoint is famous for being the largest and most sophisticated aggregator of public records on U.S. citizens and residents. The company has built an enormous electronic cache of more than 19 billion records -- all of which are legally obtained -- that it mines to locate criminals and suspects, their family members and known associates, and their hidden financial assets.
Most of ChoicePoint's customers are other companies -- insurance providers trying to spot potential scam artists applying for policies, for instance. But the company's work for the government is significant and growing. Using its DNA analysis lab, ChoicePoint helped identify victims of the September 11 attacks. And the following year, the company helped locate the Washington-area snipers by leading investigators to the blue Chevrolet Caprice that the two killers used in their spree. (ChoicePoint compiles hundreds of millions of motor vehicle registrations.)
Although it has generally been known that the FBI and intelligence agencies use ChoicePoint's people-tracking skills, federal and company officials have refused to discuss the particulars of their arrangements. ChoicePoint declined a request for an interview about its work for the FBI and the Defense Department. But a set of contract documents, obtained under the Freedom of Information Act, and which the government sought to withhold for almost two years, reveals details not previously reported about ChoicePoint's work for the FBI's Foreign Terrorist Tracking Task Force, called FTTTF or "F tre F." This task force was set up soon after the 9/11 attacks to assist law enforcement and intelligence agencies in locating foreign terrorists and their supporters in the United States. Because the task force can't maintain records on U.S. persons without opening an official investigation, it relies on ChoicePoint to augment the intelligence that the government collects through legal channels.
The documents show that ChoicePoint has provided an arsenal of data and analysis to the task force and its partner group, the Defense Department's Assessments and Technology Directorate, which in turn is part of a counterintelligence unit that identifies covert threats -- namely spies and terrorists -- to Defense Department personnel and property. The FBI task force and the Defense directorate share an office and have helped to identify more than 200 terrorist suspects in the United States, FBI officials say. The partnership has also helped track suspected suicide bombers; the FBI component, among other things, vets all foreigners attending U.S. flight schools.
According to the contract documents, which have been heavily redacted, in 2002 the FBI task force had an "urgent need to acquire high-volume public record data" to help locate and track "foreign terrorists and related activities." At that point, the task force purchased some of the company's most popular services.
In the beginning, ChoicePoint performed search work at its own facilities, taking "input criteria" -- a name or other identifying data supplied by the government -- and returning useful information, such as a subject's address or any disparity between his name and Social Security number (a signal that the person may have purchased a stolen number to shield his true identity).
A year later, the government's appetite for data apparently became more sophisticated. In early 2003, the agencies ordered a set of Internet-based services from ChoicePoint. These services, the documents show, effectively put the power of the company's databases at government agents' fingertips on their desktop computers. The agencies also bought the company's AutoTrack product, which creates "easy-to-read reports" and gives users the "ability to locate people and assets faster ... and solve more crimes," according to marketing materials on ChoicePoint's Web site. And the agencies purchased ChoicePoint's "national comprehensive reports with associates," a service that lists the names, Social Security numbers, addresses, properties, and even pilot licenses to which someone is connected, directly or through known associates and relatives. FBI officials have said that such services are an invaluable complement to traditional criminal investigations.
But the documents indicate that ChoicePoint may have gone beyond simply offering its commercially available products to the government. In 2003, ChoicePoint agreed to provide access to an "exclusive" system used to help identify terrorism suspects. Although much of the description of the system has been redacted from the documents -- on the grounds that it would reveal law enforcement tactics and operations -- the portions that were released indicate that ChoicePoint's work involves continuously tracking a "subject of interest" and notifying the government when new information has surfaced on that person.
After a string of redacted text about this exclusive service, the document states, "When this new information is added and identified as relevant new data for a subject of interest, the FTTTF will receive electronic notification.... Additional information beyond the identity and address data can be provided to the FTTTF with a subpoena." In releasing the contract documents, the government said it could not elaborate on the system, because doing so "could certainly assist ... terrorists in circumventing detection." The government also redacted the dollar amount of the contracts, making it harder to assess costs and scope.
According to an outside expert on ChoicePoint who reviewed the documents for National Journal, the exclusive service looks like something ChoicePoint built specifically for federal agencies, and the arrangement raises questions about whether the company is effectively becoming an arm of the federal government.
"The language [of the contract], and ChoicePoint making their full system available to the government and [performing] custom-tailored searches for the government, show a high degree of cooperation," says Chris Hoofnagle, a researcher with the Electronic Privacy Information Center, who has obtained ChoicePoint contracts and corporate documents through other legal filings.
FBI officials have stated publicly that they don't use ChoicePoint for "fishing expeditions," that they tap its services only in the course of an official investigation. But the threshold for what constitutes a "subject of interest" is unclear. So are the restrictions, if any, that the government faces when it searches private databases for information on U.S. citizens. And it's unclear whether these restrictions differ from the rules for investigating foreigners.
Even though existing laws strictly limit the government's ability to conduct surveillance on U.S. citizens, those limitations don't apply to corporations. And so, the more ChoicePoint takes on exclusive work for the government that the government is prohibited from doing on its own, "the more it looks like a government actor," Hoofnagle says.
ChoicePoint collects a dizzying variety of newly filed public records from sources as varied as courthouses and motor vehicle departments, any of which could be a key data point in building a profile about a person being investigated. Standard ChoicePoint fare includes concealed-weapons permits; marriage and death certificates; registrations for boats, aircraft, and automobiles; eviction notices; credit card information; hazardous-materials-handling permits; and employment histories.
Without question, ChoicePoint provides services that the government feels it can't live without. "The enormous number of visitors to the U.S. and avenues of entry and exit makes it inordinately difficult, if not impossible, to accurately account for each entrant," the FBI task force director, Mark Tanner, told House lawmakers in 2003. He was describing how agents use private data brokers' information to help find people who've overstayed their visas, a class the government deems a security risk. FBI agents privately also sing the company's praises and say that if they couldn't get public records from ChoicePoint, they'd have to dispatch investigators to courthouses and clerks' offices across the country, greatly slowing the pace of their work.
But as ChoicePoint's databases grow, Hoofnagle asks, "at what point do [the company's] records become the equivalent of a 'system of records,' " an official collection that is subject to government regulation and oversight and that must be publicly announced? Writing in the George Washington Law Review last November, two members of the Center for Democracy and Technology wondered whether government's use of private databases renders useless the federal Privacy Act, which is supposed to protect private information. "If the government is simply accessing databases created by commercial entities for their own reasons, there may be no system of records subject to Privacy Act requirements," the members wrote.
U.S. citizens have few avenues to monitor how the government is using their personal data when it resides outside government hands. "We have the legal authority to collect certain types of information," says Ed Cogswell, an FBI spokesman. ChoicePoint is "a commercial database, and we purchase a lot of different commercial databases.... They have collated information that we legitimately have the authority to obtain."
But because the FBI is so reluctant to discuss how it uses the data, and what its own guidelines are for monitoring agents' access to it, a cloak is cast over the government's work. "From the perspective of an American citizen, this is another example where a company that's built a massive personal-information database is being used regularly by the government to track citizens," says Hoofnagle, who supports using ChoicePoint for terrorism investigations but wants more public assurances that the information isn't being misused.
Congress wants similar assurances. In the wake of several security breaches this year, at ChoicePoint and other firms, in which identity thieves accessed people's financial records, lawmakers have proposed several bills that would rein in the private data brokers and monitor more closely how the government uses them. One bill, the Personal Data Privacy and Security Act, introduced by Sens. Arlen Specter, R-Pa., and Patrick Leahy, D-Vt., would require the government to establish rules protecting privacy and security when it hires data brokers, and to conduct regular audits of those contracts.
Privacy advocates following the bills say that they're weaker than legislation being pushed through in state legislatures, and that no single congressional bill fully addresses all their concerns. But the legislation has data brokers' attention. Hoofnagle says that lobbying expenditures by private data collectors are up across the industry. And this year, ChoicePoint has hired a number of lobby shops specializing in the executive branch. One hired last month is none other than the Ashcroft Group, founded by former Attorney General John Ashcroft, who oversaw the establishment of the FBI task force in 2002.
Steven Aftergood, who directs the Project on Government Secrecy at the Federation of American Scientists, says, however, that it is always hard to monitor what private contractors do in the intelligence field.
"Using contractors to perform sensitive intelligence or counterintelligence work, whether it's prisoner interrogation in Iraq or data mining in D.C., is always problematic, because their activities are much harder to oversee," Aftergood says. "Unlike government agencies, contractors are not answerable to Congress. And the secrecy of most intelligence work makes them all but impervious to independent oversight. If they broke or bent the law, we might never find out."
Thursday, November 10, 2005
To help the government track suspected terrorists and spies who may be visiting or residing in this country, the FBI and the Defense Department for the past three years have been paying a Georgia-based company for access to its vast databases that contain billions of personal records about nearly every person -- citizens and noncitizens alike -- in the United States.
According to federal documents obtained by National Journal and Government Executive, among the services that ChoicePoint provides to the government is access to a previously undisclosed, and vaguely described, "exclusive" data-searching system. This system in effect gives law enforcement and intelligence agents the ability to use the private data broker to do something that they legally can't -- keep tabs on nearly every American citizen and foreigner in the United States.
ChoicePoint is famous for being the largest and most sophisticated aggregator of public records on U.S. citizens and residents. The company has built an enormous electronic cache of more than 19 billion records -- all of which are legally obtained -- that it mines to locate criminals and suspects, their family members and known associates, and their hidden financial assets.
Most of ChoicePoint's customers are other companies -- insurance providers trying to spot potential scam artists applying for policies, for instance. But the company's work for the government is significant and growing. Using its DNA analysis lab, ChoicePoint helped identify victims of the September 11 attacks. And the following year, the company helped locate the Washington-area snipers by leading investigators to the blue Chevrolet Caprice that the two killers used in their spree. (ChoicePoint compiles hundreds of millions of motor vehicle registrations.)
Although it has generally been known that the FBI and intelligence agencies use ChoicePoint's people-tracking skills, federal and company officials have refused to discuss the particulars of their arrangements. ChoicePoint declined a request for an interview about its work for the FBI and the Defense Department. But a set of contract documents, obtained under the Freedom of Information Act, and which the government sought to withhold for almost two years, reveals details not previously reported about ChoicePoint's work for the FBI's Foreign Terrorist Tracking Task Force, called FTTTF or "F tre F." This task force was set up soon after the 9/11 attacks to assist law enforcement and intelligence agencies in locating foreign terrorists and their supporters in the United States. Because the task force can't maintain records on U.S. persons without opening an official investigation, it relies on ChoicePoint to augment the intelligence that the government collects through legal channels.
The documents show that ChoicePoint has provided an arsenal of data and analysis to the task force and its partner group, the Defense Department's Assessments and Technology Directorate, which in turn is part of a counterintelligence unit that identifies covert threats -- namely spies and terrorists -- to Defense Department personnel and property. The FBI task force and the Defense directorate share an office and have helped to identify more than 200 terrorist suspects in the United States, FBI officials say. The partnership has also helped track suspected suicide bombers; the FBI component, among other things, vets all foreigners attending U.S. flight schools.
According to the contract documents, which have been heavily redacted, in 2002 the FBI task force had an "urgent need to acquire high-volume public record data" to help locate and track "foreign terrorists and related activities." At that point, the task force purchased some of the company's most popular services.
In the beginning, ChoicePoint performed search work at its own facilities, taking "input criteria" -- a name or other identifying data supplied by the government -- and returning useful information, such as a subject's address or any disparity between his name and Social Security number (a signal that the person may have purchased a stolen number to shield his true identity).
A year later, the government's appetite for data apparently became more sophisticated. In early 2003, the agencies ordered a set of Internet-based services from ChoicePoint. These services, the documents show, effectively put the power of the company's databases at government agents' fingertips on their desktop computers. The agencies also bought the company's AutoTrack product, which creates "easy-to-read reports" and gives users the "ability to locate people and assets faster ... and solve more crimes," according to marketing materials on ChoicePoint's Web site. And the agencies purchased ChoicePoint's "national comprehensive reports with associates," a service that lists the names, Social Security numbers, addresses, properties, and even pilot licenses to which someone is connected, directly or through known associates and relatives. FBI officials have said that such services are an invaluable complement to traditional criminal investigations.
But the documents indicate that ChoicePoint may have gone beyond simply offering its commercially available products to the government. In 2003, ChoicePoint agreed to provide access to an "exclusive" system used to help identify terrorism suspects. Although much of the description of the system has been redacted from the documents -- on the grounds that it would reveal law enforcement tactics and operations -- the portions that were released indicate that ChoicePoint's work involves continuously tracking a "subject of interest" and notifying the government when new information has surfaced on that person.
After a string of redacted text about this exclusive service, the document states, "When this new information is added and identified as relevant new data for a subject of interest, the FTTTF will receive electronic notification.... Additional information beyond the identity and address data can be provided to the FTTTF with a subpoena." In releasing the contract documents, the government said it could not elaborate on the system, because doing so "could certainly assist ... terrorists in circumventing detection." The government also redacted the dollar amount of the contracts, making it harder to assess costs and scope.
According to an outside expert on ChoicePoint who reviewed the documents for National Journal, the exclusive service looks like something ChoicePoint built specifically for federal agencies, and the arrangement raises questions about whether the company is effectively becoming an arm of the federal government.
"The language [of the contract], and ChoicePoint making their full system available to the government and [performing] custom-tailored searches for the government, show a high degree of cooperation," says Chris Hoofnagle, a researcher with the Electronic Privacy Information Center, who has obtained ChoicePoint contracts and corporate documents through other legal filings.
FBI officials have stated publicly that they don't use ChoicePoint for "fishing expeditions," that they tap its services only in the course of an official investigation. But the threshold for what constitutes a "subject of interest" is unclear. So are the restrictions, if any, that the government faces when it searches private databases for information on U.S. citizens. And it's unclear whether these restrictions differ from the rules for investigating foreigners.
Even though existing laws strictly limit the government's ability to conduct surveillance on U.S. citizens, those limitations don't apply to corporations. And so, the more ChoicePoint takes on exclusive work for the government that the government is prohibited from doing on its own, "the more it looks like a government actor," Hoofnagle says.
ChoicePoint collects a dizzying variety of newly filed public records from sources as varied as courthouses and motor vehicle departments, any of which could be a key data point in building a profile about a person being investigated. Standard ChoicePoint fare includes concealed-weapons permits; marriage and death certificates; registrations for boats, aircraft, and automobiles; eviction notices; credit card information; hazardous-materials-handling permits; and employment histories.
Without question, ChoicePoint provides services that the government feels it can't live without. "The enormous number of visitors to the U.S. and avenues of entry and exit makes it inordinately difficult, if not impossible, to accurately account for each entrant," the FBI task force director, Mark Tanner, told House lawmakers in 2003. He was describing how agents use private data brokers' information to help find people who've overstayed their visas, a class the government deems a security risk. FBI agents privately also sing the company's praises and say that if they couldn't get public records from ChoicePoint, they'd have to dispatch investigators to courthouses and clerks' offices across the country, greatly slowing the pace of their work.
But as ChoicePoint's databases grow, Hoofnagle asks, "at what point do [the company's] records become the equivalent of a 'system of records,' " an official collection that is subject to government regulation and oversight and that must be publicly announced? Writing in the George Washington Law Review last November, two members of the Center for Democracy and Technology wondered whether government's use of private databases renders useless the federal Privacy Act, which is supposed to protect private information. "If the government is simply accessing databases created by commercial entities for their own reasons, there may be no system of records subject to Privacy Act requirements," the members wrote.
U.S. citizens have few avenues to monitor how the government is using their personal data when it resides outside government hands. "We have the legal authority to collect certain types of information," says Ed Cogswell, an FBI spokesman. ChoicePoint is "a commercial database, and we purchase a lot of different commercial databases.... They have collated information that we legitimately have the authority to obtain."
But because the FBI is so reluctant to discuss how it uses the data, and what its own guidelines are for monitoring agents' access to it, a cloak is cast over the government's work. "From the perspective of an American citizen, this is another example where a company that's built a massive personal-information database is being used regularly by the government to track citizens," says Hoofnagle, who supports using ChoicePoint for terrorism investigations but wants more public assurances that the information isn't being misused.
Congress wants similar assurances. In the wake of several security breaches this year, at ChoicePoint and other firms, in which identity thieves accessed people's financial records, lawmakers have proposed several bills that would rein in the private data brokers and monitor more closely how the government uses them. One bill, the Personal Data Privacy and Security Act, introduced by Sens. Arlen Specter, R-Pa., and Patrick Leahy, D-Vt., would require the government to establish rules protecting privacy and security when it hires data brokers, and to conduct regular audits of those contracts.
Privacy advocates following the bills say that they're weaker than legislation being pushed through in state legislatures, and that no single congressional bill fully addresses all their concerns. But the legislation has data brokers' attention. Hoofnagle says that lobbying expenditures by private data collectors are up across the industry. And this year, ChoicePoint has hired a number of lobby shops specializing in the executive branch. One hired last month is none other than the Ashcroft Group, founded by former Attorney General John Ashcroft, who oversaw the establishment of the FBI task force in 2002.
Steven Aftergood, who directs the Project on Government Secrecy at the Federation of American Scientists, says, however, that it is always hard to monitor what private contractors do in the intelligence field.
"Using contractors to perform sensitive intelligence or counterintelligence work, whether it's prisoner interrogation in Iraq or data mining in D.C., is always problematic, because their activities are much harder to oversee," Aftergood says. "Unlike government agencies, contractors are not answerable to Congress. And the secrecy of most intelligence work makes them all but impervious to independent oversight. If they broke or bent the law, we might never find out."
Published in National Journal
Labels: Homeland Security, Intelligence, Law, Technology, Terrorism
Full Article
The Worm that Turned
Saturday, February 15, 2003
The federal government's fight against one cyber villain changed its response to online attacks.
Wednesday, June 20, 2001
6:30 a.m.
FBI Headquarters,
Washington
After 23 years as a CIA analyst, having briefed the president and his team on every conceivable threat to national security, Bob Gerber was scared. More scared than he'd been in a long time.
Holed up in his cramped, 11th floor office on a stark, colorless hallway at FBI headquarters in Washington, Gerber's stomach turned as he took his first look at a new enemy.
Gerber was a hunter, one of the government's best. These days, he was hunting worms, malicious computer programs let loose into the wild of the Internet by some of computerdom's most brilliant hackers. Two months earlier Gerber, 56, had left his job at the CIA, where he helped write the president's daily intelligence briefing, to head the analysis and warning division at the FBI's National Infrastructure Protection Center. There, he and his crew of more than 60 tracked worms, viruses and other computer evils, as well as the hackers who create them. Both threatened daily to shut down the engines of modern life - electrical power grids, the banking system, water treatment facilities, the World Wide Web.
Worms were the most vicious new beasts to stalk the Internet. But Gerber had never seen a worm quite like the one he confronted that sweltering Wednesday morning in June.
It was named Leaves after "w32.leave. worm," the poisonous file it implanted in unsuspecting computers. Like all worms, Leaves bored through cyberspace, probing Internet connections for holes in personal computers or Web servers. It slithered inside the machines and spewed venomous strings of data that threw its victims into electronic shock.
Leaves was hardly the first worm to infest the Internet. In fact, the pests became so common in 2001, that security cognoscenti dubbed it the "Year of the Worm." Worms wrought all sorts of damage. They forced computers to delete critical files or erase entire programs. They also allowed hackers to steal personal information from computers' memories. Once they infested their victims, worms made clones, then used their hosts as launching pads for more worms, whose numbers grew exponentially.
In 2000, Gerber and his team began battling a new species of even more virulent super worms. Rather than devour computers' innards, these worms hijacked their victims' controls, rendering them powerless zombies. With a gang of zombies at his command, the creator of a superworm could mob a Web site or computer system, flooding it with bogus electronic transmissions until it drowned in the data torrent.
In the spring of 2000, Gerber's colleagues took on a 15-year-old hacker who called himself Mafiaboy. The teenager turned his zombies loose on World Wide Web giants Amazon.com, eBay and Yahoo!, launching what is called a distributed denial of service attack that shut down business at the sites for five hours. It cost shareholders and the companies billions and shocked the Web world.
But compared with the Leaves worm, Mafiaboy's creation was a larva. Gerber's best analysts had worked late into the night trying to make sense of a sample of Leaves captured by worm watchers at the SANS Institute, a computer research center in Bethesda, Md. They let Leaves infect a computer, and then they watched how it behaved. What Gerber saw fascinated and appalled him.
Leaves was a zombie maker on steroids. It searched out computers already wounded by another Internet scourge called a Trojan, which installs back doors in the machines. Leaves used a Trojan called SubSeven as its entrance. Once transformed, the zombies awaited orders. To communicate with them, Leaves' creator ordered his zombies to rendezvous online through Internet Relay Chat channels. He also told them to visit certain Web sites and download encrypted information to receive instructions on what to do next. No one knew who was controlling the zombies, from where or why.
Reading the guest registries of chat rooms, Gerber discovered that an army of 1,000 Leaves zombies already was on the march. Mafiaboy, by contrast, had a few hundred conscripts and sometimes used only a dozen to attack a Web site.
What's more, Leaves contained an electronic gene enabling its creator to control every zombie at once from any Internet connection in the world.
Gerber never had seen a worm so sophisticated or terrifying.
But to exterminate it, Gerber needed more samples to dissect and more time. Pulling out the lines of computer code that told the worm how to behave might help him shut it down. Or, if he could identify the worm maker's ultimate goal, Gerber might be able to head him off.
The FBI group usually worked alone or with a few select federal officials and private sector consultants. But even Gerber's top-flight team was daunted by Leaves. It was time to call in help. Only a public-private posse of America's best hacker trackers could gut this worm.
By pulling such a group together for the first time and then letting it operate largely unsupervised, Gerber created a new model for federal computer crime fighting.
June 29
FBI Strategic Information
and Operations Center,
Washington
Gerber called the most seasoned and cunning code crackers, worm gurus and cyber soldiers from government and industry to meet at FBI headquarters. On a Friday afternoon, 10 days after Leaves was discovered, the posse gathered in the FBI's crisis headquarters, the Strategic Information Operations Center.
It was the most concentrated arsenal of computer crime-fighting talent the government ever had gathered. They came from leading security companies Symantec and Network Associates, the FBI, the White House and the Defense Department.
But there was a hitch. The private experts were uneasy. Could they trust the G-men? Uncle Sam was a bumbling bureaucrat. His security was notoriously lax. Hackers had been penetrating military and intelligence agency computers for years. What could federal officials possibly know about fighting an enemy as elegant as Leaves?
The two sides eyed each other warily as Gerber laid out what he knew. The evidence seemed to show that Leaves' creator was preparing a massive denial of service attack. Everyone would have to work together to stop it. Mistrust would keep them apart. It took Marcus Sachs, a cyber soldier from a Pentagon unit trained to attack foreign networks, to bridge the suspicion gap.
Sachs dazzled the room with his observations and theories about Leaves. With casual command of hacker lingo and the history of worms and their attacks, he demonstrated both the expertise of the government corps and the urgency of defeating this unique and dangerous foe.
The ice melted. Slowly, a simple sheet of paper passed around the room. First one, and then the next, wrote down his name, e-mail address and phone number. The Leaves posse came to life and it readied for a fight.
Days later
Los Angeles
Jimmy Kuo left the meeting to conduct an electronic autopsy.
Kuo, a research fellow at the security firm Network Associates, took samples of the worm home to Los Angeles. Many in the Leaves posse returned home to operate on their own turf, not from a single base in Washington. "In this line of work, it doesn't matter where you are, as long as you have a laptop computer and a phone," Kuo says.
The Leaves code was a jumbled mess. It was encrypted and compressed - data had been squeezed together to save space. Mr. Leaves, as some in the posse had begun calling the worm's creator, knew his creation would be captured. He ensured the worm wouldn't easily give up its secrets. Kuo ripped apart layers of code with powerful programs to reveal the deeper truths Leaves was hiding.
Other members of the posse were ripping Leaves, too, untying its knotted innards. One wrote a program to mimic the Trojan that Leaves used as a back door. The posse laid the trap across the Internet.
Sharing their discoveries by phone and e-mail, the code crackers found eight variants, or mutations, of the worm. Mr. Leaves was tweaking his weapon, finding new ways to deliver it. And he was moving faster than the posse.
While Kuo ripped in Los Angeles, a posse member watched for abnormal Internet traffic from SANS in Bethesda. Still others huddled at the FBI. The group worked smoothly because nobody was in charge, Sachs says. "Egos didn't get in the way of progress." They worked fast, but as days passed, their analysis yielded fewer new results. They learned much about the worm's attributes, but little about its purpose.
Mr. Leaves had directed the zombies to synchronize their clocks with the Naval Observatory clock on the Web. The army was prepared to attack in unison. No doubt, Mr. Leaves soon would begin his onslaught.
Unless someone could find him first.
Early July
FBI headquarters,
National Infrastructure Protection Center
computer investigation unit
FBI Special Agent Michelle Jupina wanted two things: to find Mr. Leaves and to lock him up. The bureau sought Leaves' creator on criminal charges of unlawfully entering a computer. Jupina was at the first posse meeting in June, but she kept a low profile. Assigned to the infrastructure protection center, Jupina, 36, was well-versed in cyber jargon. She understood how hackers thought and maneuvered.
The posse saw Leaves as a marvel of engineering. But to Jupina, the worm and its maker were just garbage to clean up. Short, quiet and hidden under a mane of frosty blonde hair, Jupina didn't seem capable of bursting through a hacker's door and yanking him off his keyboard. She was so unobtrusive that a posse member recalls he didn't even know she was a cop until she got up from her seat one day and "I saw a cannon strapped to her side."
But as the posse ripped Leaves apart, Jupina was a constant eavesdropper, digging for evidence in the pile of Leaves' secrets the posse unearthed. Even as new revelations slowed, Jupina and the agents under her command feverishly followed leads. Steadily, they shut down the Web sites Leaves' zombies used to receive instructions. They planted tracking devices to pick up the hacker's footprints.
Second week of July
FBI Strategic
Information
Operations Center
Weeks passed. The zombies remained quiet.
Gerber had issued a public warning about Leaves on June 23. The private sector posse members had warned their customers. News that Leaves was on the loose circulated through the computer security trade press. But still no attack.
Ripping continued. The zombie army grew. By July, at least 20,000 computers were encamped in chat rooms or patiently waiting for their orders. "That scared the hell out of us," Gerber says.
Mr. Leaves was getting wily. Whenever the team shut down one Leaves chat room the worm automatically created a new one. Mr. Leaves tried new methods, too. On July 9, one of the companies in the posse found an e-mail claiming to be a security bulletin from Microsoft Corp. The bulletin warned of a new virus, and told users to download a file to protect their computers. In the file was Leaves.
The bogus warning was badly written and eerily self-congratulatory:
"Yesterday the Internet has seen one of the first of it's downfalls. A virus has been released. One with the complexity to destroy data like none seen before."
Today, hackers often mask their worms as official security warnings, but this was the first use of the tactic. Like many outlaws, Mr. Leaves inspired a certain grudging admiration within the posse chasing him. "I had a feeling I was dealing with an artisan," Gerber says.
Or possibly a common crook.
Perplexed by the lack of attack, someone in the posse posed a new theory: Perhaps instead of damage, Mr. Leaves sought money.
The posse knew that some companies paid Web surfers to click on advertisements on their sites in order to inflate estimates of the success of the ads. With 20,000 zombies to click for him, Mr. Leaves could make a killing. Some of the sites the zombies visited contained these ads. If the FBI could find an account where Mr. Leaves put the funds, trace it to a physical address and tie it to him, the case might be solved.
Convinced Leaves had to have been created for a denial of service attack, the posse scorned this theory. Pulling off one of the biggest attacks ever was the only glory befitting such a brilliant worm.
But something didn't make sense. Mr. Leaves was taking an awful risk by not attacking. Every time he logged on to communicate with his zombies, the FBI had another chance to trace him. Why expose himself? Why not just preprogram the zombies to act on their own? The scam began to seem more believable.
But before the posse could prove its theory, an attack began. It wasn't the work of Leaves.
On July 17, a new worm appeared - Code Red. It was named after Mountain Dew Code Red soda, the only thing that kept two private sector analysts awake as they tracked it day and night.
Leaves propagated like a rare illness, targeting only victims with weakened immunity. But Code Red spread like smallpox. The worm exploited a ubiquitous hole in one of the most popular brands of Microsoft Web servers. In a few hours, Code Red had eaten into more than 100,000 servers worldwide. The swarm of worms leaping from machine to machine caused an electronic traffic jam, slowing all Internet traffic. In the aftermath of the attack, companies would spend billions of dollars plugging the holes that let Code Red enter.
Able as it was, the posse didn't have the strength to fight both Code Red and Leaves at once. The choice was clear: Code Red took precedence.
The Leaves posse had built a new model for chasing Internet outlaws. They honed it battling Code Red. But fighting the new menace left Leaves on the back burner. All they could do was hope that Leaves was no more than an Internet heist or pray that Jupina and her crew could track down and nab Mr. Leaves before he, too, unleashed his zombie brigades.
For weeks, Jupina and her technicians had laid traps and tracers across the Internet. She wanted the hacker's Internet protocol address, the digits that identify anyone who sends information online. Hackers cover their tracks by erasing those addresses from the servers they use. But Mr. Leaves had slipped.
In a cache of addresses Jupina had pulled off a server in Oklahoma at the end of June, she found one used by Mr. Leaves. It was a hot lead.
But chasing the address could take Jupina around the world. And she could nab Mr. Leaves only if he lived in a country that considered hacking a crime. If he did, the company that provided his Internet service would have to cough up his home address and Jupina would have her man. Luckily, after some tracking, Jupina hit gold: Mr. Leaves' address originated in the United Kingdom, home to some of the toughest computer crime statutes in the world.
Jupina rang the Scotland Yard computer crime unit. Within days they traced the Internet address and attached it to a name and a place. The hacker was a 24-year-old man living in one of the seedier sections of London. Scotland Yard set up a stakeout at his digs.
July 23
FBI headquarters and
South London, England
Back at FBI headquarters, Jupina kept watch on a computer monitoring the Oklahoma Web server. When Mr. Leaves logged on again, Jupina would know. Jupina waited with Scotland Yard's phone number at the ready. Officers in South London sat tight outside the hacker's residence.
Nothing.
And then, there he was.
Jupina watched as the hacker connected to the Oklahoma server. She gave the word to Scotland Yard: Go. The officers arrested the creator of one of the most ingenious worms ever known.
Epilogue
The Leaves posse proved itself during the Code Red attack. Code Red made headline news. The FBI, the White House and security companies launched a coordinated campaign to track it, warn the public and take steps to protect vulnerable systems. Crippling of the White House Web site was narrowly avoided; Pentagon Internet connections were temporarily shut off. Damage was significant - estimates are in the billions of dollars - but it would have been worse had the response not been as fast and well organized. No perpetrator has been identified.
Mr. Leaves caused no major damage before the posse rounded him up. And the same team remains on guard against new worms or other cyber threats. When one appears, the posse comes alive. E-mails fly, home telephones ring as the members swing into action, sharing what they know, tracking, dissecting, devising traps and passing evidence to the FBI.
In November 2002, shortly before leaving the FBI and returning to the CIA, Bob Gerber sat in a new office at FBI headquarters. Next to a bookcase full of hacker treatises, with a can of Mountain Dew Code Red displayed prominently on a shelf, Gerber pondered Mr. Leaves' motive. The FBI never found evidence the hacker had stolen money using the worm. Gerber and Jupina had brought the case all the way to a collar, yet they might never know Mr. Leaves' ultimate goal. "As far as I know, no one ever asked Mr. Leaves why he did what he did," Gerber says.
And no one ever may get the chance. In November 2001, the man who confessed to British authorities that he'd created the Leaves worm received a "formal caution," a legal warning usually reserved for juvenile crimes and minor drug offenses.
The lead officer on the case insists the agency has information about the hacker's motives that the FBI hasn't heard. But Scotland Yard refuses to divulge what it knows. Citing British law, officials refuse even to reveal the hacker's name.
Tens of thousands of computers containing now-dormant Leaves worms await instructions from their master. Should they ever again awaken, a posse will be waiting.
Published in Government Executive
Saturday, February 15, 2003
The federal government's fight against one cyber villain changed its response to online attacks.
Wednesday, June 20, 2001
6:30 a.m.
FBI Headquarters,
Washington
After 23 years as a CIA analyst, having briefed the president and his team on every conceivable threat to national security, Bob Gerber was scared. More scared than he'd been in a long time.
Holed up in his cramped, 11th floor office on a stark, colorless hallway at FBI headquarters in Washington, Gerber's stomach turned as he took his first look at a new enemy.
Gerber was a hunter, one of the government's best. These days, he was hunting worms, malicious computer programs let loose into the wild of the Internet by some of computerdom's most brilliant hackers. Two months earlier Gerber, 56, had left his job at the CIA, where he helped write the president's daily intelligence briefing, to head the analysis and warning division at the FBI's National Infrastructure Protection Center. There, he and his crew of more than 60 tracked worms, viruses and other computer evils, as well as the hackers who create them. Both threatened daily to shut down the engines of modern life - electrical power grids, the banking system, water treatment facilities, the World Wide Web.
Worms were the most vicious new beasts to stalk the Internet. But Gerber had never seen a worm quite like the one he confronted that sweltering Wednesday morning in June.
It was named Leaves after "w32.leave. worm," the poisonous file it implanted in unsuspecting computers. Like all worms, Leaves bored through cyberspace, probing Internet connections for holes in personal computers or Web servers. It slithered inside the machines and spewed venomous strings of data that threw its victims into electronic shock.
Leaves was hardly the first worm to infest the Internet. In fact, the pests became so common in 2001, that security cognoscenti dubbed it the "Year of the Worm." Worms wrought all sorts of damage. They forced computers to delete critical files or erase entire programs. They also allowed hackers to steal personal information from computers' memories. Once they infested their victims, worms made clones, then used their hosts as launching pads for more worms, whose numbers grew exponentially.
In 2000, Gerber and his team began battling a new species of even more virulent super worms. Rather than devour computers' innards, these worms hijacked their victims' controls, rendering them powerless zombies. With a gang of zombies at his command, the creator of a superworm could mob a Web site or computer system, flooding it with bogus electronic transmissions until it drowned in the data torrent.
In the spring of 2000, Gerber's colleagues took on a 15-year-old hacker who called himself Mafiaboy. The teenager turned his zombies loose on World Wide Web giants Amazon.com, eBay and Yahoo!, launching what is called a distributed denial of service attack that shut down business at the sites for five hours. It cost shareholders and the companies billions and shocked the Web world.
But compared with the Leaves worm, Mafiaboy's creation was a larva. Gerber's best analysts had worked late into the night trying to make sense of a sample of Leaves captured by worm watchers at the SANS Institute, a computer research center in Bethesda, Md. They let Leaves infect a computer, and then they watched how it behaved. What Gerber saw fascinated and appalled him.
Leaves was a zombie maker on steroids. It searched out computers already wounded by another Internet scourge called a Trojan, which installs back doors in the machines. Leaves used a Trojan called SubSeven as its entrance. Once transformed, the zombies awaited orders. To communicate with them, Leaves' creator ordered his zombies to rendezvous online through Internet Relay Chat channels. He also told them to visit certain Web sites and download encrypted information to receive instructions on what to do next. No one knew who was controlling the zombies, from where or why.
Reading the guest registries of chat rooms, Gerber discovered that an army of 1,000 Leaves zombies already was on the march. Mafiaboy, by contrast, had a few hundred conscripts and sometimes used only a dozen to attack a Web site.
What's more, Leaves contained an electronic gene enabling its creator to control every zombie at once from any Internet connection in the world.
Gerber never had seen a worm so sophisticated or terrifying.
But to exterminate it, Gerber needed more samples to dissect and more time. Pulling out the lines of computer code that told the worm how to behave might help him shut it down. Or, if he could identify the worm maker's ultimate goal, Gerber might be able to head him off.
The FBI group usually worked alone or with a few select federal officials and private sector consultants. But even Gerber's top-flight team was daunted by Leaves. It was time to call in help. Only a public-private posse of America's best hacker trackers could gut this worm.
By pulling such a group together for the first time and then letting it operate largely unsupervised, Gerber created a new model for federal computer crime fighting.
June 29
FBI Strategic Information
and Operations Center,
Washington
Gerber called the most seasoned and cunning code crackers, worm gurus and cyber soldiers from government and industry to meet at FBI headquarters. On a Friday afternoon, 10 days after Leaves was discovered, the posse gathered in the FBI's crisis headquarters, the Strategic Information Operations Center.
It was the most concentrated arsenal of computer crime-fighting talent the government ever had gathered. They came from leading security companies Symantec and Network Associates, the FBI, the White House and the Defense Department.
But there was a hitch. The private experts were uneasy. Could they trust the G-men? Uncle Sam was a bumbling bureaucrat. His security was notoriously lax. Hackers had been penetrating military and intelligence agency computers for years. What could federal officials possibly know about fighting an enemy as elegant as Leaves?
The two sides eyed each other warily as Gerber laid out what he knew. The evidence seemed to show that Leaves' creator was preparing a massive denial of service attack. Everyone would have to work together to stop it. Mistrust would keep them apart. It took Marcus Sachs, a cyber soldier from a Pentagon unit trained to attack foreign networks, to bridge the suspicion gap.
Sachs dazzled the room with his observations and theories about Leaves. With casual command of hacker lingo and the history of worms and their attacks, he demonstrated both the expertise of the government corps and the urgency of defeating this unique and dangerous foe.
The ice melted. Slowly, a simple sheet of paper passed around the room. First one, and then the next, wrote down his name, e-mail address and phone number. The Leaves posse came to life and it readied for a fight.
Days later
Los Angeles
Jimmy Kuo left the meeting to conduct an electronic autopsy.
Kuo, a research fellow at the security firm Network Associates, took samples of the worm home to Los Angeles. Many in the Leaves posse returned home to operate on their own turf, not from a single base in Washington. "In this line of work, it doesn't matter where you are, as long as you have a laptop computer and a phone," Kuo says.
The Leaves code was a jumbled mess. It was encrypted and compressed - data had been squeezed together to save space. Mr. Leaves, as some in the posse had begun calling the worm's creator, knew his creation would be captured. He ensured the worm wouldn't easily give up its secrets. Kuo ripped apart layers of code with powerful programs to reveal the deeper truths Leaves was hiding.
Other members of the posse were ripping Leaves, too, untying its knotted innards. One wrote a program to mimic the Trojan that Leaves used as a back door. The posse laid the trap across the Internet.
Sharing their discoveries by phone and e-mail, the code crackers found eight variants, or mutations, of the worm. Mr. Leaves was tweaking his weapon, finding new ways to deliver it. And he was moving faster than the posse.
While Kuo ripped in Los Angeles, a posse member watched for abnormal Internet traffic from SANS in Bethesda. Still others huddled at the FBI. The group worked smoothly because nobody was in charge, Sachs says. "Egos didn't get in the way of progress." They worked fast, but as days passed, their analysis yielded fewer new results. They learned much about the worm's attributes, but little about its purpose.
Mr. Leaves had directed the zombies to synchronize their clocks with the Naval Observatory clock on the Web. The army was prepared to attack in unison. No doubt, Mr. Leaves soon would begin his onslaught.
Unless someone could find him first.
Early July
FBI headquarters,
National Infrastructure Protection Center
computer investigation unit
FBI Special Agent Michelle Jupina wanted two things: to find Mr. Leaves and to lock him up. The bureau sought Leaves' creator on criminal charges of unlawfully entering a computer. Jupina was at the first posse meeting in June, but she kept a low profile. Assigned to the infrastructure protection center, Jupina, 36, was well-versed in cyber jargon. She understood how hackers thought and maneuvered.
The posse saw Leaves as a marvel of engineering. But to Jupina, the worm and its maker were just garbage to clean up. Short, quiet and hidden under a mane of frosty blonde hair, Jupina didn't seem capable of bursting through a hacker's door and yanking him off his keyboard. She was so unobtrusive that a posse member recalls he didn't even know she was a cop until she got up from her seat one day and "I saw a cannon strapped to her side."
But as the posse ripped Leaves apart, Jupina was a constant eavesdropper, digging for evidence in the pile of Leaves' secrets the posse unearthed. Even as new revelations slowed, Jupina and the agents under her command feverishly followed leads. Steadily, they shut down the Web sites Leaves' zombies used to receive instructions. They planted tracking devices to pick up the hacker's footprints.
Second week of July
FBI Strategic
Information
Operations Center
Weeks passed. The zombies remained quiet.
Gerber had issued a public warning about Leaves on June 23. The private sector posse members had warned their customers. News that Leaves was on the loose circulated through the computer security trade press. But still no attack.
Ripping continued. The zombie army grew. By July, at least 20,000 computers were encamped in chat rooms or patiently waiting for their orders. "That scared the hell out of us," Gerber says.
Mr. Leaves was getting wily. Whenever the team shut down one Leaves chat room the worm automatically created a new one. Mr. Leaves tried new methods, too. On July 9, one of the companies in the posse found an e-mail claiming to be a security bulletin from Microsoft Corp. The bulletin warned of a new virus, and told users to download a file to protect their computers. In the file was Leaves.
The bogus warning was badly written and eerily self-congratulatory:
"Yesterday the Internet has seen one of the first of it's downfalls. A virus has been released. One with the complexity to destroy data like none seen before."
Today, hackers often mask their worms as official security warnings, but this was the first use of the tactic. Like many outlaws, Mr. Leaves inspired a certain grudging admiration within the posse chasing him. "I had a feeling I was dealing with an artisan," Gerber says.
Or possibly a common crook.
Perplexed by the lack of attack, someone in the posse posed a new theory: Perhaps instead of damage, Mr. Leaves sought money.
The posse knew that some companies paid Web surfers to click on advertisements on their sites in order to inflate estimates of the success of the ads. With 20,000 zombies to click for him, Mr. Leaves could make a killing. Some of the sites the zombies visited contained these ads. If the FBI could find an account where Mr. Leaves put the funds, trace it to a physical address and tie it to him, the case might be solved.
Convinced Leaves had to have been created for a denial of service attack, the posse scorned this theory. Pulling off one of the biggest attacks ever was the only glory befitting such a brilliant worm.
But something didn't make sense. Mr. Leaves was taking an awful risk by not attacking. Every time he logged on to communicate with his zombies, the FBI had another chance to trace him. Why expose himself? Why not just preprogram the zombies to act on their own? The scam began to seem more believable.
But before the posse could prove its theory, an attack began. It wasn't the work of Leaves.
On July 17, a new worm appeared - Code Red. It was named after Mountain Dew Code Red soda, the only thing that kept two private sector analysts awake as they tracked it day and night.
Leaves propagated like a rare illness, targeting only victims with weakened immunity. But Code Red spread like smallpox. The worm exploited a ubiquitous hole in one of the most popular brands of Microsoft Web servers. In a few hours, Code Red had eaten into more than 100,000 servers worldwide. The swarm of worms leaping from machine to machine caused an electronic traffic jam, slowing all Internet traffic. In the aftermath of the attack, companies would spend billions of dollars plugging the holes that let Code Red enter.
Able as it was, the posse didn't have the strength to fight both Code Red and Leaves at once. The choice was clear: Code Red took precedence.
The Leaves posse had built a new model for chasing Internet outlaws. They honed it battling Code Red. But fighting the new menace left Leaves on the back burner. All they could do was hope that Leaves was no more than an Internet heist or pray that Jupina and her crew could track down and nab Mr. Leaves before he, too, unleashed his zombie brigades.
For weeks, Jupina and her technicians had laid traps and tracers across the Internet. She wanted the hacker's Internet protocol address, the digits that identify anyone who sends information online. Hackers cover their tracks by erasing those addresses from the servers they use. But Mr. Leaves had slipped.
In a cache of addresses Jupina had pulled off a server in Oklahoma at the end of June, she found one used by Mr. Leaves. It was a hot lead.
But chasing the address could take Jupina around the world. And she could nab Mr. Leaves only if he lived in a country that considered hacking a crime. If he did, the company that provided his Internet service would have to cough up his home address and Jupina would have her man. Luckily, after some tracking, Jupina hit gold: Mr. Leaves' address originated in the United Kingdom, home to some of the toughest computer crime statutes in the world.
Jupina rang the Scotland Yard computer crime unit. Within days they traced the Internet address and attached it to a name and a place. The hacker was a 24-year-old man living in one of the seedier sections of London. Scotland Yard set up a stakeout at his digs.
July 23
FBI headquarters and
South London, England
Back at FBI headquarters, Jupina kept watch on a computer monitoring the Oklahoma Web server. When Mr. Leaves logged on again, Jupina would know. Jupina waited with Scotland Yard's phone number at the ready. Officers in South London sat tight outside the hacker's residence.
Nothing.
And then, there he was.
Jupina watched as the hacker connected to the Oklahoma server. She gave the word to Scotland Yard: Go. The officers arrested the creator of one of the most ingenious worms ever known.
Epilogue
The Leaves posse proved itself during the Code Red attack. Code Red made headline news. The FBI, the White House and security companies launched a coordinated campaign to track it, warn the public and take steps to protect vulnerable systems. Crippling of the White House Web site was narrowly avoided; Pentagon Internet connections were temporarily shut off. Damage was significant - estimates are in the billions of dollars - but it would have been worse had the response not been as fast and well organized. No perpetrator has been identified.
Mr. Leaves caused no major damage before the posse rounded him up. And the same team remains on guard against new worms or other cyber threats. When one appears, the posse comes alive. E-mails fly, home telephones ring as the members swing into action, sharing what they know, tracking, dissecting, devising traps and passing evidence to the FBI.
In November 2002, shortly before leaving the FBI and returning to the CIA, Bob Gerber sat in a new office at FBI headquarters. Next to a bookcase full of hacker treatises, with a can of Mountain Dew Code Red displayed prominently on a shelf, Gerber pondered Mr. Leaves' motive. The FBI never found evidence the hacker had stolen money using the worm. Gerber and Jupina had brought the case all the way to a collar, yet they might never know Mr. Leaves' ultimate goal. "As far as I know, no one ever asked Mr. Leaves why he did what he did," Gerber says.
And no one ever may get the chance. In November 2001, the man who confessed to British authorities that he'd created the Leaves worm received a "formal caution," a legal warning usually reserved for juvenile crimes and minor drug offenses.
The lead officer on the case insists the agency has information about the hacker's motives that the FBI hasn't heard. But Scotland Yard refuses to divulge what it knows. Citing British law, officials refuse even to reveal the hacker's name.
Tens of thousands of computers containing now-dormant Leaves worms await instructions from their master. Should they ever again awaken, a posse will be waiting.
Published in Government Executive
Labels: Cyber War, Intelligence, Technology, Terrorism
Full Article