Executive Orders Offer 'Quick Fix' On Torture
Wednesday, November 12, 2008
Calls are coming in for President-elect Obama to take quick and decisive action on interrogation and detention of terrorist suspects.
Wednesday, November 12, 2008
Calls are coming in for President-elect Obama to take quick and decisive action on interrogation and detention of terrorist suspects.
Labels: Intelligence, Law, Terrorism, Transition
Full Article
Surveillance Standoff
Friday, April 04, 2008
In the old days, everyone was linked to a lug nut, and Jim Kallstrom liked it that way.
It was 1985, a simpler time for a cop like Kallstrom, who was in charge of setting telephone wiretaps on suspected drug dealers and mobsters for the FBI's New York City field office. In New York, Kallstrom's cases were often won on the basis of incriminating evidence surreptitiously snatched from the mouths of criminal defendants through their phone lines. With a mere 203,000 Americans using mobile phones, people were still tied to the ground, and that gave Kallstrom's world a certain comforting order.
On any given day, he could stand on a street corner in Manhattan, gaze up at an apartment building with its neat rows and columns of units stacked atop each other, and know that inside each one there was a telephone, tethered by thin copper wire to a single point, sometimes several miles away. In his mind's eye, Kallstrom could have imagined shrinking himself to the size of an electron and traveling over the phone line, down to the bottom of the building, then shooting beneath the streets, until he ended up in the basement of the telephone company's switching station. There, the wire emerged, pegged to a rack by a single copper lug nut. Acres of racks lined the walls, each holding rows and columns of lug nuts and their wires, neatly stacked atop each other -- the city of New York in analog miniature.
With a warrant in hand, Kallstrom could tell the technicians at the phone office, with whom he had become friendly over the years, "Go up on RR326." The tech would walk to the rack, find the wire, and clamp on a listening device. Instantly, Kallstrom became an invisible interloper.
FBI agents and federal prosecutors depended on these legal wiretaps to penetrate drug cartels, incriminate money launderers, and spy on mob families. And they needed to be absolutely certain that the line they were on belonged to the suspected dealer, or launderer, or capo named in the court-approved warrant. Not the guy in the apartment next door. Not someone down the block. This guy. This phone. RR326. Lest the agents violate a judge's order, and perhaps land themselves in jail, this had to be the very same line that snaked back through the subterranean maze of Manhattan, through all those blocks of concrete caverns, back to that certain apartment building, up through the walls and out of the jack and into the phone that was in the hand and next to the mouth of Kallstrom's target. It was, by design and necessity, a neat, specific system.
And then it all went sideways.
Kallstrom's friends in the phone company put him on notice in 1985: Over the next few years, those racks and stacks of wires and lug nuts would be swept into the technological dustbin. The telephone network was going digital. Technicians would no longer stand at a rack; they would sit at a keyboard. In some parts of the country that had already made the change, phone calls were traveling as a stream of 1's and 0's. Thousands of lines commingled in a single computer. When New York went digital, the phone techs told Kallstrom, they would no longer be able to tap him directly into RR326. In fact, they couldn't even tell him for sure where RR326 resided in this new engineering matrix.
At the same time that the phone companies were preparing for the transition to digital, the use of cellphones -- which were inherently harder to tap because they used phone lines differently than analog devices -- mushroomed. From 1985 to '86, the number of registered mobile-phone subscribers in the United States doubled to 500,000. Within two years after that, the number climbed to 1.6 million. By the end of the decade, the cellphone universe had skyrocketed past 4 million.
Organized crime was an early adopter of the mobile phone. In a communications technique presaging that of Islamic terrorists today, members of the Colombian Cali drug cartel operating in New York would briefly use a phone, toss it, and get a new one. To tap a mobile device, technicians had to install listening equipment on the new version of a lug nut -- an "electronic port." But in most switching stations in New York, there were only half a dozen or so ports available at any one time. Federal prosecutors and agents had to stand in line at phone company offices and fight with each other over whose investigation should take priority. Some prosecutors threatened to haul company employees into court on contempt charges so they could explain to a judge why the phone company was unwilling to execute a wiretap order.
Electronic surveillance, once such a dependable, relatively easy craft, was becoming inordinately difficult, Kallstrom thought. The phone companies, whose annual revenues from mobile subscriptions were cresting over $2 billion in the late 1980s, showed little willingness to make the FBI's life easier. As the 1990s approached, with the promise of more digitization and more mobility, Kallstrom called his bosses in Washington: "If we don't do something, we'll be out of the wiretapping business."
A Battle Begins
Kallstrom may have been the first to alert the FBI and the Justice Department to this new reality. The digital revolution generated a constant tension that exists to this day, a push and pull between the federal government in one camp and technology corporations and civil-liberties activists in the other to control the development of the global communications system, and so the balance of power in the Information Age.
This struggle's latest manifestation is the intensely politicized effort to rewrite the Foreign Intelligence Surveillance Act. At issue is nothing less than the government's authority to broadly monitor communications networks to spot terrorists and other national security threats. The Bush administration finds itself across the battle lines from many of the same groups that more than a decade ago argued that the government was already extending its reach too far into personal conversations in the name of pursuing criminals.
While FISA governs wiretapping for intelligence-gathering purposes, as distinct from law enforcement, surveillance in both worlds follows the same essential philosophy -- the best evidence in a court of law or in an intelligence operation is one's own words. Today's dispute is not very different from the one that occurred during the dawn of digitization in the 1990s. Indeed, both are part and parcel of the same long-running debate.
No one should believe that real-time government surveillance of the communications network is an idea born of the 9/11 attacks or that it results solely from the Bush administration's aggrandizing of executive power. The legal arguments that the government has asserted to support increased surveillance of digital space were first put forth in 1994, under a Democratic president, and they had little to do with the threat of Islamic extremism.
Nor should anyone mistake the roots of the vociferous opposition to today's wiretapping from civil libertarians and privacy advocates. Many of these groups and their allies have been battling to restrict the government's use of new, potentially invasive technologies for a generation. The Bush White House is only their latest adversary, albeit the most formidable. These activists and their allies in the business world have been motivated by different but mutually supportive goals: to extend constitutional safeguards to the digital realm, and to keep the government from suffocating technological development with burdensome surveillance laws. Some in those ranks would have liked, and indeed tried, to make the digital network a wiretap-free zone.
But despite the occasionally extreme positions and deeply held convictions of all of these players, the most important laws governing wiretapping, electronic surveillance, and privacy have been the product of negotiation, of people gathering in a room, sitting at a table, and talking -- sometimes screaming -- until they reached a settlement. The current debate, however, is missing that crucial spirit. Whereas before, adversaries trusted each other enough at a basic level to make deals, however temporary, today's opposing sides seem unwilling to compromise to pass new surveillance laws that the nation can live with. It's not entirely clear where or why minds turned so stubborn. But to understand today's political calcification, it helps to recall a simpler time.
The Art Of Compromise
Jerry Berman was a veteran of the privacy wars, seemingly born for the role of liberal, dogmatic activist. In the early 1950s, his father, a labor leader, was investigated by the House Un-American Activities Committee. A native of Hawaii, the younger Berman moved with his family to California, where he enrolled at the University of California (Berkeley). After earning his bachelor's and master's, and, in 1967, his law degree, Berman began lobbying for the American Civil Liberties Union. He became an authority on the intersection of national security and technology, schooled by the exposure of illegal FBI spying operations aimed at political organizations, war protesters, and leftist activists. In 1978, Berman helped to craft the Foreign Intelligence Surveillance Act, which set new restrictions on the government's domestic intelligence-gathering. He was present at the creation of several important pieces of surveillance legislation, and he helped secure individual privacy protections.
In playing his role, Berman didn't adhere to a hard-and-fast position but instead embraced his own brand of "principled pragmatism." By his logic, the interests of privacy and national security were not incompatible. If all sides -- government, industry, civil-liberties activists -- could find ways to "maximize the good and minimize the harm," as he liked to say, they could strike a satisfactory balance and create workable laws. This idea guided his work on FISA and other legislation, sometimes to the consternation of more-ideological activists who employed him to lobby Congress on their behalf.
Perhaps that was because principled pragmatism recognized an unsavory reality: In Washington, those who show up to play the game make the rules. Negotiation requires sacrifice. Sacrifice requires flexibility. Some people would rather break than bend. But compromise is how things get done, and Berman accepted it. As a colleague summarized Berman's general approach to lawmaking, "You can stand on your principle and get your ass handed to you, or you can engage in the process and get a better deal."
In the summer of 1994, the FBI and the Justice Department made a bold play to force the telecom carriers to help them conduct legal wiretaps. They put forth a proposal that would require the companies to build their networks so that law enforcement agents serving a warrant could access them in real time. The legality of wiretapping was not in question. The government wanted legal assurance that it could tap, at any time, and that the industry had an obligation under law to comply with the government's proper authority.
No more computer-related hassles, no more standing in line to plug into mobile-phone ports. Law enforcement agents, federal spymasters, and prosecutors wanted a comprehensive remedy to what they called the "digital telephony" problem. Their chief advocates were Kallstrom and Louis Freeh, the recently appointed FBI director, a former special agent and federal prosecutor who had used wiretaps to secure convictions in some of the most complicated organized-crime investigations in history. Freeh personally pushed for the new law, showing up unannounced in reluctant lawmakers' offices to press them for support and even sitting in on committee markups -- an unprecedented move for an FBI director -- to stare members down.
Clipper Chip
The 1994 proposal was only the latest in a series of government efforts to strengthen its control of the telecommunications network. In the late 1980s, Justice officials had gotten as far as placing language in an anti-crime bill that would have allowed the attorney general to set standards for telecommunications equipment, effectively making that federal official the network's architect-in-chief. (The bill did not pass.)
In 1993, Bill Clinton, in one of his first presidential directives, announced that engineers at the National Security Agency, the intelligence community's electronic surveillance arm, had developed a cutting-edge microcircuit, called the "Clipper" chip, to scramble telephone conversations. The administration intended to promote the installation of the Clipper technology in U.S. telephones, and planned to hold "in escrow" the digital keys to decrypt any conversation. In other words, the federal government would build the lock and keep the key, an idea that inspired a reaction somewhere between outrage and apoplexy among technologists and privacy advocates, who ultimately killed the idea.
In that atmosphere of hostility and skepticism, Berman went to work. Beginning in August 1994, he convened a series of meetings with senior law enforcement officials under the auspices of a privacy and security coalition he had formed with more than four dozen activist groups and technology companies -- including the biggest telecom provider of all, AT&T -- plus the U.S. Telephone Association, IBM, and software makers such as Microsoft. The goal was to resolve differences over the government's proposal to ensure federal access to telecommunications networks. Berman also brought in two powerful Democratic lawmakers and noted civil libertarians, Sen. Patrick Leahy of Vermont and then-Rep. Don Edwards, whose district included California's Silicon Valley. Everyone in the negotiating room had some familiarity with technology issues, and professional experience in law enforcement or Justice Department oversight.
The meetings featured intense, nitty-gritty debates over the technical aspects of the law. The FBI wanted guarantees that the telecom system would never mature beyond the reach of its wiretaps. Some companies saw this as heavy-handed regulation, and a number of telecom officials shared the activists' belief that the government was in fact after a permanent covert backdoor into the phone system. The negotiations helped to somewhat dampen the suspicions, however, and the talks went forward because no one in the room disagreed with the fundamental premise that the government had the right to wiretap.
But outside of the meetings, divisions festered among the interest groups. Berman represented the Electronic Frontier Foundation, which champions the public interest in the digital realm, but its board couldn't decide whether compromise was prudent or perilous. Berman felt he had to persuade his colleagues, in another series of heated meetings, to work in the middle. To him, that meant that the legislative negotiations would follow an inviolate principle: We will only craft solutions to known problems. No writing of laws aimed at encompassing future problems. If the FBI has difficultly accessing the public telephone network, then the law will address only that public telephone network.
In addition to identifying a philosophical guideline, this approach served a more strategic goal -- to keep the FBI's hands off the Internet, which was so new in 1994 as to be practically notional. Internet service providers such as America Online and Prodigy had only a handful of subscribers, and the first Web browser had been released that year, in a beta test version. Still, Berman and others knew that the FBI would never willingly agree to stay off the information superhighway, because Internet-based information held tremendous potential value for law enforcement.
During one meeting, David Johnson, a lawyer who had helped to craft the Electronic Communications Privacy Act in 1986, held up a glass jar full of rocks and asked, "How many of you would say this jar is full?" Most people agreed that it was. Johnson took a fistful of pebbles and dropped them into the jar. They tinkled down through the rocks, finding resting places in the empty spaces. Then he poured sand into the jar. As it cascaded into the empty spaces, Johnson told the onlookers that the sand was like the unseen, seemingly insignificant "transactional data" that traveled on the Internet. Transactional data includes the routing information for a text-based message -- where it comes from, where it goes, and what path it follows -- and the series of digits that make up an Internet address. This information would someday be of enormous value to the government, he said, just as phone call records, as opposed to actual conversations, already were. The transactional data were small but meaningful -- like the tiny grains of sand that kept filling the volume of the jar.
CALEA
Johnson's vivid illustration convinced many of the participants that the new law mustn't extend too far. Again, the issue wasn't whether law enforcement had a right to information but how much power the government should have over the means to get it. Leahy and Edwards, who formally introduced the legislation shortly thereafter, declared that it would apply solely to the public telephone network. The law specifically exempted "information services," which the parties agreed included Internet companies and electronic-messaging technologies.
The Communications Assistance for Law Enforcement Act passed in the closing days of the 103rd Congress, two weeks before Republicans won control of both chambers in November 1994. CALEA (pronounced kuhLEEuh) would let the industry set its own standards to meet the Justice Department's needs. The department could list its surveillance requirements, but the act let companies decide how to build their equipment. Justice won the right to petition the Federal Communications Commission if its officials felt that the companies weren't fulfilling their obligations. But civil-liberties groups also secured the right to challenge the government's requirements in court.
It was a true compromise, hard won but workable. For Berman, principled pragmatism had carried the day. For others, however, the compromise had given away too much.
The board of the Electronic Frontier Foundation had seen the proverbial legislative sausage being made and found it distasteful. Even though the directors had agreed to every aspect of the law, which Berman explained to them, within weeks after its passage he left the EFF and formed his own outfit, the Center for Democracy and Technology, to continue his brand of lobbying. The EFF pulled up stakes in Washington the following year and moved to San Francisco, where it continues to play a leading role in supporting lawsuits against telecommunications companies -- most notably AT&T, its former ally -- for their role in assisting the government with warrantless wiretapping after the 9/11 attacks.
At the time, Berman confided to Kallstrom, whom he thought had always acted in good faith for the FBI, "My work on CALEA got me fired."
Kallstrom was apparently happy to see his more idealistic opponents leave town. "You didn't get fired, Jerry," he replied. "You got promoted."
Making Demands
Had the FBI and the Justice Department stopped there, had the government settled for secure access to phone networks, the history of Internet privacy and civil liberties might have turned out differently. But just weeks after President Clinton signed CALEA in January 1995, conflict erupted between the government and the phone carriers over the kind of network access the law provided. The raft of compromise that had carried the deal sprung a leak.
FBI officials knew in 1994 that they were making a mistake by leaving cyberspace out of CALEA. They understood the Internet's potential as a communications device and an intelligence tool -- that is, after all, why CALEA's authors exempted "information services."
"Did we know that it was idiotic to carve that out?" Kallstrom asks now. "Yes, we did." Criminals have always been among the first to embrace new technology. It was foolish to think that they wouldn't turn to the Internet for any number of nefarious gambits. But, Kallstrom says, government officials opted "to fight another day" over Internet access. Privacy advocates were dragging their feet in the negotiations. Delay would invite more debate, probably more hearings, and possibly a less favorable outcome. The political decision was made: "Let's take what we can get here."
In early 1995, the Justice Department issued its list of requirements for wiretapping, known as the punch list. Not surprisingly, many telecom executives and their attorneys viewed the demands as unreasonable. Al Gidari, a lawyer representing the wireless industry, was among the first to see the FBI's requirements, during the initial meeting to develop standards for CALEA, which was held that spring in Vancouver, British Columbia. The Justice Department's wish list, he said, amounted to "the Cadillac of wiretaps."
"Everything they could ever think of to gold plate and put on the Cadillac was in that document," Gidari recalls. Meeting its expectations represented "an exponential increase in complexity, not a linear increase.... They were very dictatorial ... technical requirements -- the very thing that Congress said it wasn't up to [the FBI] to figure out."
The standards meeting was tense and awkward, and the sides were unevenly matched. Gidari recalls a dozen or more FBI agents, in neat blue suits, all buttoned down and looking ready to roll over anyone who stood in their way. Arrayed on the opposite side of the table was a group of laid-back and casually dressed network engineers from all the major telecom equipment manufacturers and carriers that was tasked with the unenviable job of telling the bureau that the industry planned to build a much less complex system. It wasn't what the FBI agents wanted to hear.
Over the next few years, the Justice Department continued to seek increasingly sophisticated surveillance capabilities, including real-time geographical tracking of mobile phones; the ability to monitor all parties in a conference call regardless of whether they are on hold or participating; and "dialed digit extraction," a record of any numbers that a subject under surveillance punched in during a call, such as a credit card or bank account number. The government got a lot of what it wanted, but not all.
To be sure, criminals' use of new technologies helped drive the law enforcement demands. But telecom carriers worried that the cost of compliance was too high and that the FBI's technical requirements were illegally broad. CALEA, they argued, had forbidden the government from requiring specific system designs or technologies.
The FCC's Turn
Justice, frustrated by its inability to get all the demands on the punch list, finally asked the FCC to step in. In 1997, the Cellular Telecommunications Industry Association, which then represented mobile carriers, and the Center for Democracy and Technology complained to the commission that the negotiations had deadlocked because of "unreasonable demands by law enforcement for more surveillance features than either CALEA or the wiretap laws allow." The FCC, however, sided with the Justice Department on a host of requirements that privacy groups found overly broad. The tussle dragged on for two more years and ended up in the U.S. Court of Appeals for the District of Columbia Circuit, which overruled the FCC. After the commission took up matters again, it granted some of the FBI's requests, and the CALEA standards were amended.
When Justice Department officials reported to Congress on CALEA implementation in January 1998, no manufacturer of telecom equipment said that the FBI's demands were impossible to meet, but they did say that complying would be difficult and very expensive. (Although Congress had set aside $500 million to reimburse companies for retrofitting their networks, the law required the carriers to bear the cost of compliance on any equipment put in place after CALEA was enacted. Several experts believe that the final cost for compliance on telephone networks has been two to eight times the amount originally allotted.)
The level of government surveillance was so low at that time that some questioned why the FBI wanted such multifaceted access at all. In 1994, federal and state authorities were running 1,154 wiretaps nationwide, mostly for drug investigations, at an average cost of $50,000. The government was asking carriers to "design a nuclear rocket ship" for a rarely used tool, Gidari thought. "In [the FBI's] view, there was no limit to the expense the carrier should spare in order to save a life."
CALEA continued to evolve, shaped by the ongoing arguments over the terms of its birth. Activists and carriers thought that the FBI was reneging on its bargain, asking for more than the law allowed. The FBI believed that carriers were stalling when they failed to meet compliance deadlines. As all sides dug in, the meetings on implementation turned bitter. FBI and Justice officials slammed their hands on tables and screamed at carrier representatives, Gidari recalls. "You're unpatriotic! What do you want to do, help the criminals?"
The government asked those same questions after September 11, 2001. And this time, telecommunications carriers responded. Outside the normal FISA warrant process, which covers intelligence-gathering, carriers opened access to their networks, their customer call data, and their valuable transactional information -- the kind that CALEA had intended to exclude. President Bush and his administration believed that the extraordinary nature of the terrorist attacks demanded emergency actions that FISA couldn't accommodate, and the carriers answered the call from law enforcement and intelligence agencies. But government officials also seized on the post-9/11 mentality to change other surveillance laws and procedures, which they believed -- just as their predecessors did in 1994 -- were out of step with technology and reality. About three years after 9/11, officials set their sights on rewriting CALEA.
Claiming The Internet
In August 2004, in response to a petition by the Justice Department, the FBI, and the Drug Enforcement Administration, the FCC expanded CALEA to cover Internet communications, including voice calls and instant messages. The Electronic Frontier Foundation sued, along with industry, civil-liberties, and academic groups. In 2005, the Court of Appeals ruled 2-1 to defer to the FCC's reading of the law.
Many of those who had helped craft CALEA believed that the commission had misread the law and acted on a post-9/11 impulse to give the government more, not less, access to information. But to the FCC, new Internet technologies that operate a lot like telephones blurred the distinction between "information services" and the kinds of technology that CALEA was meant to cover.
After 9/11, law enforcement and intelligence agencies took a variety of measures, apart from wiretaps, to collect and mine potentially valuable information from the Internet. With the cooperation of telecom companies, government accumulated lots of transactional data -- including e-mail header information and lists of websites visited by targeted individuals -- to support counter-terrorism operations. Viewed solely as a reaction to the terrorist attacks of 2001, this kind of collection might seem extraordinary. But through the longer lens of history, the government's steady march into cyberspace is not surprising.
Law enforcement agencies have never suffered for lack of access to the phone network. Kallstrom recalls only a few instances in which agents were unable to execute a wiretap order because of new technology. But as digital, mobile technology has proliferated, the copper lug nuts that Kallstrom remembers from the 1980s have disappeared. Today, state and federal agents spend most of their tap time on mobile devices. In 1994, most wiretaps, by far, targeted private residences. There were few taps on mobile devices. Ten years later, 88 percent of the 1,710 wiretaps were on mobile devices. Only 5 percent were on residential lines. Without CALEA, some experts believe that Kallstrom's initial fears would have come true and the federal government would have been shut out of the wiretapping business.
Jerry Berman never wanted that to happen. Although he cannot accept that the law that was meant to minimize the government's influence over the Internet is now being used to facilitate it, he is willing to negotiate on CALEA again, if that is what's necessary to satisfy all parties.
That willingness to talk extends to FISA, as well, and Berman's Center for Democracy and Technology has been actively involved in the current agitations over the law. But whenever he and his cohorts have extended the hand of compromise to Congress or the administration, he says, they have been disappointed. Any attempt to revamp FISA, or to clarify CALEA, "is impossible in the current climate," Berman says. "There is no sense that you could get the kind of negotiation we got in 1994."
FISA And CALEA
One has to wonder how strong that spirit of compromise really was in 1994, and whether it was already ebbing. If the FBI was willing to take what it could get on CALEA and go on to fight another day, did the government really "settle" at all? Literally weeks after CALEA was signed the Justice Department and the FBI came roaring back with new demands. What killed the penchant for negotiation? Was it the moderates' loss of power in both political parties after the 1994 Republican revolution? Was it the entrenchment of civil-liberties activists? Was it the Bush White House's extravagant interpretation of executive power? Was it 9/11?
Berman spends a lot of time pondering these questions and thinking about next moves. He divides his time between Washington, where he chairs his group's board of directors, and a home he built on the Cacapon River near Berkeley Springs, W.Va. "We just have people in bunkers now," Berman says ruefully.
The FISA debate is currently hung up on whether companies that assisted warrantless surveillance after 9/11 should have retroactive legal immunity for any laws they may have broken. CALEA has something to say about that, too. The law requires that carriers be able to deliver call identification information to the government remotely. According to Beryl Howell, Sen. Leahy's lead CALEA staffer, that provision was meant to keep government agents from sitting in the phone companies' offices to execute their wiretaps.
It is a basic tenet of wiretapping law, whether for intelligence or law enforcement, that the communications companies act as a buffer between their customers and the government, she says, and that telecom carriers must make their own determination whether official requests are, in fact, legal. That the companies would now assert, in defense of their cooperation, that the government determined that post-9/11 requests were legal, strikes Howell as outrageous.
If ever there was a time for the bare-knuckled negotiations of the past, it's now. It's not at all clear, though, who could play the role of Jerry Berman, the one to bring people into the room to scream and yell at each other and emerge feeling better for it -- and possibly even coming to a compromise. As things stand, Congress appears more likely to punt the FISA debate to the new administration, and has shown little interest in revisiting CALEA.
The constant tension that once kept this system in balance has reached a breaking point. There is no push and pull. Maybe the stakes are too high for compromise. But until that spirit returns, Berman says, "there will be no peace."
Published in National Journal
Friday, April 04, 2008
In the old days, everyone was linked to a lug nut, and Jim Kallstrom liked it that way.
It was 1985, a simpler time for a cop like Kallstrom, who was in charge of setting telephone wiretaps on suspected drug dealers and mobsters for the FBI's New York City field office. In New York, Kallstrom's cases were often won on the basis of incriminating evidence surreptitiously snatched from the mouths of criminal defendants through their phone lines. With a mere 203,000 Americans using mobile phones, people were still tied to the ground, and that gave Kallstrom's world a certain comforting order.
On any given day, he could stand on a street corner in Manhattan, gaze up at an apartment building with its neat rows and columns of units stacked atop each other, and know that inside each one there was a telephone, tethered by thin copper wire to a single point, sometimes several miles away. In his mind's eye, Kallstrom could have imagined shrinking himself to the size of an electron and traveling over the phone line, down to the bottom of the building, then shooting beneath the streets, until he ended up in the basement of the telephone company's switching station. There, the wire emerged, pegged to a rack by a single copper lug nut. Acres of racks lined the walls, each holding rows and columns of lug nuts and their wires, neatly stacked atop each other -- the city of New York in analog miniature.
With a warrant in hand, Kallstrom could tell the technicians at the phone office, with whom he had become friendly over the years, "Go up on RR326." The tech would walk to the rack, find the wire, and clamp on a listening device. Instantly, Kallstrom became an invisible interloper.
FBI agents and federal prosecutors depended on these legal wiretaps to penetrate drug cartels, incriminate money launderers, and spy on mob families. And they needed to be absolutely certain that the line they were on belonged to the suspected dealer, or launderer, or capo named in the court-approved warrant. Not the guy in the apartment next door. Not someone down the block. This guy. This phone. RR326. Lest the agents violate a judge's order, and perhaps land themselves in jail, this had to be the very same line that snaked back through the subterranean maze of Manhattan, through all those blocks of concrete caverns, back to that certain apartment building, up through the walls and out of the jack and into the phone that was in the hand and next to the mouth of Kallstrom's target. It was, by design and necessity, a neat, specific system.
And then it all went sideways.
Kallstrom's friends in the phone company put him on notice in 1985: Over the next few years, those racks and stacks of wires and lug nuts would be swept into the technological dustbin. The telephone network was going digital. Technicians would no longer stand at a rack; they would sit at a keyboard. In some parts of the country that had already made the change, phone calls were traveling as a stream of 1's and 0's. Thousands of lines commingled in a single computer. When New York went digital, the phone techs told Kallstrom, they would no longer be able to tap him directly into RR326. In fact, they couldn't even tell him for sure where RR326 resided in this new engineering matrix.
At the same time that the phone companies were preparing for the transition to digital, the use of cellphones -- which were inherently harder to tap because they used phone lines differently than analog devices -- mushroomed. From 1985 to '86, the number of registered mobile-phone subscribers in the United States doubled to 500,000. Within two years after that, the number climbed to 1.6 million. By the end of the decade, the cellphone universe had skyrocketed past 4 million.
Organized crime was an early adopter of the mobile phone. In a communications technique presaging that of Islamic terrorists today, members of the Colombian Cali drug cartel operating in New York would briefly use a phone, toss it, and get a new one. To tap a mobile device, technicians had to install listening equipment on the new version of a lug nut -- an "electronic port." But in most switching stations in New York, there were only half a dozen or so ports available at any one time. Federal prosecutors and agents had to stand in line at phone company offices and fight with each other over whose investigation should take priority. Some prosecutors threatened to haul company employees into court on contempt charges so they could explain to a judge why the phone company was unwilling to execute a wiretap order.
Electronic surveillance, once such a dependable, relatively easy craft, was becoming inordinately difficult, Kallstrom thought. The phone companies, whose annual revenues from mobile subscriptions were cresting over $2 billion in the late 1980s, showed little willingness to make the FBI's life easier. As the 1990s approached, with the promise of more digitization and more mobility, Kallstrom called his bosses in Washington: "If we don't do something, we'll be out of the wiretapping business."
A Battle Begins
Kallstrom may have been the first to alert the FBI and the Justice Department to this new reality. The digital revolution generated a constant tension that exists to this day, a push and pull between the federal government in one camp and technology corporations and civil-liberties activists in the other to control the development of the global communications system, and so the balance of power in the Information Age.
This struggle's latest manifestation is the intensely politicized effort to rewrite the Foreign Intelligence Surveillance Act. At issue is nothing less than the government's authority to broadly monitor communications networks to spot terrorists and other national security threats. The Bush administration finds itself across the battle lines from many of the same groups that more than a decade ago argued that the government was already extending its reach too far into personal conversations in the name of pursuing criminals.
While FISA governs wiretapping for intelligence-gathering purposes, as distinct from law enforcement, surveillance in both worlds follows the same essential philosophy -- the best evidence in a court of law or in an intelligence operation is one's own words. Today's dispute is not very different from the one that occurred during the dawn of digitization in the 1990s. Indeed, both are part and parcel of the same long-running debate.
No one should believe that real-time government surveillance of the communications network is an idea born of the 9/11 attacks or that it results solely from the Bush administration's aggrandizing of executive power. The legal arguments that the government has asserted to support increased surveillance of digital space were first put forth in 1994, under a Democratic president, and they had little to do with the threat of Islamic extremism.
Nor should anyone mistake the roots of the vociferous opposition to today's wiretapping from civil libertarians and privacy advocates. Many of these groups and their allies have been battling to restrict the government's use of new, potentially invasive technologies for a generation. The Bush White House is only their latest adversary, albeit the most formidable. These activists and their allies in the business world have been motivated by different but mutually supportive goals: to extend constitutional safeguards to the digital realm, and to keep the government from suffocating technological development with burdensome surveillance laws. Some in those ranks would have liked, and indeed tried, to make the digital network a wiretap-free zone.
But despite the occasionally extreme positions and deeply held convictions of all of these players, the most important laws governing wiretapping, electronic surveillance, and privacy have been the product of negotiation, of people gathering in a room, sitting at a table, and talking -- sometimes screaming -- until they reached a settlement. The current debate, however, is missing that crucial spirit. Whereas before, adversaries trusted each other enough at a basic level to make deals, however temporary, today's opposing sides seem unwilling to compromise to pass new surveillance laws that the nation can live with. It's not entirely clear where or why minds turned so stubborn. But to understand today's political calcification, it helps to recall a simpler time.
The Art Of Compromise
Jerry Berman was a veteran of the privacy wars, seemingly born for the role of liberal, dogmatic activist. In the early 1950s, his father, a labor leader, was investigated by the House Un-American Activities Committee. A native of Hawaii, the younger Berman moved with his family to California, where he enrolled at the University of California (Berkeley). After earning his bachelor's and master's, and, in 1967, his law degree, Berman began lobbying for the American Civil Liberties Union. He became an authority on the intersection of national security and technology, schooled by the exposure of illegal FBI spying operations aimed at political organizations, war protesters, and leftist activists. In 1978, Berman helped to craft the Foreign Intelligence Surveillance Act, which set new restrictions on the government's domestic intelligence-gathering. He was present at the creation of several important pieces of surveillance legislation, and he helped secure individual privacy protections.
In playing his role, Berman didn't adhere to a hard-and-fast position but instead embraced his own brand of "principled pragmatism." By his logic, the interests of privacy and national security were not incompatible. If all sides -- government, industry, civil-liberties activists -- could find ways to "maximize the good and minimize the harm," as he liked to say, they could strike a satisfactory balance and create workable laws. This idea guided his work on FISA and other legislation, sometimes to the consternation of more-ideological activists who employed him to lobby Congress on their behalf.
Perhaps that was because principled pragmatism recognized an unsavory reality: In Washington, those who show up to play the game make the rules. Negotiation requires sacrifice. Sacrifice requires flexibility. Some people would rather break than bend. But compromise is how things get done, and Berman accepted it. As a colleague summarized Berman's general approach to lawmaking, "You can stand on your principle and get your ass handed to you, or you can engage in the process and get a better deal."
In the summer of 1994, the FBI and the Justice Department made a bold play to force the telecom carriers to help them conduct legal wiretaps. They put forth a proposal that would require the companies to build their networks so that law enforcement agents serving a warrant could access them in real time. The legality of wiretapping was not in question. The government wanted legal assurance that it could tap, at any time, and that the industry had an obligation under law to comply with the government's proper authority.
No more computer-related hassles, no more standing in line to plug into mobile-phone ports. Law enforcement agents, federal spymasters, and prosecutors wanted a comprehensive remedy to what they called the "digital telephony" problem. Their chief advocates were Kallstrom and Louis Freeh, the recently appointed FBI director, a former special agent and federal prosecutor who had used wiretaps to secure convictions in some of the most complicated organized-crime investigations in history. Freeh personally pushed for the new law, showing up unannounced in reluctant lawmakers' offices to press them for support and even sitting in on committee markups -- an unprecedented move for an FBI director -- to stare members down.
Clipper Chip
The 1994 proposal was only the latest in a series of government efforts to strengthen its control of the telecommunications network. In the late 1980s, Justice officials had gotten as far as placing language in an anti-crime bill that would have allowed the attorney general to set standards for telecommunications equipment, effectively making that federal official the network's architect-in-chief. (The bill did not pass.)
In 1993, Bill Clinton, in one of his first presidential directives, announced that engineers at the National Security Agency, the intelligence community's electronic surveillance arm, had developed a cutting-edge microcircuit, called the "Clipper" chip, to scramble telephone conversations. The administration intended to promote the installation of the Clipper technology in U.S. telephones, and planned to hold "in escrow" the digital keys to decrypt any conversation. In other words, the federal government would build the lock and keep the key, an idea that inspired a reaction somewhere between outrage and apoplexy among technologists and privacy advocates, who ultimately killed the idea.
In that atmosphere of hostility and skepticism, Berman went to work. Beginning in August 1994, he convened a series of meetings with senior law enforcement officials under the auspices of a privacy and security coalition he had formed with more than four dozen activist groups and technology companies -- including the biggest telecom provider of all, AT&T -- plus the U.S. Telephone Association, IBM, and software makers such as Microsoft. The goal was to resolve differences over the government's proposal to ensure federal access to telecommunications networks. Berman also brought in two powerful Democratic lawmakers and noted civil libertarians, Sen. Patrick Leahy of Vermont and then-Rep. Don Edwards, whose district included California's Silicon Valley. Everyone in the negotiating room had some familiarity with technology issues, and professional experience in law enforcement or Justice Department oversight.
The meetings featured intense, nitty-gritty debates over the technical aspects of the law. The FBI wanted guarantees that the telecom system would never mature beyond the reach of its wiretaps. Some companies saw this as heavy-handed regulation, and a number of telecom officials shared the activists' belief that the government was in fact after a permanent covert backdoor into the phone system. The negotiations helped to somewhat dampen the suspicions, however, and the talks went forward because no one in the room disagreed with the fundamental premise that the government had the right to wiretap.
But outside of the meetings, divisions festered among the interest groups. Berman represented the Electronic Frontier Foundation, which champions the public interest in the digital realm, but its board couldn't decide whether compromise was prudent or perilous. Berman felt he had to persuade his colleagues, in another series of heated meetings, to work in the middle. To him, that meant that the legislative negotiations would follow an inviolate principle: We will only craft solutions to known problems. No writing of laws aimed at encompassing future problems. If the FBI has difficultly accessing the public telephone network, then the law will address only that public telephone network.
In addition to identifying a philosophical guideline, this approach served a more strategic goal -- to keep the FBI's hands off the Internet, which was so new in 1994 as to be practically notional. Internet service providers such as America Online and Prodigy had only a handful of subscribers, and the first Web browser had been released that year, in a beta test version. Still, Berman and others knew that the FBI would never willingly agree to stay off the information superhighway, because Internet-based information held tremendous potential value for law enforcement.
During one meeting, David Johnson, a lawyer who had helped to craft the Electronic Communications Privacy Act in 1986, held up a glass jar full of rocks and asked, "How many of you would say this jar is full?" Most people agreed that it was. Johnson took a fistful of pebbles and dropped them into the jar. They tinkled down through the rocks, finding resting places in the empty spaces. Then he poured sand into the jar. As it cascaded into the empty spaces, Johnson told the onlookers that the sand was like the unseen, seemingly insignificant "transactional data" that traveled on the Internet. Transactional data includes the routing information for a text-based message -- where it comes from, where it goes, and what path it follows -- and the series of digits that make up an Internet address. This information would someday be of enormous value to the government, he said, just as phone call records, as opposed to actual conversations, already were. The transactional data were small but meaningful -- like the tiny grains of sand that kept filling the volume of the jar.
CALEA
Johnson's vivid illustration convinced many of the participants that the new law mustn't extend too far. Again, the issue wasn't whether law enforcement had a right to information but how much power the government should have over the means to get it. Leahy and Edwards, who formally introduced the legislation shortly thereafter, declared that it would apply solely to the public telephone network. The law specifically exempted "information services," which the parties agreed included Internet companies and electronic-messaging technologies.
The Communications Assistance for Law Enforcement Act passed in the closing days of the 103rd Congress, two weeks before Republicans won control of both chambers in November 1994. CALEA (pronounced kuhLEEuh) would let the industry set its own standards to meet the Justice Department's needs. The department could list its surveillance requirements, but the act let companies decide how to build their equipment. Justice won the right to petition the Federal Communications Commission if its officials felt that the companies weren't fulfilling their obligations. But civil-liberties groups also secured the right to challenge the government's requirements in court.
It was a true compromise, hard won but workable. For Berman, principled pragmatism had carried the day. For others, however, the compromise had given away too much.
The board of the Electronic Frontier Foundation had seen the proverbial legislative sausage being made and found it distasteful. Even though the directors had agreed to every aspect of the law, which Berman explained to them, within weeks after its passage he left the EFF and formed his own outfit, the Center for Democracy and Technology, to continue his brand of lobbying. The EFF pulled up stakes in Washington the following year and moved to San Francisco, where it continues to play a leading role in supporting lawsuits against telecommunications companies -- most notably AT&T, its former ally -- for their role in assisting the government with warrantless wiretapping after the 9/11 attacks.
At the time, Berman confided to Kallstrom, whom he thought had always acted in good faith for the FBI, "My work on CALEA got me fired."
Kallstrom was apparently happy to see his more idealistic opponents leave town. "You didn't get fired, Jerry," he replied. "You got promoted."
Making Demands
Had the FBI and the Justice Department stopped there, had the government settled for secure access to phone networks, the history of Internet privacy and civil liberties might have turned out differently. But just weeks after President Clinton signed CALEA in January 1995, conflict erupted between the government and the phone carriers over the kind of network access the law provided. The raft of compromise that had carried the deal sprung a leak.
FBI officials knew in 1994 that they were making a mistake by leaving cyberspace out of CALEA. They understood the Internet's potential as a communications device and an intelligence tool -- that is, after all, why CALEA's authors exempted "information services."
"Did we know that it was idiotic to carve that out?" Kallstrom asks now. "Yes, we did." Criminals have always been among the first to embrace new technology. It was foolish to think that they wouldn't turn to the Internet for any number of nefarious gambits. But, Kallstrom says, government officials opted "to fight another day" over Internet access. Privacy advocates were dragging their feet in the negotiations. Delay would invite more debate, probably more hearings, and possibly a less favorable outcome. The political decision was made: "Let's take what we can get here."
In early 1995, the Justice Department issued its list of requirements for wiretapping, known as the punch list. Not surprisingly, many telecom executives and their attorneys viewed the demands as unreasonable. Al Gidari, a lawyer representing the wireless industry, was among the first to see the FBI's requirements, during the initial meeting to develop standards for CALEA, which was held that spring in Vancouver, British Columbia. The Justice Department's wish list, he said, amounted to "the Cadillac of wiretaps."
"Everything they could ever think of to gold plate and put on the Cadillac was in that document," Gidari recalls. Meeting its expectations represented "an exponential increase in complexity, not a linear increase.... They were very dictatorial ... technical requirements -- the very thing that Congress said it wasn't up to [the FBI] to figure out."
The standards meeting was tense and awkward, and the sides were unevenly matched. Gidari recalls a dozen or more FBI agents, in neat blue suits, all buttoned down and looking ready to roll over anyone who stood in their way. Arrayed on the opposite side of the table was a group of laid-back and casually dressed network engineers from all the major telecom equipment manufacturers and carriers that was tasked with the unenviable job of telling the bureau that the industry planned to build a much less complex system. It wasn't what the FBI agents wanted to hear.
Over the next few years, the Justice Department continued to seek increasingly sophisticated surveillance capabilities, including real-time geographical tracking of mobile phones; the ability to monitor all parties in a conference call regardless of whether they are on hold or participating; and "dialed digit extraction," a record of any numbers that a subject under surveillance punched in during a call, such as a credit card or bank account number. The government got a lot of what it wanted, but not all.
To be sure, criminals' use of new technologies helped drive the law enforcement demands. But telecom carriers worried that the cost of compliance was too high and that the FBI's technical requirements were illegally broad. CALEA, they argued, had forbidden the government from requiring specific system designs or technologies.
The FCC's Turn
Justice, frustrated by its inability to get all the demands on the punch list, finally asked the FCC to step in. In 1997, the Cellular Telecommunications Industry Association, which then represented mobile carriers, and the Center for Democracy and Technology complained to the commission that the negotiations had deadlocked because of "unreasonable demands by law enforcement for more surveillance features than either CALEA or the wiretap laws allow." The FCC, however, sided with the Justice Department on a host of requirements that privacy groups found overly broad. The tussle dragged on for two more years and ended up in the U.S. Court of Appeals for the District of Columbia Circuit, which overruled the FCC. After the commission took up matters again, it granted some of the FBI's requests, and the CALEA standards were amended.
When Justice Department officials reported to Congress on CALEA implementation in January 1998, no manufacturer of telecom equipment said that the FBI's demands were impossible to meet, but they did say that complying would be difficult and very expensive. (Although Congress had set aside $500 million to reimburse companies for retrofitting their networks, the law required the carriers to bear the cost of compliance on any equipment put in place after CALEA was enacted. Several experts believe that the final cost for compliance on telephone networks has been two to eight times the amount originally allotted.)
The level of government surveillance was so low at that time that some questioned why the FBI wanted such multifaceted access at all. In 1994, federal and state authorities were running 1,154 wiretaps nationwide, mostly for drug investigations, at an average cost of $50,000. The government was asking carriers to "design a nuclear rocket ship" for a rarely used tool, Gidari thought. "In [the FBI's] view, there was no limit to the expense the carrier should spare in order to save a life."
CALEA continued to evolve, shaped by the ongoing arguments over the terms of its birth. Activists and carriers thought that the FBI was reneging on its bargain, asking for more than the law allowed. The FBI believed that carriers were stalling when they failed to meet compliance deadlines. As all sides dug in, the meetings on implementation turned bitter. FBI and Justice officials slammed their hands on tables and screamed at carrier representatives, Gidari recalls. "You're unpatriotic! What do you want to do, help the criminals?"
The government asked those same questions after September 11, 2001. And this time, telecommunications carriers responded. Outside the normal FISA warrant process, which covers intelligence-gathering, carriers opened access to their networks, their customer call data, and their valuable transactional information -- the kind that CALEA had intended to exclude. President Bush and his administration believed that the extraordinary nature of the terrorist attacks demanded emergency actions that FISA couldn't accommodate, and the carriers answered the call from law enforcement and intelligence agencies. But government officials also seized on the post-9/11 mentality to change other surveillance laws and procedures, which they believed -- just as their predecessors did in 1994 -- were out of step with technology and reality. About three years after 9/11, officials set their sights on rewriting CALEA.
Claiming The Internet
In August 2004, in response to a petition by the Justice Department, the FBI, and the Drug Enforcement Administration, the FCC expanded CALEA to cover Internet communications, including voice calls and instant messages. The Electronic Frontier Foundation sued, along with industry, civil-liberties, and academic groups. In 2005, the Court of Appeals ruled 2-1 to defer to the FCC's reading of the law.
Many of those who had helped craft CALEA believed that the commission had misread the law and acted on a post-9/11 impulse to give the government more, not less, access to information. But to the FCC, new Internet technologies that operate a lot like telephones blurred the distinction between "information services" and the kinds of technology that CALEA was meant to cover.
After 9/11, law enforcement and intelligence agencies took a variety of measures, apart from wiretaps, to collect and mine potentially valuable information from the Internet. With the cooperation of telecom companies, government accumulated lots of transactional data -- including e-mail header information and lists of websites visited by targeted individuals -- to support counter-terrorism operations. Viewed solely as a reaction to the terrorist attacks of 2001, this kind of collection might seem extraordinary. But through the longer lens of history, the government's steady march into cyberspace is not surprising.
Law enforcement agencies have never suffered for lack of access to the phone network. Kallstrom recalls only a few instances in which agents were unable to execute a wiretap order because of new technology. But as digital, mobile technology has proliferated, the copper lug nuts that Kallstrom remembers from the 1980s have disappeared. Today, state and federal agents spend most of their tap time on mobile devices. In 1994, most wiretaps, by far, targeted private residences. There were few taps on mobile devices. Ten years later, 88 percent of the 1,710 wiretaps were on mobile devices. Only 5 percent were on residential lines. Without CALEA, some experts believe that Kallstrom's initial fears would have come true and the federal government would have been shut out of the wiretapping business.
Jerry Berman never wanted that to happen. Although he cannot accept that the law that was meant to minimize the government's influence over the Internet is now being used to facilitate it, he is willing to negotiate on CALEA again, if that is what's necessary to satisfy all parties.
That willingness to talk extends to FISA, as well, and Berman's Center for Democracy and Technology has been actively involved in the current agitations over the law. But whenever he and his cohorts have extended the hand of compromise to Congress or the administration, he says, they have been disappointed. Any attempt to revamp FISA, or to clarify CALEA, "is impossible in the current climate," Berman says. "There is no sense that you could get the kind of negotiation we got in 1994."
FISA And CALEA
One has to wonder how strong that spirit of compromise really was in 1994, and whether it was already ebbing. If the FBI was willing to take what it could get on CALEA and go on to fight another day, did the government really "settle" at all? Literally weeks after CALEA was signed the Justice Department and the FBI came roaring back with new demands. What killed the penchant for negotiation? Was it the moderates' loss of power in both political parties after the 1994 Republican revolution? Was it the entrenchment of civil-liberties activists? Was it the Bush White House's extravagant interpretation of executive power? Was it 9/11?
Berman spends a lot of time pondering these questions and thinking about next moves. He divides his time between Washington, where he chairs his group's board of directors, and a home he built on the Cacapon River near Berkeley Springs, W.Va. "We just have people in bunkers now," Berman says ruefully.
The FISA debate is currently hung up on whether companies that assisted warrantless surveillance after 9/11 should have retroactive legal immunity for any laws they may have broken. CALEA has something to say about that, too. The law requires that carriers be able to deliver call identification information to the government remotely. According to Beryl Howell, Sen. Leahy's lead CALEA staffer, that provision was meant to keep government agents from sitting in the phone companies' offices to execute their wiretaps.
It is a basic tenet of wiretapping law, whether for intelligence or law enforcement, that the communications companies act as a buffer between their customers and the government, she says, and that telecom carriers must make their own determination whether official requests are, in fact, legal. That the companies would now assert, in defense of their cooperation, that the government determined that post-9/11 requests were legal, strikes Howell as outrageous.
If ever there was a time for the bare-knuckled negotiations of the past, it's now. It's not at all clear, though, who could play the role of Jerry Berman, the one to bring people into the room to scream and yell at each other and emerge feeling better for it -- and possibly even coming to a compromise. As things stand, Congress appears more likely to punt the FISA debate to the new administration, and has shown little interest in revisiting CALEA.
The constant tension that once kept this system in balance has reached a breaking point. There is no push and pull. Maybe the stakes are too high for compromise. But until that spirit returns, Berman says, "there will be no peace."
Published in National Journal
Labels: Foreign Intelligence Surveillance Act, Intelligence, Law, Politics, Technology, Terrorism
Full Article
NSA Sought Data Before 9/11
Friday, November 02, 2007
Beginning in February 2001, almost seven months before the 9/11 terrorist attacks, the government's top electronic eavesdropping organization, the National Security Agency, asked a major U.S. telecommunications carrier for information about its customers and the flow of electronic traffic across its network, according to sources familiar with the request. The carrier, Qwest Communications, refused, believing that the request was illegal unless accompanied by a court order.
After terrorists attacked the United States on September 11, the NSA again asked Qwest, as well as other telecom companies, for similar information to help the agency track suspects with the aim of preventing future attacks, current and former officials have said. The companies responded in various ways, with Qwest being the most reluctant to cooperate. However, in February 2001, the NSA's primary purpose in seeking access to Qwest's network apparently was not to search for terrorists but to watch for computer hackers and foreign-government forces trying to penetrate and compromise U.S. government information systems, particularly within the Defense Department, sources said. Government officials have long feared a "digital Pearl Harbor" if intruders were to seize control of these systems or other key U.S. infrastructures through the Internet.
A former White House official, who at the time was involved in network defense and other intelligence programs, said that the early 2001 NSA proposal to Qwest was, "Can you build a private version of Echelon and tell us what you see?" Echelon refers to a signals intelligence network operated by the NSA and its official counterparts in Australia, Canada, New Zealand, and the United Kingdom.
The NSA realized that it was blind to many of the new online threats and to who was using the privately owned telecom networks, and it thought that Qwest was in a position to help. The agency needed better intelligence in the face of a burgeoning Internet, and Qwest was then building a high-speed network for phone and Internet traffic that had caught the attention of senior intelligence officials. The NSA, in effect, wanted Qwest to be the agency's online eyes and ears.
Another source said that the NSA wanted to analyze the calls, e-mails, and other transmissions crossing Qwest's lines, to detect patterns of suspicious activity. Telecom carriers routinely monitor their networks for fraudulent activity, the former White House official noted, and so the companies "have an enormous amount of intelligence-gathering" capability. They don't have to target individual customers to "look for wacky behavior," or "groups communicating with each other in strange patterns." That information could augment intelligence that the NSA and other agencies were gathering from other sources, the former official said.
Qwest's then-chief executive officer, Joseph Nacchio, rejected the NSA's request. "He didn't want to go along with that," and his refusal was not greeted warmly in the intelligence community, the former White House official said. Another source, a former high-ranking intelligence official, said that other companies, both before and after 9/11, had less of a problem complying with government requests if they were accompanied by a legal order. The ex-official added that some companies were willing to offer data and to assist the government "as necessary" on a voluntary basis, without a court order.
Nacchio has said publicly that the NSA asked Qwest for customer records after the 2001 terrorist attacks. But the nature of the agency's request before 9/11 has not been disclosed previously. Sources familiar with the activities spoke to National Journal on the condition of anonymity, because the work is still classified.
By early 2001, the NSA was aware of the growing threat of terrorism and was monitoring communications among Al Qaeda members overseas. But the agency, the Defense Department, and the White House also feared Internet-based attacks on U.S. government installations, and they believed that other countries were increasingly interested in cyberspace as a battlefield.
At the same time, the NSA was hesitant to conduct any surveillance activities that might violate long-standing prohibitions on domestic intelligence-gathering without court orders. One way to get the information that the agency and others deemed necessary for network defense was from the telecom carriers.
Nacchio, it appears, believed that the NSA's pre-9/11 request for access to Qwest's network was illegal. The former White House official said that the intelligence-gathering was not targeted at Qwest's U.S. customers, but he acknowledged that handing over customer information without a lawful order could violate the Electronic Communications Privacy Act, a 1986 law that extended wiretapping restrictions on phone calls to include electronic information transmitted by and stored in a computer.
After 9/11, that law was amended by the USA PATRIOT Act, and it became easier for the government to obtain certain private communications. When reports surfaced last year that telecom carriers were participating in a post-9/11 NSA program to analyze customer calling patterns for terrorism indicators, Nacchio's attorney stated publicly that Qwest had refused "to make private telephone records of Qwest customers available to the NSA immediately following [enactment of] the Patriot Act." Nacchio had concluded that the NSA's requests violated the privacy requirements of another law, the Telecommunications Act, his attorney said.
The question of Qwest's involvement with the NSA before 9/11 has surfaced in recent weeks because of Nacchio's appeal of his criminal conviction on 19 counts of insider trading. Nacchio was sentenced to six years in prison in July, but he remains free pending his appeal. He contends that the NSA retaliated against Qwest for not complying with its request by denying the company work under a multibillion-dollar program called Groundbreaker, which outsourced the NSA's unclassified information-technology systems. Federal prosecutors deny that allegation, noting that Qwest was a member of the team that ultimately won the Groundbreaker deal in August 2001.
Nacchio wasn't allowed to use his retaliation argument at his trial. But details of Qwest's interactions with the NSA, as well as years of work that the company performed for the Defense Department and the intelligence community, are contained in legal documents filed by his defense team and made public three weeks ago. Although the documents are partially redacted, they reveal that Qwest aggressively pursued business with the NSA while trying to put off officials' entreaties for more access to the company's network, requests that persisted for years.
The documents state that Nacchio and another senior Qwest executive met with NSA officials at their headquarters at Fort Meade, Md., on February 27, 2001. At this meeting, the agency proposed Qwest's participation in certain activities whose details are redacted from the court documents.
"Nacchio said it was a legal issue, and they should not do something their general counsel told them not to do," according to federal investigators who interviewed the former head of Qwest's government business unit, James F.X. Payne. "Nacchio projected that he might do it if they could find a way to do it legally."
Payne told investigators that the NSA requests came up "in meetings after meetings." Investigators quoted Payne as saying, "There was a feeling also that the NSA acted as agents for other government agencies." Payne could not be reached for comment.
Although the NSA's specific request for an Echelon-like program may have worried Qwest's attorneys, it appears that the company was sharing other kinds of proprietary information about its network with the Pentagon in the months before 9/11.
In May 2001, then-Commerce Secretary Donald Evans told the Senate Appropriations Committee that his department had helped to persuade Qwest to "share proprietary information with the Defense Department to evaluate the vulnerability of its network." (The Commerce Department includes an agency that is responsible for telecom policy.) Qwest, Evans noted, was the largest carrier in the Rocky Mountain corridor. That area is home to some of the military's most important command-and-control facilities, including the U.S. Strategic Command, which oversees nuclear weapons.
By the time the NSA asked for Qwest's assistance in February 2001, the company had become a darling of the Internet Age. Founded in 1988 by Philip Anschutz, who owned the Southern Pacific Railroad, Qwest built the first all-digital, fiber-optic network by laying lines alongside railroad tracks, then linking to terminals in key locations to provide high-speed Internet and data connections.
The Defense Department operates its own classified networks, which are more resistant to attack, but Qwest's network was faster, more expansive, and more technologically advanced. Nacchio's legal documents show that from the late 1990s and into the new century, Qwest was chasing at least two lucrative deals to build private, secure networks for defense and intelligence agencies.
Qwest's first high-level contact with the NSA may have occurred as early as 1997. Late that year, according to Nacchio's legal briefs, Qwest was informed that a military "general officer wanted to meet with Mr. Nacchio." Two weeks later, a three-star (lieutenant) general and his aide showed up at Nacchio's Denver office and told him that they had "heard about Qwest's new network." Nacchio described the operation and "talked about his background at AT&T, with which they were already familiar," the documents state. Nacchio had spent more than a quarter-century with AT&T before taking over at Qwest in 1997.
At some point, the general -- whose name and affiliation are omitted from the documents -- asked to speak privately with Dean Wandry, who led Qwest's government business unit at the time. "The general told Mr. Wandry that he ran the largest telecom operation in the world, he had looked at Qwest's network, and he wanted to use it for government purposes," the documents state. By law, the head of the NSA must be at least a three-star general or a vice admiral. In 1997, Lt. Gen. Kenneth Minihan was the director. He was replaced in 1999 by Lt. Gen. Michael Hayden, who is now a four-star general and the director of the CIA. Hayden declined to be interviewed for this story. An assistant to Minihan, who is now a managing director with Paladin Capital Group, a private equity firm in Washington, said he was unavailable for comment.
A number of former intelligence officials said that the description of a three-star general running the "largest telecom operation in the world" seemed to fit the NSA. In 1997, the Defense Information Systems Agency, which manages a large telecom enterprise, was also run by a lieutenant general. But that agency's operations are smaller than the NSA's. Also, Qwest's first contact with DISA occurred after the 1997 meeting with the unnamed military officer, according to Nacchio's legal filings. Qwest has done unclassified work for DISA, and it received a large contract from the agency as recently as last year.
After the Denver meeting, Wandry told Nacchio "that there was a big opportunity here for Qwest," the court filings state. Nacchio received a security clearance "a short time later." Qwest then received a contract from the agency, which Nacchio wanted to announce publicly. He was "refused permission," the briefs state, but he "understood at the time this was the beginning of a relationship which had enormous potential for future work. This proved increasingly true as time went on."
Qwest certainly worked for the NSA beginning at least in 1999. A search of Internet number registration files shows that the company allocated a portion of its network that year to the Maryland Procurement Office at Fort Meade, which is the NSA's contracting unit. An e-mail from employees in Qwest's government business group, sent in December 1999, requested a meeting with senior executives "to discuss the potential opportunity with the Maryland customer." (DISA, it should be noted, is headquartered in Virginia.) By 2001, the company was pursuing the NSA's Groundbreaker contract. And in March of that year, Payne, who by then was running the company's federal business, wrote in an e-mail to colleagues that Qwest was already a "provider" of telecom services to the NSA through existing contracts.
Meanwhile, concern was rising at the NSA that the proliferating global Internet might become a weapon for U.S. adversaries. As early as June 1998, then-NSA Director Minihan testified before the Senate Governmental Affairs Committee about "a wide array of malicious actors -- including hackers, terrorists, and nation-states," all of whom threatened "users of networked information systems."
Minihan singled out Russia and China; the latter, he said, had already incorporated cyber-warfare into its military training. He also pointed to the emergence of "transnational security challenges," including terrorism, drug trafficking, and international organized crime. "These opportunists, enabled by the explosion of technology and the availability of inexpensive, secure means of communication, pose a significant threat to the interests of the United States and its allies," Minihan said.
A former senior NSA official said that the agency also worried that because these groups understood privacy laws so well, they knew how to avoid detection and could predict what the NSA would, and wouldn't, do to track them. "There was such a nuanced understanding of how to tie us in knots and use American law against us, that there were certainly pockets of people saying, 'We've got to be assertive; we've got to be more aggressive on this,' " the former official said.
Hayden, who ran the NSA from 1999 to 2005, was well known for his willingness to push operations to the legal edge. "We're pretty aggressive within the law," Hayden said in public remarks after 9/11. "As a professional, I'm troubled if I'm not using the full authority allowed by law."
Hayden has repeated that refrain since the attacks. But former intelligence officials doubted that he would have authorized any request to Qwest, or other companies, that he believed violated the law. They noted, however, that many in the agency had long thought that monitoring "metadata," such as a phone number, the length of a call, or a series of calls placed from a particular phone, didn't implicate privacy because such information didn't constitute the "content" of a message -- its written or spoken words.
Published in National Journal
Friday, November 02, 2007
Beginning in February 2001, almost seven months before the 9/11 terrorist attacks, the government's top electronic eavesdropping organization, the National Security Agency, asked a major U.S. telecommunications carrier for information about its customers and the flow of electronic traffic across its network, according to sources familiar with the request. The carrier, Qwest Communications, refused, believing that the request was illegal unless accompanied by a court order.
After terrorists attacked the United States on September 11, the NSA again asked Qwest, as well as other telecom companies, for similar information to help the agency track suspects with the aim of preventing future attacks, current and former officials have said. The companies responded in various ways, with Qwest being the most reluctant to cooperate. However, in February 2001, the NSA's primary purpose in seeking access to Qwest's network apparently was not to search for terrorists but to watch for computer hackers and foreign-government forces trying to penetrate and compromise U.S. government information systems, particularly within the Defense Department, sources said. Government officials have long feared a "digital Pearl Harbor" if intruders were to seize control of these systems or other key U.S. infrastructures through the Internet.
A former White House official, who at the time was involved in network defense and other intelligence programs, said that the early 2001 NSA proposal to Qwest was, "Can you build a private version of Echelon and tell us what you see?" Echelon refers to a signals intelligence network operated by the NSA and its official counterparts in Australia, Canada, New Zealand, and the United Kingdom.
The NSA realized that it was blind to many of the new online threats and to who was using the privately owned telecom networks, and it thought that Qwest was in a position to help. The agency needed better intelligence in the face of a burgeoning Internet, and Qwest was then building a high-speed network for phone and Internet traffic that had caught the attention of senior intelligence officials. The NSA, in effect, wanted Qwest to be the agency's online eyes and ears.
Another source said that the NSA wanted to analyze the calls, e-mails, and other transmissions crossing Qwest's lines, to detect patterns of suspicious activity. Telecom carriers routinely monitor their networks for fraudulent activity, the former White House official noted, and so the companies "have an enormous amount of intelligence-gathering" capability. They don't have to target individual customers to "look for wacky behavior," or "groups communicating with each other in strange patterns." That information could augment intelligence that the NSA and other agencies were gathering from other sources, the former official said.
Qwest's then-chief executive officer, Joseph Nacchio, rejected the NSA's request. "He didn't want to go along with that," and his refusal was not greeted warmly in the intelligence community, the former White House official said. Another source, a former high-ranking intelligence official, said that other companies, both before and after 9/11, had less of a problem complying with government requests if they were accompanied by a legal order. The ex-official added that some companies were willing to offer data and to assist the government "as necessary" on a voluntary basis, without a court order.
Nacchio has said publicly that the NSA asked Qwest for customer records after the 2001 terrorist attacks. But the nature of the agency's request before 9/11 has not been disclosed previously. Sources familiar with the activities spoke to National Journal on the condition of anonymity, because the work is still classified.
By early 2001, the NSA was aware of the growing threat of terrorism and was monitoring communications among Al Qaeda members overseas. But the agency, the Defense Department, and the White House also feared Internet-based attacks on U.S. government installations, and they believed that other countries were increasingly interested in cyberspace as a battlefield.
At the same time, the NSA was hesitant to conduct any surveillance activities that might violate long-standing prohibitions on domestic intelligence-gathering without court orders. One way to get the information that the agency and others deemed necessary for network defense was from the telecom carriers.
Nacchio, it appears, believed that the NSA's pre-9/11 request for access to Qwest's network was illegal. The former White House official said that the intelligence-gathering was not targeted at Qwest's U.S. customers, but he acknowledged that handing over customer information without a lawful order could violate the Electronic Communications Privacy Act, a 1986 law that extended wiretapping restrictions on phone calls to include electronic information transmitted by and stored in a computer.
After 9/11, that law was amended by the USA PATRIOT Act, and it became easier for the government to obtain certain private communications. When reports surfaced last year that telecom carriers were participating in a post-9/11 NSA program to analyze customer calling patterns for terrorism indicators, Nacchio's attorney stated publicly that Qwest had refused "to make private telephone records of Qwest customers available to the NSA immediately following [enactment of] the Patriot Act." Nacchio had concluded that the NSA's requests violated the privacy requirements of another law, the Telecommunications Act, his attorney said.
The question of Qwest's involvement with the NSA before 9/11 has surfaced in recent weeks because of Nacchio's appeal of his criminal conviction on 19 counts of insider trading. Nacchio was sentenced to six years in prison in July, but he remains free pending his appeal. He contends that the NSA retaliated against Qwest for not complying with its request by denying the company work under a multibillion-dollar program called Groundbreaker, which outsourced the NSA's unclassified information-technology systems. Federal prosecutors deny that allegation, noting that Qwest was a member of the team that ultimately won the Groundbreaker deal in August 2001.
Nacchio wasn't allowed to use his retaliation argument at his trial. But details of Qwest's interactions with the NSA, as well as years of work that the company performed for the Defense Department and the intelligence community, are contained in legal documents filed by his defense team and made public three weeks ago. Although the documents are partially redacted, they reveal that Qwest aggressively pursued business with the NSA while trying to put off officials' entreaties for more access to the company's network, requests that persisted for years.
The documents state that Nacchio and another senior Qwest executive met with NSA officials at their headquarters at Fort Meade, Md., on February 27, 2001. At this meeting, the agency proposed Qwest's participation in certain activities whose details are redacted from the court documents.
"Nacchio said it was a legal issue, and they should not do something their general counsel told them not to do," according to federal investigators who interviewed the former head of Qwest's government business unit, James F.X. Payne. "Nacchio projected that he might do it if they could find a way to do it legally."
Payne told investigators that the NSA requests came up "in meetings after meetings." Investigators quoted Payne as saying, "There was a feeling also that the NSA acted as agents for other government agencies." Payne could not be reached for comment.
Although the NSA's specific request for an Echelon-like program may have worried Qwest's attorneys, it appears that the company was sharing other kinds of proprietary information about its network with the Pentagon in the months before 9/11.
In May 2001, then-Commerce Secretary Donald Evans told the Senate Appropriations Committee that his department had helped to persuade Qwest to "share proprietary information with the Defense Department to evaluate the vulnerability of its network." (The Commerce Department includes an agency that is responsible for telecom policy.) Qwest, Evans noted, was the largest carrier in the Rocky Mountain corridor. That area is home to some of the military's most important command-and-control facilities, including the U.S. Strategic Command, which oversees nuclear weapons.
By the time the NSA asked for Qwest's assistance in February 2001, the company had become a darling of the Internet Age. Founded in 1988 by Philip Anschutz, who owned the Southern Pacific Railroad, Qwest built the first all-digital, fiber-optic network by laying lines alongside railroad tracks, then linking to terminals in key locations to provide high-speed Internet and data connections.
The Defense Department operates its own classified networks, which are more resistant to attack, but Qwest's network was faster, more expansive, and more technologically advanced. Nacchio's legal documents show that from the late 1990s and into the new century, Qwest was chasing at least two lucrative deals to build private, secure networks for defense and intelligence agencies.
Qwest's first high-level contact with the NSA may have occurred as early as 1997. Late that year, according to Nacchio's legal briefs, Qwest was informed that a military "general officer wanted to meet with Mr. Nacchio." Two weeks later, a three-star (lieutenant) general and his aide showed up at Nacchio's Denver office and told him that they had "heard about Qwest's new network." Nacchio described the operation and "talked about his background at AT&T, with which they were already familiar," the documents state. Nacchio had spent more than a quarter-century with AT&T before taking over at Qwest in 1997.
At some point, the general -- whose name and affiliation are omitted from the documents -- asked to speak privately with Dean Wandry, who led Qwest's government business unit at the time. "The general told Mr. Wandry that he ran the largest telecom operation in the world, he had looked at Qwest's network, and he wanted to use it for government purposes," the documents state. By law, the head of the NSA must be at least a three-star general or a vice admiral. In 1997, Lt. Gen. Kenneth Minihan was the director. He was replaced in 1999 by Lt. Gen. Michael Hayden, who is now a four-star general and the director of the CIA. Hayden declined to be interviewed for this story. An assistant to Minihan, who is now a managing director with Paladin Capital Group, a private equity firm in Washington, said he was unavailable for comment.
A number of former intelligence officials said that the description of a three-star general running the "largest telecom operation in the world" seemed to fit the NSA. In 1997, the Defense Information Systems Agency, which manages a large telecom enterprise, was also run by a lieutenant general. But that agency's operations are smaller than the NSA's. Also, Qwest's first contact with DISA occurred after the 1997 meeting with the unnamed military officer, according to Nacchio's legal filings. Qwest has done unclassified work for DISA, and it received a large contract from the agency as recently as last year.
After the Denver meeting, Wandry told Nacchio "that there was a big opportunity here for Qwest," the court filings state. Nacchio received a security clearance "a short time later." Qwest then received a contract from the agency, which Nacchio wanted to announce publicly. He was "refused permission," the briefs state, but he "understood at the time this was the beginning of a relationship which had enormous potential for future work. This proved increasingly true as time went on."
Qwest certainly worked for the NSA beginning at least in 1999. A search of Internet number registration files shows that the company allocated a portion of its network that year to the Maryland Procurement Office at Fort Meade, which is the NSA's contracting unit. An e-mail from employees in Qwest's government business group, sent in December 1999, requested a meeting with senior executives "to discuss the potential opportunity with the Maryland customer." (DISA, it should be noted, is headquartered in Virginia.) By 2001, the company was pursuing the NSA's Groundbreaker contract. And in March of that year, Payne, who by then was running the company's federal business, wrote in an e-mail to colleagues that Qwest was already a "provider" of telecom services to the NSA through existing contracts.
Meanwhile, concern was rising at the NSA that the proliferating global Internet might become a weapon for U.S. adversaries. As early as June 1998, then-NSA Director Minihan testified before the Senate Governmental Affairs Committee about "a wide array of malicious actors -- including hackers, terrorists, and nation-states," all of whom threatened "users of networked information systems."
Minihan singled out Russia and China; the latter, he said, had already incorporated cyber-warfare into its military training. He also pointed to the emergence of "transnational security challenges," including terrorism, drug trafficking, and international organized crime. "These opportunists, enabled by the explosion of technology and the availability of inexpensive, secure means of communication, pose a significant threat to the interests of the United States and its allies," Minihan said.
A former senior NSA official said that the agency also worried that because these groups understood privacy laws so well, they knew how to avoid detection and could predict what the NSA would, and wouldn't, do to track them. "There was such a nuanced understanding of how to tie us in knots and use American law against us, that there were certainly pockets of people saying, 'We've got to be assertive; we've got to be more aggressive on this,' " the former official said.
Hayden, who ran the NSA from 1999 to 2005, was well known for his willingness to push operations to the legal edge. "We're pretty aggressive within the law," Hayden said in public remarks after 9/11. "As a professional, I'm troubled if I'm not using the full authority allowed by law."
Hayden has repeated that refrain since the attacks. But former intelligence officials doubted that he would have authorized any request to Qwest, or other companies, that he believed violated the law. They noted, however, that many in the agency had long thought that monitoring "metadata," such as a phone number, the length of a call, or a series of calls placed from a particular phone, didn't implicate privacy because such information didn't constitute the "content" of a message -- its written or spoken words.
Published in National Journal
Labels: Cyber War, Law, National Security Agency, Technology, Terrorism
Full Article
A Court at the Crossroads
Friday, October 19, 2007
As Democrats and Republicans debate legislation that would alter 30-year-old limits on intrusive electronic and physical searches by the government, the secretive 11-member court that oversees surveillance of foreign-intelligence targets in the United States finds itself in the middle of a very public power struggle.
Regardless of where law and policy makers fall on the question, now being debated, about which governmental branch should hold the most sway over intelligence operations, and which political party has the more effective and fair solution, they all agree on this much: The Foreign Intelligence Surveillance Court should play referee, and the government should receive some kind of authorization for a still-secret set of spying activities that many agree are essential to the war on terrorism. If that oversight results in warrants that violate the Constitution, as some scholars fear would occur if pending legislation is enacted, most Republicans and Democrats don't appear concerned about such a prospect or even cognizant of it. Such is the court's brave new world.
It is an odd, but perhaps not unwelcome, reality that the intelligence judges now play a decisive role in this controversy. Odd because for most of American history, the judiciary has ruled itself least qualified among the branches of government to manage intelligence activities. But not unwelcome because this court has waded into these waters before, and it believes it has been an indispensable buffer against government excess.
The 1978 Foreign Intelligence Surveillance Act, the court's animating law, was a grand political compromise. After years of unchecked surveillance by the FBI and intelligence agencies of prominent Americans and political dissidents both before and during the Nixon presidency, the FISA court became the arbiter of when and how the executive branch can spy on suspected foreign agents and terrorists inside the country. Especially after the 9/11 attacks, the judges have included more experts in national security law, court-watchers say, and the court's former chief judge has proudly proclaimed that the court turns down almost no surveillance requests because the government has learned to play within FISA's boundaries.
This system, however, was upended after the 9/11 attacks, when President Bush issued orders that allowed him to bypass the court when tracking domestic terrorism suspects. The orders seemed to reflect a long-held, simmering animosity toward the body by some senior administration officials, particularly Vice President Cheney's legal counsel, David Addington, who reportedly told a colleague after 9/11 that "we're one bomb away from getting rid of that obnoxious court."
Now, though, the court is regaining some of the authority it had lost. And if the president signs a new Democratic proposal to further amend FISA, the court would play a central and untested role in overseeing surveillance. It may welcome the chance.
Former Chief FISA Court Judge Royce Lamberth has described a panel of jurists confident in its interpretation of surveillance law, equipped to issue warrants quickly, and flexible enough to write new procedures during wartime. In remarks at the annual conference of the American Library Association in June, Lamberth, who left his post in 2002, said he hadn't found a better way of controlling government surveillance. But, the former judge added, there was a "worse way," and that was "what the president did with the National Security Agency": Bush's post-9/11 orders allowed the government's eavesdroppers to intercept communications inside the United States without the court's approval.
The NSA program, begun just after 9/11 and dubbed "the terrorist surveillance program" by Bush, continued without judicial check for more than five years, until January 2007, when the administration placed it under FISA court review. The exact contours of the court's initial orders about the program, which were to last for 90 days, are secret.
For that first 90-day period, the NSA program proceeded unimpeded, intelligence officials say. But, according to Mike McConnell, the director of national intelligence, in spring 2007 a different FISA judge said that the government needed a warrant to capture electronic communications between parties in foreign countries as those communications pass through routing equipment in the United States. "We found ourselves in a position of actually losing ground," McConnell told the El Paso Times in August. The government would have to apply for a warrant for each phone number it monitored in this way, and it takes about "200 man-hours" to fill out the necessary paperwork, McConnell said. FISA experts and lawmakers note, however, that the law contains emergency provisions that allow monitoring to begin before a court order.
The ruling on the U.S.-routed calls was a rare push-back from a court that, by Lamberth's count, has approved 99 percent of the government's warrant applications. The Bush administration then launched a massive lobbying effort to amend FISA; in August, Congress passed the Protect America Act. It effectively reversed the court's normal procedures (these require a warrant before surveillance) and gave judges an after-the-fact-review power for surveillance procedures, which inevitably pick up domestic communications when foreign targets call or e-mail people located in this country. The law was panned for its hasty and imprecise language, and some observers thought it even authorized warrantless physical searches of people's possessions and premises.
This brings the court to its current crossroads. To correct the law's deficiencies, as they see them, Democratic Reps. Silvestre Reyes of Texas and John Conyers of Michigan, the respective chairmen of the House Intelligence and Judiciary committees, have introduced the RESTORE Act, short for Responsible Surveillance That is Overseen, Reviewed, and Effective. The Democrats have said that the bill would "protect innocent Americans from warrantless eavesdropping." Republicans have blasted it as a roadblock in the executive's path, and the bill was suddenly pulled from the House floor on October 17. But as Benjamin Wittes, a Brookings Institution scholar and an expert on the FISA court, writes in The New Republic Online this week, Protect America and RESTORE are actually quite similar. They do, however, hold significant implications for the court.
"Under either approach, the [NSA] will have the legal authority to listen to your calls without first going to the [FISA] court to get a warrant," as long as the targets are people overseas calling people in the United States, Wittes writes. Under the Protect America Act, which the administration favors, the FISA court plays "only a tiny retroactive role in approving procedures for overseas surveillance." But under RESTORE, the court "would play a slightly-less-tiny role in rubber-stamping [surveillance] programs," Wittes maintains. The court, under RESTORE, is given additional powers to review and modify "minimization procedures," which are secret, are written by the government, and are supposed to ensure that information about "U.S. persons" (defined as U.S. citizens or legal residents) is scrubbed from intelligence reports.
Under the RESTORE Act, the court would also have a new, controversial power: granting programmatic or "blanket" warrants for whole classes of individuals overseas who are not U.S. persons. Historically, courts have ruled that such orders violate the Fourth Amendment, which requires that warrants be issued against specific individuals and locations. And although the foreign targets of surveillance don't enjoy constitutional protections, the U.S. persons whom they might call do.
Wittes argues that the RESTORE Act's "approach is a little like asking the courts to approve the reasonableness of police arrest policies prospectively instead of reviewing individual arrests. It's not the way we traditionally do things in the American constitutional system -- and it creates a potentially serious set of constitutional problems with the bill." But the law would require the administration to submit to the court "the procedures it uses to determine which surveillance is exempt from FISA -- and the court has the ability to send them back if they're unreasonable," he adds.
Under the previous version of FISA, the judges found ways to discipline the government. They could reject an application for a warrant; in one case, Lamberth barred a senior FBI official from appearing before the court, because he said that the official had presented false information. The RESTORE Act wouldn't really take these powers away.
Still, some see the recent amendments to FISA as a further weakening of constitutional protections. "There are significant problems that existed with FISA before the Protect America Act," says Jameel Jaffer, the director of the American Civil Liberties Union's National Security Project, who is leading a legal effort to have the court release its written opinions on the NSA's surveillance program.
The court "was created to circumvent the Fourth Amendment," says Jonathan Turley, a professor at the George Washington University Law School and one of the few lawyers ever to go inside the court's secure room. With the Protect America and RESTORE acts, Turley says, "Democrats and Republicans are amending the Constitution by default."
For their part, the FISA court judges are unlikely to weigh in directly on the constitutional debate. But using history as a guide, it seems unlikely that they'll do anything more or less than apply the statute as directed by Congress. Presumably, they'll also steer clear of deciding how valid the statute actually is.
Friday, October 19, 2007
As Democrats and Republicans debate legislation that would alter 30-year-old limits on intrusive electronic and physical searches by the government, the secretive 11-member court that oversees surveillance of foreign-intelligence targets in the United States finds itself in the middle of a very public power struggle.
Regardless of where law and policy makers fall on the question, now being debated, about which governmental branch should hold the most sway over intelligence operations, and which political party has the more effective and fair solution, they all agree on this much: The Foreign Intelligence Surveillance Court should play referee, and the government should receive some kind of authorization for a still-secret set of spying activities that many agree are essential to the war on terrorism. If that oversight results in warrants that violate the Constitution, as some scholars fear would occur if pending legislation is enacted, most Republicans and Democrats don't appear concerned about such a prospect or even cognizant of it. Such is the court's brave new world.
It is an odd, but perhaps not unwelcome, reality that the intelligence judges now play a decisive role in this controversy. Odd because for most of American history, the judiciary has ruled itself least qualified among the branches of government to manage intelligence activities. But not unwelcome because this court has waded into these waters before, and it believes it has been an indispensable buffer against government excess.
The 1978 Foreign Intelligence Surveillance Act, the court's animating law, was a grand political compromise. After years of unchecked surveillance by the FBI and intelligence agencies of prominent Americans and political dissidents both before and during the Nixon presidency, the FISA court became the arbiter of when and how the executive branch can spy on suspected foreign agents and terrorists inside the country. Especially after the 9/11 attacks, the judges have included more experts in national security law, court-watchers say, and the court's former chief judge has proudly proclaimed that the court turns down almost no surveillance requests because the government has learned to play within FISA's boundaries.
This system, however, was upended after the 9/11 attacks, when President Bush issued orders that allowed him to bypass the court when tracking domestic terrorism suspects. The orders seemed to reflect a long-held, simmering animosity toward the body by some senior administration officials, particularly Vice President Cheney's legal counsel, David Addington, who reportedly told a colleague after 9/11 that "we're one bomb away from getting rid of that obnoxious court."
Now, though, the court is regaining some of the authority it had lost. And if the president signs a new Democratic proposal to further amend FISA, the court would play a central and untested role in overseeing surveillance. It may welcome the chance.
Former Chief FISA Court Judge Royce Lamberth has described a panel of jurists confident in its interpretation of surveillance law, equipped to issue warrants quickly, and flexible enough to write new procedures during wartime. In remarks at the annual conference of the American Library Association in June, Lamberth, who left his post in 2002, said he hadn't found a better way of controlling government surveillance. But, the former judge added, there was a "worse way," and that was "what the president did with the National Security Agency": Bush's post-9/11 orders allowed the government's eavesdroppers to intercept communications inside the United States without the court's approval.
The NSA program, begun just after 9/11 and dubbed "the terrorist surveillance program" by Bush, continued without judicial check for more than five years, until January 2007, when the administration placed it under FISA court review. The exact contours of the court's initial orders about the program, which were to last for 90 days, are secret.
For that first 90-day period, the NSA program proceeded unimpeded, intelligence officials say. But, according to Mike McConnell, the director of national intelligence, in spring 2007 a different FISA judge said that the government needed a warrant to capture electronic communications between parties in foreign countries as those communications pass through routing equipment in the United States. "We found ourselves in a position of actually losing ground," McConnell told the El Paso Times in August. The government would have to apply for a warrant for each phone number it monitored in this way, and it takes about "200 man-hours" to fill out the necessary paperwork, McConnell said. FISA experts and lawmakers note, however, that the law contains emergency provisions that allow monitoring to begin before a court order.
The ruling on the U.S.-routed calls was a rare push-back from a court that, by Lamberth's count, has approved 99 percent of the government's warrant applications. The Bush administration then launched a massive lobbying effort to amend FISA; in August, Congress passed the Protect America Act. It effectively reversed the court's normal procedures (these require a warrant before surveillance) and gave judges an after-the-fact-review power for surveillance procedures, which inevitably pick up domestic communications when foreign targets call or e-mail people located in this country. The law was panned for its hasty and imprecise language, and some observers thought it even authorized warrantless physical searches of people's possessions and premises.
This brings the court to its current crossroads. To correct the law's deficiencies, as they see them, Democratic Reps. Silvestre Reyes of Texas and John Conyers of Michigan, the respective chairmen of the House Intelligence and Judiciary committees, have introduced the RESTORE Act, short for Responsible Surveillance That is Overseen, Reviewed, and Effective. The Democrats have said that the bill would "protect innocent Americans from warrantless eavesdropping." Republicans have blasted it as a roadblock in the executive's path, and the bill was suddenly pulled from the House floor on October 17. But as Benjamin Wittes, a Brookings Institution scholar and an expert on the FISA court, writes in The New Republic Online this week, Protect America and RESTORE are actually quite similar. They do, however, hold significant implications for the court.
"Under either approach, the [NSA] will have the legal authority to listen to your calls without first going to the [FISA] court to get a warrant," as long as the targets are people overseas calling people in the United States, Wittes writes. Under the Protect America Act, which the administration favors, the FISA court plays "only a tiny retroactive role in approving procedures for overseas surveillance." But under RESTORE, the court "would play a slightly-less-tiny role in rubber-stamping [surveillance] programs," Wittes maintains. The court, under RESTORE, is given additional powers to review and modify "minimization procedures," which are secret, are written by the government, and are supposed to ensure that information about "U.S. persons" (defined as U.S. citizens or legal residents) is scrubbed from intelligence reports.
Under the RESTORE Act, the court would also have a new, controversial power: granting programmatic or "blanket" warrants for whole classes of individuals overseas who are not U.S. persons. Historically, courts have ruled that such orders violate the Fourth Amendment, which requires that warrants be issued against specific individuals and locations. And although the foreign targets of surveillance don't enjoy constitutional protections, the U.S. persons whom they might call do.
Wittes argues that the RESTORE Act's "approach is a little like asking the courts to approve the reasonableness of police arrest policies prospectively instead of reviewing individual arrests. It's not the way we traditionally do things in the American constitutional system -- and it creates a potentially serious set of constitutional problems with the bill." But the law would require the administration to submit to the court "the procedures it uses to determine which surveillance is exempt from FISA -- and the court has the ability to send them back if they're unreasonable," he adds.
Under the previous version of FISA, the judges found ways to discipline the government. They could reject an application for a warrant; in one case, Lamberth barred a senior FBI official from appearing before the court, because he said that the official had presented false information. The RESTORE Act wouldn't really take these powers away.
Still, some see the recent amendments to FISA as a further weakening of constitutional protections. "There are significant problems that existed with FISA before the Protect America Act," says Jameel Jaffer, the director of the American Civil Liberties Union's National Security Project, who is leading a legal effort to have the court release its written opinions on the NSA's surveillance program.
The court "was created to circumvent the Fourth Amendment," says Jonathan Turley, a professor at the George Washington University Law School and one of the few lawyers ever to go inside the court's secure room. With the Protect America and RESTORE acts, Turley says, "Democrats and Republicans are amending the Constitution by default."
For their part, the FISA court judges are unlikely to weigh in directly on the constitutional debate. But using history as a guide, it seems unlikely that they'll do anything more or less than apply the statute as directed by Congress. Presumably, they'll also steer clear of deciding how valid the statute actually is.
Labels: Director of National Intelligence, Foreign Intelligence Surveillance Act, Intelligence, National Security Agency, Politics, Terrorism
Full Article
The Liberator
Friday, September 21, 2007
Mike Wertheimer may be the most dangerous man in U.S. intelligence. You would probably never guess it, judging from his lengthy and opaque title -- assistant deputy director of national intelligence for analytic transformation and technology. A perfect testament to the well-worn bureaucratic tradition of offering little insight by tossing around a lot of words.
Wertheimer's squishy and unassuming title only hints at some vague, general notion of what he actually does for a living. Particularly for the uninitiated, the moniker buries a sense of authority beneath a pair of prefixes (assistant deputy) and offers an unsatisfying buzzword descriptor (transformation), whose etymology points to some consultant's pocket glossary. The title screams "middle management" and thus reassures, "This guy is not a threat."
That message is especially ironic, because to thousands of powerful career employees in the American intelligence community, Wertheimer is, in fact, very threatening. He threatens to upend their world, to change the way they work, and to foist on them the values of a younger generation of spies, who happen to outnumber them. He also threatens to change the way that policy makers use intelligence to reach decisions, and so to "transform" the intelligence agencies' role in the government. All of this makes Mike Wertheimer very dangerous to people who oppose his basic assumptions. And he knows that. He also knows that, to many thousands more in the intelligence field, he is something of a savior.
To understand the origins and purpose of Wertheimer's office, of which he is the first occupant, it helps to refer to a document that also bears a lengthy title, the report by the Commission on the Intelligence Capabilities of the United States Regarding Weapons of Mass Destruction. Better known as the WMD commission report, it provides a painstaking explanation of how 15 intelligence agencies collectively failed to discover that Saddam Hussein's Iraq possessed no weapons of mass destruction.
The contrary assertion that he did have those weapons -- and thus was a threat to the Middle East and a potential benefactor for terrorists -- was, of course, the Bush administration's chief casus belli for the Iraq war. The claim was backed up at the highest levels of the intelligence community in a National Intelligence Estimate released to Congress in October 2002. The WMD commission, which published its findings in 2005, echoed the sentiments of many intelligence professionals, including some who had participated in and blessed the flawed prewar analysis, by pronouncing the episode "one of the most public -- and most damaging -- intelligence failures in recent American history."
Wertheimer's job is to prevent any more such failures and to make sure that the intelligence agencies can accurately predict a host of catastrophic events, including terrorist attacks and disease outbreaks. The commission laid much of the blame for the bad call on Iraq at the feet of analysts, whom it called "the voice of the intelligence community." Although the problems begin with the failure to collect the right information in the first place, the commission particularly faulted the analysts' inability to make sense of intelligence, and to present their judgments to decision makers. During his time in government, Colin Powell was widely regarded among professionals as a decision maker who understood this inherently murky process. He would say to his intelligence officers, "Tell me what you know, tell me what you don't know, and then tell me what you think is most likely to happen." When that analysis breaks down, as it did with Iraq, "the consequences can be grave," the commission wrote.
To be sure, many career analysts object to the "flaws" the commission cited in their tradecraft, regarding both Iraq and another notorious intelligence failure: the September 11, 2001, terrorist attacks. But very few argue with the substance, or the roots, of these breakdowns. The "intelligence community," as the agencies are collectively known, hardly operates as one, and this lack of coordination and -- especially -- collaboration among analysts means that agency leaders and their clients often don't know what the analysts don't know. The disconnect also means that contrary analysis -- of which there was a significant amount in the run-up to the Iraq war -- may find no quarter in analysts' final judgments. It is a disastrous situation for policy makers, who are increasingly turning to nongovernment experts and the news media for rapid, cogent analysis that the intelligence agencies can't always provide.
The WMD commission identified the fix: "Integrate the community of analysts." That's easier said than done, of course, but Wertheimer and others who understand how very un-integrated the analysts are today know that it is prescriptive advice that they can't afford to reject.
The Threat Within
"Post-9/11, we coined a term, the 'asymmetric threat,' " Wertheimer says. "That's a fancy way of describing a future in which the targets for intelligence, the things that we will focus on, are built, designed, and operate completely differently than the way we do." Transformation, that fuzzy word in his title, means "removing that asymmetry."
Before the attacks, the intelligence community was "like a power builder -- very muscular but not very fast," Wertheimer says. Today, the agencies need to be swift. They need to analyze more information faster. But analysts also need new ways to connect to one another, to benefit from one another's knowledge. If a specialist on sub-Saharan Africa at the Defense Intelligence Agency is studying terrorist inroads into tribal communities, shouldn't a CIA expert in Africa studies know that? Might she have something useful to contribute to the inquiry?
Collaboration isn't an especially novel concept, and the WMD commission wasn't the first to suggest that analysts do more of it. But Wertheimer is the first official in the Office of the Director of National Intelligence -- the "czar" of the community -- to make collaboration a full-time job. Gen. Michael Hayden, the former principal deputy director of national intelligence who is now the CIA director, created the position after talking with Wertheimer two years ago about how to change the way the community operates. The new intelligence director, Mike McConnell, has forcefully backed the transformational efforts, as has his deputy in charge of analysis, Tom Fingar, a career analyst who used to run intelligence at the State Department. Fingar, who is essentially the only official layer between Wertheimer and McConnell, is the political muscle in this endeavor. Wertheimer is the idea man, "my philosopher of transformation," as Fingar recently put it.
Transformation has less to do with changing procedures than with changing people. A key pillar is a suite of new information-sharing and collaborative technologies that look and feel a lot like Google, Wikipedia, and MySpace, the networking and search tools that younger analysts grew up using at home and in their dorm rooms. These newcomers have been baffled to find that these 21st-century staples aren't widely used within the intelligence community.
The first of the new intelligence tools came online recently. Analysts can now log on to Intellipedia, a collaborative knowledge base that they can use to swap leads and examine one another's work. (Officials say that Intellipedia helped one group of analysts create a helpful report on Iraqi insurgents' use of chlorine gas to increase the lethality of improvised explosive devices.) Later this year, Wertheimer's team will launch A-Space ("A" for analyst), modeled after MySpace and the popular website Facebook. Officials hope the new site will help analysts create social networks outside established channels.
In addition to the new tools, Wertheimer and his colleagues have created unusual training programs. One sends analysts to a monthlong retreat at a classified location where they work alongside private-sector experts to investigate complex intelligence topics. Another takes young analysts out of their assigned jobs for two years and puts them through an intensive training program where they learn the tradecraft but also such on-the-ground spy skills as defensive driving and weapons handling. Agencies will ultimately deploy these analysts to global hot spots to support spies in the field.
It's no accident that Wertheimer and his team are aiming these new tools and programs at the younger crowd. Sixty percent of U.S. intelligence analysts have five years of experience or less on the job. In the larger intelligence community of about 100,000 employees, which includes clandestine operatives and support staff, those young workers are about 40 percent of the rolls. America's spies are decidedly green, and they're not comfortable -- or particularly useful -- working in bureaucratic silos without Internet browsers, instant messaging, and social networking sites on their desktops.
In his quest for transformation, Wertheimer is playing to this youthful workforce that finds collaboration neither newfangled nor threatening. For these analysts, networking is just the way information moves. But to the intelligence establishment, information is power, and relinquishing it means losing that power, as the WMD commission and many other critics have repeatedly lamented. It seems illogical to the generation of electronic socializers, but when information moves around, and becomes known to people who don't have the "need to know," veteran members of the community view it as no longer special because it's no longer secret. Too much collaboration also threatens to reveal the sources and methods by which agencies obtain information -- secrets they must zealously guard lest those sources dry up or get killed.
Sharing and secrecy are opposing forces. So this is Wertheimer's task: Transform the massive intelligence bureaucracy into a collaborative network, in which loose lips are, in a way, encouraged; introduce technologies that many seasoned analysts neither understand nor trust; and build a cadre of young, ambitious rookies, who just can't believe they're not allowed to check their personal e-mail at work, into the future of the business.
The opposition is fierce. When The New York Times wrote about A-Space recently, analysts commented about the piece, and about Wertheimer, on a private intelligence community blog. Some recorded their dramatic dissent. "I guarantee," one intelligence employee wrote, "Mike Wertheimer will cause people to get killed over this."
"I am threatening the status quo," Wertheimer says. "And that's a hard pill to swallow for anybody."
Taking the Blame
Wertheimer, 50, is a mathematician who earned his master's and Ph.D. from the University of Pennsylvania. He spent 21 years as a cryptologist at the National Security Agency, and rose to become the agency's most senior technical leader. On paper, he fits the stereotype captured in an old joke among NSA hands: "How can you tell an extroverted analyst? He's the one who looks at your shoes when he's talking."
But Wertheimer defies typecasting. When he speaks, he looks people in the eye, but often from above -- he is 6 feet, 1 inch tall. He has arching eyebrows that signal when he's listening but also serve as a warning for when he's about to descend with an impassioned argument or an analogy that he thinks perfectly captures what he's up against. (In a recent conversation, Wertheimer compared the government's attempts at collaboration to the Borg, the supremely villainous race of cyber-aliens on Star Trek: The Next Generation who "assimilate" whole societies by stripping people of individual character traits and turn them into one giant collective.) If you spotted Wertheimer in a room, or even better, watched him work a room, you might wonder why he hasn't sought his fortune on the motivational speaking circuit.
When he speaks, you get the feeling that he's talking to you. He reveals a lot about himself, which might be unsettling if he weren't so earnest about connecting his flaws and fears to his intelligence work. At a recent conference on analytic transformation in Chicago, Wertheimer confessed to a crowd of more than 400 people that after the 9/11 attacks he felt personally responsible for not anticipating Al Qaeda's strike. He became depressed, he said, and was inconsolable until his father snapped him out of it. "I don't blame you for this," Wertheimer's dad told him, and then warned, "You're scaring your kids," who thought that whenever their father had to rush back to the office, something very bad was about to happen. Wertheimer briefly left government in 2003 to work as a technology consultant but returned two years later.
Wertheimer is like a number of other veteran intelligence officials who were involved in the global hunt for terrorists before 9/11. They feel that their own actions -- more precisely, their inactions -- allowed the disaster. Wertheimer says he blames himself and his colleagues. He thinks he personally failed and, accepting his part in a broken system, he seems to have no qualms about tearing it down and rebuilding.
"It is something that he can appreciate as being absolutely critical to the future of this country and the protection of the country, and when you hear him speak, you get caught up in that emotion," says Tim Sample, a former analyst and staff director of the House Select Committee on Intelligence who knows Wertheimer well. Sample is president of the nonprofit Intelligence and National Security Alliance, which co-hosted the Chicago conference with the intelligence director's office.
In large measure, Wertheimer's charisma comes from his willingness to defy tradition. "We are going to share more," he said in his Chicago speech. "We are going to take risks." Directing his remarks at those who would rather preserve the status quo, he said, "For the first time, the challenge is not why we can't do it; it's how you're going to find a way to secure this." Rather than appeasing members of the intelligence community who blanch at collaboration and its attendant security risks, Wertheimer lays the burden on their shoulders and tells them that if collaboration doesn't happen, they'll take the blame.
But if Wertheimer succeeds, it probably won't be by convincing his intransigent opponents. Rather, he will work with that younger generation at whom transformation is aimed. By and large, these newer members of the community are optimistic and, like him, believe that the intelligence community is dangerously broken.
"It's Huge"
Sean Wohltman, a 25-year-old counter-terrorism analyst with the National Geospatial-Intelligence Agency, embodies the kind of optimistic disillusionment that Wertheimer wants to harness. Two years after defending his master's thesis in geographic information science at Virginia Tech University, Wohltman joined the government "following a call for patriotism," he said. He encountered "disappointment and disillusionment" in his first three months on the job, however.
As Wohltman explained to the Chicago conference, "When I first logged on to what I expected to be a terminal from 24's [counter-terrorist unit] command center, I was instead driven to my agency's home page, which flashed information about an upcoming picnic and links to fill out my health insurance. And not only that, it launched in Netscape." Those in the audience who laughed understood that Netscape is an obsolete Internet browser.
Later, Wohltman explained why it mattered to him that the intelligence agencies were so far behind the technological curve. In 1999, when the popular and controversial music file-sharing system Napster debuted, he pointed out, Ricky Martin's "Livin' la Vida Loca" and other corporately manufactured pop hits topped the Billboard charts. Only artists from big record labels got mass recognition, and listeners were cut off from the bounty of independent and innovative artists who excelled in a variety of musical styles. But that year, Napster's collaborative technology allowed fans of lesser-known artists to share songs, which in turn boosted their recognition, fanned their popularity, and led to greater awareness of the wider music scene. It also fueled the market for independent music and challenged the record companies' dominance of the industry.
Taking Wohltman's analogy, Wertheimer says that the intelligence agencies could be compared to the record companies. Information is filtered through a hierarchical process that culminates in senior executives choosing what intelligence to disseminate to customers. Similar to Napster, tools such as Intellipedia and A-Space -- known as "disruptive technologies" -- bypass this process and get more information out to a wider audience.
But will collaboration guarantee better analysis? Did Napster improve music quality? Did it benefit the industry as a whole? Recording artists and companies sued Napster for copyright infringement, and the network shut down in 2001, eventually to be reborn as a pay-for-service system.
Napster did pave the way for other innovative technologies, which adapted to customers' demands to buy music a la carte, rather than having to pay for an entire album. Today, Apple's iTunes sells songs for 99 cents and threatens the record companies' control of their own products. Collaboration, in a sense, won out, and customers' demand for more music, delivered in new ways, has opened the market to more artists. "Will this lead to better music?" Wertheimer asks. "I can't believe that it will not."
Wertheimer and other transformation proponents often point to iTunes, and the hugely successful iPod music player, to support their theory that collaboration can fundamentally change and improve people's lives. And they reason that A-Space, Intellipedia, and other innovative services will create demand in the intelligence community and overwhelm the transformation naysayers.
Wertheimer channels the enthusiasm of Apple's CEO and co-founder, Steve Jobs, whose rousing keynote speeches, known as "Stevenotes," command more press coverage and world attention than speeches by most members of Congress. But as with Jobs, some skeptics question both the substance and the goal behind Wertheimer's zeal.
Early in Jobs's career, a co-worker coined the term "reality distortion field" to describe the aura that the Apple prophet cast over his spellbound audiences. The term could easily apply to Wertheimer's enthusiastic showmanship. Wikipedia describes RDF as "the idea that Steve Jobs is able to convince people to believe almost anything with a mix of charm, charisma, exaggeration, and marketing. RDF is said to distort an audience's sense of proportion or scale. Small advances are applauded as breakthroughs. Interesting developments become turning points, or huge leaps forward." (The phenomenon has been applied to other leaders, as well.)
Wertheimer does, in fact, applaud certain advances as breakthroughs that others -- particularly those outside of government -- might find underwhelming. For instance, one planned transformation program, the Library of National Intelligence, would be a repository of all the documents produced by all of the agencies. Eventually, Wertheimer hopes, analysts will search the library for key terms, and an automated system will help to judge who should have access to classified materials. He calls this program "huge."
Why is it huge? Some observers would have a hard time believing that the agencies didn't already have such a resource, the kind that most large organizations take for granted. LexisNexis, for example, contains copies of every article published in most of the country's periodicals. Following basic business practices, most companies compile and retain their internal documents for research and for legal purposes.
Wertheimer is careful to put things in perspective. "It's big," he says of the library. But then he quickly follows up: "For us, it's huge." And he's right. Much to the consternation of the WMD commission and others, this is a giant leap for the intelligence community, a kind of moon-landing moment.
But do collaborative libraries -- and wikis, blogs, networking websites, and special training -- make transformation worthwhile?
Change Without End
Mark Lowenthal retired in 2005 as the assistant director of central intelligence for analysis and production. Among seasoned intelligence officials, he is considered one of the most knowledgeable authorities on analysis, the agencies' shortcomings in that regard, and the education of young analysts in the ways of the tradecraft. So in Chicago, when Lowenthal stood up to question why Wertheimer and the DNI's office are expending so much energy on transformation, people listened intently.
"You are urging this transformation for an end that I do not understand," he told Wertheimer. "Collaboration is not an end in itself, to my mind. You want to do this, I think, ... to make analysis better. What does that mean? It means it would be faster? It would be more comprehensible? It would be more accurate more often? I don't think you have a way of knowing at the end of the day when you get there."
Lowenthal doesn't dismiss collaboration out of hand, and he has spent a sizable part of his career trying to create a true intelligence community. But his remarks reflected a palpable skepticism among those who think that it is impossible to know whether Wertheimer's ideas will actually fix intelligence. Lowenthal told him, "I think, unfortunately, a lot of this is pandering to a bunch of commissions that have no understanding of what we do for a living, or the nature of our work, and to a workforce. And I don't think that's a sufficient ground for a transformation. And so I'm left here wondering, what's the end state? For what reason?"
Wertheimer responded that he didn't have a satisfactory answer. The best he could offer, he said, were anecdotes. He has spent the past two years talking to analysts and trying to figure out what those who achieved real breakthroughs -- overcoming "hard problems," he said -- had in common.
The few successes were not enough to prove a theory, he admitted. But the one trait these breakthrough-makers shared was -- perhaps not surprisingly -- collaboration. These were analysts who challenged old assumptions, re-examined evidence that had been set aside as useless, and shared information beyond normal channels. They also, Wertheimer said, ignored their bosses' admonitions that such inquiries -- going back to ground that had been plowed unproductively before -- were "career killers." Bucking authority is another of Wertheimer's recurring themes. He says that a colleague once told him, "You will have succeeded when you become really hard to manage."
Wertheimer, however, plays down the notion of analysts as revolutionaries. "I don't like the thought that transformation is changing something from the past to something new," he says. Rather, transformation is about "creating an environment in which more things could happen than could happen in the past. It's liberating. Let's call it 'analytic liberation.' "
Wertheimer seems perfectly comfortable working in this gray area, where there is no obvious way to know whether his ideas are working and where concepts change on the fly (transformation becomes liberation) and the end goal isn't defined at the outset. Were it not for the DNI's backing, such a nebulous, high-risk approach to preventing another intelligence disaster might never take flight. Wertheimer might still go down in flames, but taking that risk appears to suit him just fine. "We can't afford the kinds of mistakes that we're making based on the way we're doing business today. It's just the bottom line," he said. Riffing off the intelligence blogger's comments, he added, "If I'm the first one to get killed, so be it."
The Hard Sell
Bravado may obscure Wertheimer's pragmatic streak. He is provocative and excitable, and sometimes brash. But those who know him well say that he is also humble and self-deprecating.
He frets that he will become too personally associated with his cause. "I'm a little worried about this being too personality-driven," he says. "This has got to be about ideas. We have to sell people on the ideas."
Wertheimer knows that the reason his pitch isn't resonating with enough people his own age is because he has failed to demonstrate how middle managers and veteran analysts -- the people who are feeling most threatened -- can take part in this grand enterprise, how they can be "liberated." Wertheimer, the realist, has promised to find a place for them. But he does not apologize for embracing young analysts and for assaulting the culture that reared him. "We don't allow our people to reach their full potential," he told the audience in Chicago. "This is a society, this is a community, that tamps down potential."
"We treat [analysis] like a guild," Wertheimer said later, a society of apprentices who study at the feet of masters. "This is like making a fine violin or studying opera. That [approach] makes a lot of sense at the scale that you build violins or have opera singers. But we're talking about massive [numbers] of young people coming in.... They learn on their own. They don't read the rule book. They don't read the owner's manual," he said. "They click buttons and investigate, and if they get bored, they do something else."
If the two sides of this generational divide are irreconcilable, Wertheimer doesn't seem worried, because the rookies have the clear majority. "It's simply a matter of time," he said. "Now, the question we all have in our minds is, how much time can we afford? We can't afford another day."
Several younger colleagues once asked Wertheimer to name his greatest career achievement at the National Security Agency. At one time, he said, he was the world's leading expert on a certain cryptographic technology, the smartest man alive on that one subject. But "that's not what makes me so accomplished," he said. "It's that I'm no longer the No. 1 expert, and that the experts are in this room, because I taught them. And they exceeded everything I could have done on my own."
That's one way Wertheimer judges success: Someone comes along and does it better. It doesn't quite answer his critics' concerns that his ideas might be flawed to begin with. But Wertheimer is a strong believer in the "wisdom of crowds." He and his bosses are betting that collaboration is the way to fix what's broken with intelligence and, by extension, to keep people from dying. If they are right that transformation, in all its forms, is the key to stopping another terrorist attack, or to avoiding another catastrophic intelligence failure, then it seems a decent bet that the next generation of analysts will follow Wertheimer's lead.
"If I can just start something for which a handful of folks better and smarter than me take over," he said, "if you could put that in my epitaph, I would die a happy man."
Published in National Journal
Friday, September 21, 2007
Mike Wertheimer may be the most dangerous man in U.S. intelligence. You would probably never guess it, judging from his lengthy and opaque title -- assistant deputy director of national intelligence for analytic transformation and technology. A perfect testament to the well-worn bureaucratic tradition of offering little insight by tossing around a lot of words.
Wertheimer's squishy and unassuming title only hints at some vague, general notion of what he actually does for a living. Particularly for the uninitiated, the moniker buries a sense of authority beneath a pair of prefixes (assistant deputy) and offers an unsatisfying buzzword descriptor (transformation), whose etymology points to some consultant's pocket glossary. The title screams "middle management" and thus reassures, "This guy is not a threat."
That message is especially ironic, because to thousands of powerful career employees in the American intelligence community, Wertheimer is, in fact, very threatening. He threatens to upend their world, to change the way they work, and to foist on them the values of a younger generation of spies, who happen to outnumber them. He also threatens to change the way that policy makers use intelligence to reach decisions, and so to "transform" the intelligence agencies' role in the government. All of this makes Mike Wertheimer very dangerous to people who oppose his basic assumptions. And he knows that. He also knows that, to many thousands more in the intelligence field, he is something of a savior.
To understand the origins and purpose of Wertheimer's office, of which he is the first occupant, it helps to refer to a document that also bears a lengthy title, the report by the Commission on the Intelligence Capabilities of the United States Regarding Weapons of Mass Destruction. Better known as the WMD commission report, it provides a painstaking explanation of how 15 intelligence agencies collectively failed to discover that Saddam Hussein's Iraq possessed no weapons of mass destruction.
The contrary assertion that he did have those weapons -- and thus was a threat to the Middle East and a potential benefactor for terrorists -- was, of course, the Bush administration's chief casus belli for the Iraq war. The claim was backed up at the highest levels of the intelligence community in a National Intelligence Estimate released to Congress in October 2002. The WMD commission, which published its findings in 2005, echoed the sentiments of many intelligence professionals, including some who had participated in and blessed the flawed prewar analysis, by pronouncing the episode "one of the most public -- and most damaging -- intelligence failures in recent American history."
Wertheimer's job is to prevent any more such failures and to make sure that the intelligence agencies can accurately predict a host of catastrophic events, including terrorist attacks and disease outbreaks. The commission laid much of the blame for the bad call on Iraq at the feet of analysts, whom it called "the voice of the intelligence community." Although the problems begin with the failure to collect the right information in the first place, the commission particularly faulted the analysts' inability to make sense of intelligence, and to present their judgments to decision makers. During his time in government, Colin Powell was widely regarded among professionals as a decision maker who understood this inherently murky process. He would say to his intelligence officers, "Tell me what you know, tell me what you don't know, and then tell me what you think is most likely to happen." When that analysis breaks down, as it did with Iraq, "the consequences can be grave," the commission wrote.
To be sure, many career analysts object to the "flaws" the commission cited in their tradecraft, regarding both Iraq and another notorious intelligence failure: the September 11, 2001, terrorist attacks. But very few argue with the substance, or the roots, of these breakdowns. The "intelligence community," as the agencies are collectively known, hardly operates as one, and this lack of coordination and -- especially -- collaboration among analysts means that agency leaders and their clients often don't know what the analysts don't know. The disconnect also means that contrary analysis -- of which there was a significant amount in the run-up to the Iraq war -- may find no quarter in analysts' final judgments. It is a disastrous situation for policy makers, who are increasingly turning to nongovernment experts and the news media for rapid, cogent analysis that the intelligence agencies can't always provide.
The WMD commission identified the fix: "Integrate the community of analysts." That's easier said than done, of course, but Wertheimer and others who understand how very un-integrated the analysts are today know that it is prescriptive advice that they can't afford to reject.
The Threat Within
"Post-9/11, we coined a term, the 'asymmetric threat,' " Wertheimer says. "That's a fancy way of describing a future in which the targets for intelligence, the things that we will focus on, are built, designed, and operate completely differently than the way we do." Transformation, that fuzzy word in his title, means "removing that asymmetry."
Before the attacks, the intelligence community was "like a power builder -- very muscular but not very fast," Wertheimer says. Today, the agencies need to be swift. They need to analyze more information faster. But analysts also need new ways to connect to one another, to benefit from one another's knowledge. If a specialist on sub-Saharan Africa at the Defense Intelligence Agency is studying terrorist inroads into tribal communities, shouldn't a CIA expert in Africa studies know that? Might she have something useful to contribute to the inquiry?
Collaboration isn't an especially novel concept, and the WMD commission wasn't the first to suggest that analysts do more of it. But Wertheimer is the first official in the Office of the Director of National Intelligence -- the "czar" of the community -- to make collaboration a full-time job. Gen. Michael Hayden, the former principal deputy director of national intelligence who is now the CIA director, created the position after talking with Wertheimer two years ago about how to change the way the community operates. The new intelligence director, Mike McConnell, has forcefully backed the transformational efforts, as has his deputy in charge of analysis, Tom Fingar, a career analyst who used to run intelligence at the State Department. Fingar, who is essentially the only official layer between Wertheimer and McConnell, is the political muscle in this endeavor. Wertheimer is the idea man, "my philosopher of transformation," as Fingar recently put it.
Transformation has less to do with changing procedures than with changing people. A key pillar is a suite of new information-sharing and collaborative technologies that look and feel a lot like Google, Wikipedia, and MySpace, the networking and search tools that younger analysts grew up using at home and in their dorm rooms. These newcomers have been baffled to find that these 21st-century staples aren't widely used within the intelligence community.
The first of the new intelligence tools came online recently. Analysts can now log on to Intellipedia, a collaborative knowledge base that they can use to swap leads and examine one another's work. (Officials say that Intellipedia helped one group of analysts create a helpful report on Iraqi insurgents' use of chlorine gas to increase the lethality of improvised explosive devices.) Later this year, Wertheimer's team will launch A-Space ("A" for analyst), modeled after MySpace and the popular website Facebook. Officials hope the new site will help analysts create social networks outside established channels.
In addition to the new tools, Wertheimer and his colleagues have created unusual training programs. One sends analysts to a monthlong retreat at a classified location where they work alongside private-sector experts to investigate complex intelligence topics. Another takes young analysts out of their assigned jobs for two years and puts them through an intensive training program where they learn the tradecraft but also such on-the-ground spy skills as defensive driving and weapons handling. Agencies will ultimately deploy these analysts to global hot spots to support spies in the field.
It's no accident that Wertheimer and his team are aiming these new tools and programs at the younger crowd. Sixty percent of U.S. intelligence analysts have five years of experience or less on the job. In the larger intelligence community of about 100,000 employees, which includes clandestine operatives and support staff, those young workers are about 40 percent of the rolls. America's spies are decidedly green, and they're not comfortable -- or particularly useful -- working in bureaucratic silos without Internet browsers, instant messaging, and social networking sites on their desktops.
In his quest for transformation, Wertheimer is playing to this youthful workforce that finds collaboration neither newfangled nor threatening. For these analysts, networking is just the way information moves. But to the intelligence establishment, information is power, and relinquishing it means losing that power, as the WMD commission and many other critics have repeatedly lamented. It seems illogical to the generation of electronic socializers, but when information moves around, and becomes known to people who don't have the "need to know," veteran members of the community view it as no longer special because it's no longer secret. Too much collaboration also threatens to reveal the sources and methods by which agencies obtain information -- secrets they must zealously guard lest those sources dry up or get killed.
Sharing and secrecy are opposing forces. So this is Wertheimer's task: Transform the massive intelligence bureaucracy into a collaborative network, in which loose lips are, in a way, encouraged; introduce technologies that many seasoned analysts neither understand nor trust; and build a cadre of young, ambitious rookies, who just can't believe they're not allowed to check their personal e-mail at work, into the future of the business.
The opposition is fierce. When The New York Times wrote about A-Space recently, analysts commented about the piece, and about Wertheimer, on a private intelligence community blog. Some recorded their dramatic dissent. "I guarantee," one intelligence employee wrote, "Mike Wertheimer will cause people to get killed over this."
"I am threatening the status quo," Wertheimer says. "And that's a hard pill to swallow for anybody."
Taking the Blame
Wertheimer, 50, is a mathematician who earned his master's and Ph.D. from the University of Pennsylvania. He spent 21 years as a cryptologist at the National Security Agency, and rose to become the agency's most senior technical leader. On paper, he fits the stereotype captured in an old joke among NSA hands: "How can you tell an extroverted analyst? He's the one who looks at your shoes when he's talking."
But Wertheimer defies typecasting. When he speaks, he looks people in the eye, but often from above -- he is 6 feet, 1 inch tall. He has arching eyebrows that signal when he's listening but also serve as a warning for when he's about to descend with an impassioned argument or an analogy that he thinks perfectly captures what he's up against. (In a recent conversation, Wertheimer compared the government's attempts at collaboration to the Borg, the supremely villainous race of cyber-aliens on Star Trek: The Next Generation who "assimilate" whole societies by stripping people of individual character traits and turn them into one giant collective.) If you spotted Wertheimer in a room, or even better, watched him work a room, you might wonder why he hasn't sought his fortune on the motivational speaking circuit.
When he speaks, you get the feeling that he's talking to you. He reveals a lot about himself, which might be unsettling if he weren't so earnest about connecting his flaws and fears to his intelligence work. At a recent conference on analytic transformation in Chicago, Wertheimer confessed to a crowd of more than 400 people that after the 9/11 attacks he felt personally responsible for not anticipating Al Qaeda's strike. He became depressed, he said, and was inconsolable until his father snapped him out of it. "I don't blame you for this," Wertheimer's dad told him, and then warned, "You're scaring your kids," who thought that whenever their father had to rush back to the office, something very bad was about to happen. Wertheimer briefly left government in 2003 to work as a technology consultant but returned two years later.
Wertheimer is like a number of other veteran intelligence officials who were involved in the global hunt for terrorists before 9/11. They feel that their own actions -- more precisely, their inactions -- allowed the disaster. Wertheimer says he blames himself and his colleagues. He thinks he personally failed and, accepting his part in a broken system, he seems to have no qualms about tearing it down and rebuilding.
"It is something that he can appreciate as being absolutely critical to the future of this country and the protection of the country, and when you hear him speak, you get caught up in that emotion," says Tim Sample, a former analyst and staff director of the House Select Committee on Intelligence who knows Wertheimer well. Sample is president of the nonprofit Intelligence and National Security Alliance, which co-hosted the Chicago conference with the intelligence director's office.
In large measure, Wertheimer's charisma comes from his willingness to defy tradition. "We are going to share more," he said in his Chicago speech. "We are going to take risks." Directing his remarks at those who would rather preserve the status quo, he said, "For the first time, the challenge is not why we can't do it; it's how you're going to find a way to secure this." Rather than appeasing members of the intelligence community who blanch at collaboration and its attendant security risks, Wertheimer lays the burden on their shoulders and tells them that if collaboration doesn't happen, they'll take the blame.
But if Wertheimer succeeds, it probably won't be by convincing his intransigent opponents. Rather, he will work with that younger generation at whom transformation is aimed. By and large, these newer members of the community are optimistic and, like him, believe that the intelligence community is dangerously broken.
"It's Huge"
Sean Wohltman, a 25-year-old counter-terrorism analyst with the National Geospatial-Intelligence Agency, embodies the kind of optimistic disillusionment that Wertheimer wants to harness. Two years after defending his master's thesis in geographic information science at Virginia Tech University, Wohltman joined the government "following a call for patriotism," he said. He encountered "disappointment and disillusionment" in his first three months on the job, however.
As Wohltman explained to the Chicago conference, "When I first logged on to what I expected to be a terminal from 24's [counter-terrorist unit] command center, I was instead driven to my agency's home page, which flashed information about an upcoming picnic and links to fill out my health insurance. And not only that, it launched in Netscape." Those in the audience who laughed understood that Netscape is an obsolete Internet browser.
Later, Wohltman explained why it mattered to him that the intelligence agencies were so far behind the technological curve. In 1999, when the popular and controversial music file-sharing system Napster debuted, he pointed out, Ricky Martin's "Livin' la Vida Loca" and other corporately manufactured pop hits topped the Billboard charts. Only artists from big record labels got mass recognition, and listeners were cut off from the bounty of independent and innovative artists who excelled in a variety of musical styles. But that year, Napster's collaborative technology allowed fans of lesser-known artists to share songs, which in turn boosted their recognition, fanned their popularity, and led to greater awareness of the wider music scene. It also fueled the market for independent music and challenged the record companies' dominance of the industry.
Taking Wohltman's analogy, Wertheimer says that the intelligence agencies could be compared to the record companies. Information is filtered through a hierarchical process that culminates in senior executives choosing what intelligence to disseminate to customers. Similar to Napster, tools such as Intellipedia and A-Space -- known as "disruptive technologies" -- bypass this process and get more information out to a wider audience.
But will collaboration guarantee better analysis? Did Napster improve music quality? Did it benefit the industry as a whole? Recording artists and companies sued Napster for copyright infringement, and the network shut down in 2001, eventually to be reborn as a pay-for-service system.
Napster did pave the way for other innovative technologies, which adapted to customers' demands to buy music a la carte, rather than having to pay for an entire album. Today, Apple's iTunes sells songs for 99 cents and threatens the record companies' control of their own products. Collaboration, in a sense, won out, and customers' demand for more music, delivered in new ways, has opened the market to more artists. "Will this lead to better music?" Wertheimer asks. "I can't believe that it will not."
Wertheimer and other transformation proponents often point to iTunes, and the hugely successful iPod music player, to support their theory that collaboration can fundamentally change and improve people's lives. And they reason that A-Space, Intellipedia, and other innovative services will create demand in the intelligence community and overwhelm the transformation naysayers.
Wertheimer channels the enthusiasm of Apple's CEO and co-founder, Steve Jobs, whose rousing keynote speeches, known as "Stevenotes," command more press coverage and world attention than speeches by most members of Congress. But as with Jobs, some skeptics question both the substance and the goal behind Wertheimer's zeal.
Early in Jobs's career, a co-worker coined the term "reality distortion field" to describe the aura that the Apple prophet cast over his spellbound audiences. The term could easily apply to Wertheimer's enthusiastic showmanship. Wikipedia describes RDF as "the idea that Steve Jobs is able to convince people to believe almost anything with a mix of charm, charisma, exaggeration, and marketing. RDF is said to distort an audience's sense of proportion or scale. Small advances are applauded as breakthroughs. Interesting developments become turning points, or huge leaps forward." (The phenomenon has been applied to other leaders, as well.)
Wertheimer does, in fact, applaud certain advances as breakthroughs that others -- particularly those outside of government -- might find underwhelming. For instance, one planned transformation program, the Library of National Intelligence, would be a repository of all the documents produced by all of the agencies. Eventually, Wertheimer hopes, analysts will search the library for key terms, and an automated system will help to judge who should have access to classified materials. He calls this program "huge."
Why is it huge? Some observers would have a hard time believing that the agencies didn't already have such a resource, the kind that most large organizations take for granted. LexisNexis, for example, contains copies of every article published in most of the country's periodicals. Following basic business practices, most companies compile and retain their internal documents for research and for legal purposes.
Wertheimer is careful to put things in perspective. "It's big," he says of the library. But then he quickly follows up: "For us, it's huge." And he's right. Much to the consternation of the WMD commission and others, this is a giant leap for the intelligence community, a kind of moon-landing moment.
But do collaborative libraries -- and wikis, blogs, networking websites, and special training -- make transformation worthwhile?
Change Without End
Mark Lowenthal retired in 2005 as the assistant director of central intelligence for analysis and production. Among seasoned intelligence officials, he is considered one of the most knowledgeable authorities on analysis, the agencies' shortcomings in that regard, and the education of young analysts in the ways of the tradecraft. So in Chicago, when Lowenthal stood up to question why Wertheimer and the DNI's office are expending so much energy on transformation, people listened intently.
"You are urging this transformation for an end that I do not understand," he told Wertheimer. "Collaboration is not an end in itself, to my mind. You want to do this, I think, ... to make analysis better. What does that mean? It means it would be faster? It would be more comprehensible? It would be more accurate more often? I don't think you have a way of knowing at the end of the day when you get there."
Lowenthal doesn't dismiss collaboration out of hand, and he has spent a sizable part of his career trying to create a true intelligence community. But his remarks reflected a palpable skepticism among those who think that it is impossible to know whether Wertheimer's ideas will actually fix intelligence. Lowenthal told him, "I think, unfortunately, a lot of this is pandering to a bunch of commissions that have no understanding of what we do for a living, or the nature of our work, and to a workforce. And I don't think that's a sufficient ground for a transformation. And so I'm left here wondering, what's the end state? For what reason?"
Wertheimer responded that he didn't have a satisfactory answer. The best he could offer, he said, were anecdotes. He has spent the past two years talking to analysts and trying to figure out what those who achieved real breakthroughs -- overcoming "hard problems," he said -- had in common.
The few successes were not enough to prove a theory, he admitted. But the one trait these breakthrough-makers shared was -- perhaps not surprisingly -- collaboration. These were analysts who challenged old assumptions, re-examined evidence that had been set aside as useless, and shared information beyond normal channels. They also, Wertheimer said, ignored their bosses' admonitions that such inquiries -- going back to ground that had been plowed unproductively before -- were "career killers." Bucking authority is another of Wertheimer's recurring themes. He says that a colleague once told him, "You will have succeeded when you become really hard to manage."
Wertheimer, however, plays down the notion of analysts as revolutionaries. "I don't like the thought that transformation is changing something from the past to something new," he says. Rather, transformation is about "creating an environment in which more things could happen than could happen in the past. It's liberating. Let's call it 'analytic liberation.' "
Wertheimer seems perfectly comfortable working in this gray area, where there is no obvious way to know whether his ideas are working and where concepts change on the fly (transformation becomes liberation) and the end goal isn't defined at the outset. Were it not for the DNI's backing, such a nebulous, high-risk approach to preventing another intelligence disaster might never take flight. Wertheimer might still go down in flames, but taking that risk appears to suit him just fine. "We can't afford the kinds of mistakes that we're making based on the way we're doing business today. It's just the bottom line," he said. Riffing off the intelligence blogger's comments, he added, "If I'm the first one to get killed, so be it."
The Hard Sell
Bravado may obscure Wertheimer's pragmatic streak. He is provocative and excitable, and sometimes brash. But those who know him well say that he is also humble and self-deprecating.
He frets that he will become too personally associated with his cause. "I'm a little worried about this being too personality-driven," he says. "This has got to be about ideas. We have to sell people on the ideas."
Wertheimer knows that the reason his pitch isn't resonating with enough people his own age is because he has failed to demonstrate how middle managers and veteran analysts -- the people who are feeling most threatened -- can take part in this grand enterprise, how they can be "liberated." Wertheimer, the realist, has promised to find a place for them. But he does not apologize for embracing young analysts and for assaulting the culture that reared him. "We don't allow our people to reach their full potential," he told the audience in Chicago. "This is a society, this is a community, that tamps down potential."
"We treat [analysis] like a guild," Wertheimer said later, a society of apprentices who study at the feet of masters. "This is like making a fine violin or studying opera. That [approach] makes a lot of sense at the scale that you build violins or have opera singers. But we're talking about massive [numbers] of young people coming in.... They learn on their own. They don't read the rule book. They don't read the owner's manual," he said. "They click buttons and investigate, and if they get bored, they do something else."
If the two sides of this generational divide are irreconcilable, Wertheimer doesn't seem worried, because the rookies have the clear majority. "It's simply a matter of time," he said. "Now, the question we all have in our minds is, how much time can we afford? We can't afford another day."
Several younger colleagues once asked Wertheimer to name his greatest career achievement at the National Security Agency. At one time, he said, he was the world's leading expert on a certain cryptographic technology, the smartest man alive on that one subject. But "that's not what makes me so accomplished," he said. "It's that I'm no longer the No. 1 expert, and that the experts are in this room, because I taught them. And they exceeded everything I could have done on my own."
That's one way Wertheimer judges success: Someone comes along and does it better. It doesn't quite answer his critics' concerns that his ideas might be flawed to begin with. But Wertheimer is a strong believer in the "wisdom of crowds." He and his bosses are betting that collaboration is the way to fix what's broken with intelligence and, by extension, to keep people from dying. If they are right that transformation, in all its forms, is the key to stopping another terrorist attack, or to avoiding another catastrophic intelligence failure, then it seems a decent bet that the next generation of analysts will follow Wertheimer's lead.
"If I can just start something for which a handful of folks better and smarter than me take over," he said, "if you could put that in my epitaph, I would die a happy man."
Published in National Journal
Labels: Director of National Intelligence, Human Capital, Intelligence, Management, Technology, Terrorism
Full Article
Intelligence Innovation Lags
Friday, August 03, 2007
America's declining influence over scientific and technological innovation has had "an enormous impact" on U.S. intelligence agencies, and "makes it more likely that our adversaries can employ the very same -- or perhaps even more advanced" -- science and technology than that available to the United States. That's the assessment from the Intelligence Science Board, which advises senior intelligence leaders.
In a report issued in November, parts of which were recently obtained by National Journal, the board warned that although the United States remains the world leader in some fields of science and engineering, that position is slipping -- and the slide imperils the intelligence community's ability to adapt to a dramatically changing technological landscape that terrorists are increasingly exploiting.
Terrorists have used the Internet, which has enabled a "worldwide diffusion" of knowledge, to gather and transmit scientific and technological know-how, leading to "incredible capabilities that our adversaries have exploited and used to further the goals of radical Islam," the report states. The assessment doesn't specify the capabilities, but terrorists are widely known to use the Internet to communicate with each other, disseminate propaganda, and publish information on building bombs and designing attacks.
The report, which is marked "For Official Use Only," was prepared for the Office of the Director of National Intelligence; National Journal obtained portions of it from a source outside that office. It casts the U.S. decline in overall research and development as an enormous challenge to the intelligence agencies' ability to collect information about new adversaries. The board calls for "an entirely new approach to increasing the contribution of" science and technology to intelligence capabilities, but it offers a bleak assessment of the progress made on that front. "Neither the intelligence community nor the S&T establishment," the report states, "has put forth viable strategies for accomplishing this change."
Against this backdrop, the DNI is launching a research-and-development effort to provide "breakthrough" technologies for the intelligence agencies, including sensors and communications devices that can help human spies collect more-detailed information. This research extends beyond the traditional realm of satellite imagery and eavesdropping to include an emphasis on devices that spies can use to narrowly target individuals and groups, and to anticipate their movements.
Beginning next year, R&D efforts that have application for many, or all, of the intelligence agencies will be centralized in a single outfit called the Intelligence Advanced Research Projects Activity and dubbed iARPA. Modeled after the Defense Department's hugely successful DARPA, which developed stealth aircraft and paved the way for the Internet, iARPA will pull together research funds from across the agencies to increase the chances of fielding new, better technologies, according to Steve Nixon, director of science and technology for the DNI.
The research agency will officially open its doors in October 2008. Its goal is to ensure that new technologies don't take the intelligence agencies by surprise, Nixon said. But it will also look for tools to surprise America's adversaries and to collect information about them in ways they haven't anticipated or don't understand. "We really need to pursue surprise in the intelligence community more than we have before," Nixon said.
During the Cold War, the United States deployed fleets of spy satellites to track Soviet military movements. But terrorists operate in a fundamentally different way than do nation states -- their network "resembles a metastasized cancer that has spread through the world body," according to the intelligence board. Terrorists are, by their very nature, harder to track and anticipate. For that reason, "precisely targeted intelligence represents the best way to combat spreading terrorism," and the intelligence community must do a better job of developing the tools to do that, the report states.
According to Nixon, iARPA will focus on improving intelligence collection and analysis. "We think we can do more to help analysts deal with information," he said. Today, much of the most valuable information about terrorism resides in the world of open sources -- the Internet, the media, and academia. The intelligence agencies have spent millions of dollars on efforts to keep this multiplicity of sources and huge volume of information from overwhelming their analysts.
The Intelligence Science Board emphasized that U.S. spies need to keep pace with the increasingly rapid development and deployment of new technologies but found that, in large measure, the government is in the dark about new R&D and unable to direct it.
The report starkly states: "The government now has far less control than before over the problems addressed, the selection of personnel to perform the work, and the locations where the work is carried out, and less knowledge than ever before of what work is actually being done." Decades ago, the federal government, and particularly military and space programs, were the primary drivers of American R&D. Over time, that balance shifted, and today the private sector directs almost all new research.
The new research unit will absorb research funds from three other agencies: the Disruptive Technology Office, once overseen by the National Security Agency and now under the DNI, which designs and vets computer programs that help analysts cope with large sets of data; a CIA research unit called the Intelligence Technology Innovation Center; and the National Technology Alliance, which focuses on a range of issues, including biological, chemical, and nuclear countermeasures. The alliance is housed at the National Geospatial Intelligence Agency, which produces imagery and detailed maps for military and homeland-security operations.
Some intelligence officials are hopeful about iARPA's potential. "It could be a good thing," said Mark Reardon, director of the National Technology Alliance. Founded in 1987, the NTI encourages small businesses, especially those not accustomed to working with the government, to bring new technologies to the intelligence community.
The CIA "has made a serious commitment of resources -- people and dollars -- to strengthen technology programs" at the community-wide level, meaning those that apply to more than one intelligence agency, said Paul Gimigliano, an agency spokesman. "Those resources would be at the heart of iARPA. But we still need, and will still have, a strong focus on research and innovation within the CIA itself," he said. The agency has a "full range of technical issues intrinsic to the agency's specialty, clandestine operations," he added.
Nixon said that the agencies whose funds iARPA is subsuming had worked on projects with outside applications but were all under pressure to meet their own needs. He emphasized that iARPA is not taking over all of the other agencies' research budgets. "We're talking about money that was only set aside for future community research."
The Intelligence Science Board urged caution when combining all research programs under one umbrella, arguing that doing so could stymie innovation and "maximize the probability of failure, not success" if the new efforts were inadequately funded. "That legacy would have agonizing consequences," the report stated.
The board also wrote that its members "enthusiastically support the iARPA concept" but asserted that existing research programs "lack adequate staffing and finances." (The intelligence research budgets are classified.) The board urged the director of national intelligence to use his authority to reallocate agency budgets and to fund iARPA "at a minimum of double the level of the existing organizations." A funding increase, the board argued, was needed to free up more money for new ideas and longer-term projects, "and avert poaching on programs already under way."
One former intelligence official, who asked not to be identified because Congress has yet to pass next year's intelligence budget, worried that Congress hasn't sufficiently funded iARPA, and questioned whether administration officials had pushed hard enough for more money. The official also described significant resistance at the individual agencies to giving up any resources, and cautioned that iARPA could stymie innovation if it "stovepipes" research and development all in one place.
Nixon, while not addressing the specifics of the report, said that iARPA will centrally manage contracts and projects but that outside researchers and other agencies will handle much of the work. He also said that, following the DARPA model, the new agency would limit the tenure of its managers as a way of ensuring a constant flow of new talent and ideas.
Published in National Journal
Friday, August 03, 2007
America's declining influence over scientific and technological innovation has had "an enormous impact" on U.S. intelligence agencies, and "makes it more likely that our adversaries can employ the very same -- or perhaps even more advanced" -- science and technology than that available to the United States. That's the assessment from the Intelligence Science Board, which advises senior intelligence leaders.
In a report issued in November, parts of which were recently obtained by National Journal, the board warned that although the United States remains the world leader in some fields of science and engineering, that position is slipping -- and the slide imperils the intelligence community's ability to adapt to a dramatically changing technological landscape that terrorists are increasingly exploiting.
Terrorists have used the Internet, which has enabled a "worldwide diffusion" of knowledge, to gather and transmit scientific and technological know-how, leading to "incredible capabilities that our adversaries have exploited and used to further the goals of radical Islam," the report states. The assessment doesn't specify the capabilities, but terrorists are widely known to use the Internet to communicate with each other, disseminate propaganda, and publish information on building bombs and designing attacks.
The report, which is marked "For Official Use Only," was prepared for the Office of the Director of National Intelligence; National Journal obtained portions of it from a source outside that office. It casts the U.S. decline in overall research and development as an enormous challenge to the intelligence agencies' ability to collect information about new adversaries. The board calls for "an entirely new approach to increasing the contribution of" science and technology to intelligence capabilities, but it offers a bleak assessment of the progress made on that front. "Neither the intelligence community nor the S&T establishment," the report states, "has put forth viable strategies for accomplishing this change."
Against this backdrop, the DNI is launching a research-and-development effort to provide "breakthrough" technologies for the intelligence agencies, including sensors and communications devices that can help human spies collect more-detailed information. This research extends beyond the traditional realm of satellite imagery and eavesdropping to include an emphasis on devices that spies can use to narrowly target individuals and groups, and to anticipate their movements.
Beginning next year, R&D efforts that have application for many, or all, of the intelligence agencies will be centralized in a single outfit called the Intelligence Advanced Research Projects Activity and dubbed iARPA. Modeled after the Defense Department's hugely successful DARPA, which developed stealth aircraft and paved the way for the Internet, iARPA will pull together research funds from across the agencies to increase the chances of fielding new, better technologies, according to Steve Nixon, director of science and technology for the DNI.
The research agency will officially open its doors in October 2008. Its goal is to ensure that new technologies don't take the intelligence agencies by surprise, Nixon said. But it will also look for tools to surprise America's adversaries and to collect information about them in ways they haven't anticipated or don't understand. "We really need to pursue surprise in the intelligence community more than we have before," Nixon said.
During the Cold War, the United States deployed fleets of spy satellites to track Soviet military movements. But terrorists operate in a fundamentally different way than do nation states -- their network "resembles a metastasized cancer that has spread through the world body," according to the intelligence board. Terrorists are, by their very nature, harder to track and anticipate. For that reason, "precisely targeted intelligence represents the best way to combat spreading terrorism," and the intelligence community must do a better job of developing the tools to do that, the report states.
According to Nixon, iARPA will focus on improving intelligence collection and analysis. "We think we can do more to help analysts deal with information," he said. Today, much of the most valuable information about terrorism resides in the world of open sources -- the Internet, the media, and academia. The intelligence agencies have spent millions of dollars on efforts to keep this multiplicity of sources and huge volume of information from overwhelming their analysts.
The Intelligence Science Board emphasized that U.S. spies need to keep pace with the increasingly rapid development and deployment of new technologies but found that, in large measure, the government is in the dark about new R&D and unable to direct it.
The report starkly states: "The government now has far less control than before over the problems addressed, the selection of personnel to perform the work, and the locations where the work is carried out, and less knowledge than ever before of what work is actually being done." Decades ago, the federal government, and particularly military and space programs, were the primary drivers of American R&D. Over time, that balance shifted, and today the private sector directs almost all new research.
The new research unit will absorb research funds from three other agencies: the Disruptive Technology Office, once overseen by the National Security Agency and now under the DNI, which designs and vets computer programs that help analysts cope with large sets of data; a CIA research unit called the Intelligence Technology Innovation Center; and the National Technology Alliance, which focuses on a range of issues, including biological, chemical, and nuclear countermeasures. The alliance is housed at the National Geospatial Intelligence Agency, which produces imagery and detailed maps for military and homeland-security operations.
Some intelligence officials are hopeful about iARPA's potential. "It could be a good thing," said Mark Reardon, director of the National Technology Alliance. Founded in 1987, the NTI encourages small businesses, especially those not accustomed to working with the government, to bring new technologies to the intelligence community.
The CIA "has made a serious commitment of resources -- people and dollars -- to strengthen technology programs" at the community-wide level, meaning those that apply to more than one intelligence agency, said Paul Gimigliano, an agency spokesman. "Those resources would be at the heart of iARPA. But we still need, and will still have, a strong focus on research and innovation within the CIA itself," he said. The agency has a "full range of technical issues intrinsic to the agency's specialty, clandestine operations," he added.
Nixon said that the agencies whose funds iARPA is subsuming had worked on projects with outside applications but were all under pressure to meet their own needs. He emphasized that iARPA is not taking over all of the other agencies' research budgets. "We're talking about money that was only set aside for future community research."
The Intelligence Science Board urged caution when combining all research programs under one umbrella, arguing that doing so could stymie innovation and "maximize the probability of failure, not success" if the new efforts were inadequately funded. "That legacy would have agonizing consequences," the report stated.
The board also wrote that its members "enthusiastically support the iARPA concept" but asserted that existing research programs "lack adequate staffing and finances." (The intelligence research budgets are classified.) The board urged the director of national intelligence to use his authority to reallocate agency budgets and to fund iARPA "at a minimum of double the level of the existing organizations." A funding increase, the board argued, was needed to free up more money for new ideas and longer-term projects, "and avert poaching on programs already under way."
One former intelligence official, who asked not to be identified because Congress has yet to pass next year's intelligence budget, worried that Congress hasn't sufficiently funded iARPA, and questioned whether administration officials had pushed hard enough for more money. The official also described significant resistance at the individual agencies to giving up any resources, and cautioned that iARPA could stymie innovation if it "stovepipes" research and development all in one place.
Nixon, while not addressing the specifics of the report, said that iARPA will centrally manage contracts and projects but that outside researchers and other agencies will handle much of the work. He also said that, following the DARPA model, the new agency would limit the tenure of its managers as a way of ensuring a constant flow of new talent and ideas.
Published in National Journal
Labels: Director of National Intelligence, Intelligence, Technology, Terrorism
Full Article
The Terrorism Enhancement: An obscure law stretches the definition of terrorism, and metes out severe punishments.
Friday, July 13, 2007
There’s no doubt about it: Daniel McGowan is a criminal. In January 2001, he stood lookout while other members of a radical environmentalist group set fire to the offices of the Superior Lumber Co. in the tiny southwestern Oregon town of Glendale. In statement issued after the fire, McGowan justified the after-hours assault, calling Superior “a typical earth raper contributing to the ecological destruction of the Northwest.” Five months later, in the northern town of Clatskanie, McGowan and others torched a farm that grew hybrid poplar-cottonwood trees, which they denounced in another public message as “an ecological nightmare threatening native biodiversity in the ecosystem.” At the scene, McGowan painted the letters ELF, the acronym of the Earth Liberation Front, an underground band of economic saboteurs responsible for a string of arsons across the Northwest and in Colorado and Wyoming. McGowan, fully committed to ELF’s violent tactics, caused more than $2 million in property damage. He is, by the letter of the law and by his own admission of involvement in the two fires, an arsonist.
But is Daniel McGowan a terrorist? As far as the law is concerned, yes. Last month, a U.S. District Court judge in Eugene, Ore., ruled that McGowan set the fire at the tree farm to intimidate state governments. Specifically, the Clatskanie statement had declared, “Pending legislation in Oregon and Washington further criminalizing direct action in defense of the wild will not stop us and only highlights the fragility of the ecocidal empire.” That one sentence, the judge found, showed that McGowan meant to influence the conduct of government by intimidation or coercion, a particular legal standard that elevated his crime from simple arson to terrorism. Under the law, that gave the judge the authority to increase McGowan’s sentence to life in prison. In the end, however, she gave him seven years for his role in the arsons, partly because McGowan helped to persuade his co-conspirators to plead guilty.
McGowan is one of the latest defendants to come under the so-called terrorism enhancement, an obscure measure that allows judges to dramatically increase a person’s sentence if his or her offense “involved, or was intended to promote, a federal crime of terrorism,” as defined by Congress. Enacted in 1995 after the bombings of the World Trade Center and the Alfred P. Murrah Federal Building in Oklahoma City, the law aimed to stiffen sanctions rather than create new categories of crimes.
There is no comprehensive accounting of how often the enhancement has been used, but in the last eight years, federal prosecutors have successfully applied it against at least 57 individuals, according to the U.S. Sentencing Commission and court records. (There is no way to determine how many times prosecutors might have been unsuccessful.) Some of their crimes fit the traditional concept of terrorism, at least the one that the public has come to know in the wake of the 9/11 attacks: indiscriminant assaults on civilian populations, usually inspired by a fundamentalist religious ideology, that are intended to cause mass casualties.
However, an extensive examination by National Journal of cases where the enhancement was in play suggests that the government more often targets individuals who didn’t commit a religiously motivated act of terrorism, or who consciously avoided human casualties. Some defendants were driven by political outrage, and specifically targeted government facilities. But their crimes, while serious and violent, were covered by well-established definitions and punishments.
“We already have a very solid sentencing structure that punishes people for their crimes. This is beyond that,” says Deborah Buckman, a lawyer and an author for the professional journal American Law Reports Federal, who wrote a lengthy report on terrorism enhancements.
Stretching the Limits
In addition to McGowan, judges have imposed the enhancement on criminals for whom the label “terrorist” strikes some lawyers and judges as dubious. They include two men who set fire to an Internal Revenue Service office to protest tax collection; an anti-abortion activist who concocted a plan to blow up abortion clinics but never carried it out; a mentally ill man who telephoned bomb threats against local government offices and a television station; and a man who threatened a federal judge who had ruled against him in a trademark infringement case. Because of his plea deal, McGowan did not receive a tougher sentence despite the judge’s finding. But in other cases, the enhancement has dramatically increased the defendant’s prison time—sometimes more than threefold.
National Journal reviewed 35 cases that were publicly available through legal databases or court records. Fewer than half—13—involved individuals accused of supporting or conspiring with radical Islamic organizations. Three defendants were found to have actively engaged in formulating plots—one to attack the New York City subway system, the other the foiled attack on Los Angeles International Airport during New Year’s celebrations in 1999. A judge also applied the enhancement to John Walker Lindh’s conviction for supplying services to the Taliban regime, and he received a 20-year sentence.
The remaining defendants in those 13 cases provided “material support” to terrorist groups or engaged in preliminary plotting. In one case, the enhancement was applied to a young man who had backed out of a plan to blow up electrical substations in Florida. The government apparently has not sought the enhancement in some high-profile terrorism cases, including that of Zacarias Moussaoui, who was convicted of conspiracy in connection with the September 11 attacks and sentenced to life imprisonment without invoking the enhancement. However, prosecutors did use the law against the “Lackawanna Six,” a group of U.S. citizens in New York state who pleaded guilty to providing material support to Al Qaeda.
The application of the terrorism enhancement has largely been overlooked by the media, legal scholars, Congress, and terrorism analysts. The Justice Department is tight-lipped about how prosecutors determine when to seek it. Department officials declined National Journal’s request for an interview, and several federal prosecutors were reluctant to speak on the record about what motivates them to use it. Dean Boyd, the spokesman for Justice’s National Security Division, which oversees terrorism matters, said, “The decision by federal prosecutors to seek [the] enhancement depends on the facts and circumstances of each particular case. Ultimately, it is up to a federal judge to determine whether or not to apply the enhancement at sentencing.”
The enhancement has outraged some defense lawyers and judges, who see it as a government shortcut to label criminals as terrorists and to punish them in extraordinary ways. A judge, not a jury, decides whether the enhancement applies, based on a threshold of evidence lower than reasonable doubt. The enhancement automatically elevates a defendant’s criminal history—a key factor used to calculate sentences—to the highest possible level. It directs judges to increase the sentencing range at least “12 levels,” which can add 20 years. A defendant convicted of a relatively minor crime could suddenly find himself serving prison time on par with a hardened offender.
“It’s a very onerous enhancement, so when it applies, it’s really devastating,” says James Felman, a criminal defense lawyer and national authority on sentencing guidelines.
And it’s not just the enhancement’s severity that worries some experts. Courts have ruled that a judge can apply it even if a defendant wasn’t convicted of a terrorism act per se. The government need only convince a judge that the crime in question was aimed at the government and that it “involved, or was intended to promote” a specific act of terrorism—even one that was never carried out.
Congressional Confusion
Congress created the terrorism enhancement, not surprisingly, in response to terrorism. As early as 1991, but particularly after the World Trade Center bombing two years later, lawmakers and the Clinton administration realized that crimes involving terrorism—even if the act itself was already covered by statute—needed to be identified in law as such and accorded stiffer punishment. They wanted to account for the severity of the offenses, particularly the indiscriminant killing of civilians, and to deter future acts.
At the same time, lawmakers wanted to carefully define what qualified as terrorism. They had their work cut out for them. For starters, there was no crime of terrorism on the books. There still isn’t: Congress instead sought tougher sentences for a range of existing crimes when they were motivated by terrorist impulses.
Motive has always been a key to defining terrorism. That is, in fact, how society distinguishes the crime from other violent acts, such as murder or arson. Motivation and intent are also key factors in determining sentences. So, in the mid-1990s, Congress ordered the Sentencing Commission, which promulgates the guidelines, to include an anti-terrorism factor in the sentencing phase that accounted for specific crimes and required a basic motivation to affect, influence, or retaliate against government conduct.
Lawmakers gave explicit instructions that the enhancement had to meet two tests. First, there was the government-focused motive of the crime. That was broad, to be sure, but then Congress narrowed things a bit. The enhancement had to apply to one or more specific offenses enumerated in a section of the U.S. Code covering “acts of terrorism transcending national boundaries.” This was, in effect, a master list that Congress wanted judges to use. Today, it contains more than 55 discrete offenses that qualify as terrorism when the requisite motive is present, including destruction of aircraft; use of biological and chemical weapons; the burning or bombing of government property in a way that risks or causes death; providing material support to terrorists; attacks on energy facilities; and assassinating the president.
In so doing, lawmakers wanted to ensure that judges would not apply the terrorism label too broadly. In its conference report on the anti-terrorism legislation that established the sentencing enhancement, the House Judiciary Committee signaled Congress’s intent: “In order to keep a sentencing judge from assigning a terrorist label to crimes that are truly not terrorist, and to adequately punish the terrorist for his offense, it is appropriate to define the term.”
Something, it seems, got lost in translation. The Sentencing Commission’s final version of the enhancement includes a key phrase that never appears in the congressional record: “ … involved, or is intended to promote, a federal crime of terrorism.” On the basis of those 11 words, judges have applied the enhancement broadly—perhaps more broadly than Congress
intended.
An enhancement for “international terrorism,” which had been on the books less than a year, did contain the phrase “involved or is intended to promote.” But there is no indication that Congress intended it to apply to the subsequent version that more specifically defined a crime of terrorism. Still, based on this arguably broader guideline, judges have consistently ruled that a defendant need not be convicted of one of the enumerated crimes of terrorism for the enhancement to apply, so long as the motivation is there. These judges have exhaustively researched the definitions of “involved” and “intended to promote,” pulling out case law, precedent, and even the dictionary.
A Landmark Case
The U.S. Court of Appeals for the 6th Circuit upheld this reading of the guidelines in a landmark enhancement case, which it decided only a few months after the September 11 attacks. Randy Graham, a Michigan marijuana farmer and member of the North American Militia, had been convicted of conspiracy against the United States, as well as various weapons and drug violations. Graham had plotted to launch a “first strike” on the U.S. government by attacking various communications, transportation, and energy facilities, and killing certain federal officials. A District Court judge applied the enhancement to one of his convictions—for an offense not contained in the list of terrorism crimes—finding that Graham intended to promote an act of terrorism by plotting to attack various federal facilities. (He never carried out the plan.) The underlying offense carried a maximum penalty of five years in prison; the judge boosted Graham’s sentence to 55 years.
In a vigorous dissent, Judge Avern Cohn said that Congress never intended for people not convicted of a crime of terrorism to be subject to the enhancement. Senators, in their final conference report, gave the Sentencing Commission clear instructions: The new provision was “applicable only to those specifically listed federal crimes of terrorism, upon conviction of those crimes with the necessary motivational element.” Cohn said he was at a loss to determine why the Sentencing Commission included “involved, or was intended to promote” in the final version, because Congress never instructed it to do so. As he saw it, the commission had gotten it wrong, and the judge who sentenced Graham had made the same mistake.
Cohn had no sympathy for Graham. He wrote that his disagreement on the enhancement issue “should not be considered in any way a denigration of Graham’s crimes or in any way an attempt to simply ameliorate the severity of his sentence.” But to apply the enhancement “effectively labels Graham a terrorist and his activity as displayed in the record as terroristic activity,” Cohn wrote. And that was “grossly contrary to the language…defining a ‘federal crime of terrorism,’ as well as the congressional intent to keep the definition narrow.”
Even with the shock of the attacks on the World Trade Center and the Pentagon still fresh, Cohn found little comparison with Graham’s conduct. “Graham’s actions depict grossly less offensive, and qualitatively different, conduct than that displayed on September 11, 2001.” Cohn added that Congress’s concern in drafting the enhancement was “much like the concern of the delegates to the Constitutional Convention of 1787 over the definition of ‘treason,’ that ‘terrorism’ being a phrase which carries far-reaching connotations … is not to be used indiscriminately and must be carefully defined.”
Critics of the terrorism enhancement have seized on this issue of congressional intent to argue that the courts have veered into forbidden territory. Whether Congress agrees is hard to gauge. The lawmakers and staff involved in creating the enhancement have either retired or taken new jobs. Several former House Judiciary Committee aides contacted by National Journal couldn’t recall the details of the proceedings. By all accounts, Congress hasn’t examined use of the terrorism enhancement since it created it more than a decade ago.
The Punishment and the Crime
Many lawyers who have argued against the law had never heard of it until their clients were facing long prison terms. Sometimes they won partial victories.
William Mason, a criminal defense lawyer in Columbus, Ga., represented Eddie Garey, who was convicted of making several telephone bomb threats involving buildings in Macon. (The trial was moved to Columbus, 100 miles away, because of extensive publicity.) Garey objected to the government’s recommendation that the terrorism enhancement be applied. It was a first for Mason, his court-appointed attorney. “We don’t get any terrorism cases in Columbus, Georgia,” he says.
A jury convicted Garey, whom Mason describes as “mentally ill,” of 27 counts arising from threats to blow up the Macon City Hall, a shopping mall, and a local television station. According to the indictment, over a nine-day period in September 2003, Garey called the threats in to the local 911 center, altering his voice and making demands for cash. Authorities traced the calls to Garey’s home and caught him in the act. “My client was arrested standing in the hallway of his house buck naked making a 911 call,” Mason says.
Garey’s presentencing report, prepared by a local probation officer, recommended the enhancement because he was convicted of a crime involving the use of a weapon of mass destruction—an enumerated crime of terrorism—and because evidence at trial showed that Garey attempted to influence the conduct of government. The requisite elements were all there. Garey already faced a lengthy sentence based on the seriousness of his crimes, but the enhancement elevated his criminal history to the highest level. The probation report recommended a life sentence.
U.S. District Judge Clay D. Land found that a life sentence technically fit the guidelines. But there was a bigger principle at stake, he said, namely the overarching law that sentences must be based upon “the nature and circumstance of the offense and characteristics of the defendant.” The law directs a judge to impose a sentence that metes out appropriate punishment but not one that is more severe than necessary. In Garey’s case, a life term was excessive, regardless of what the terrorism enhancement dictated, Land ruled.
“In this case, the guidelines increase the defendant’s offense by 12 levels [approximately 20 years] for conduct of which he was not convicted by a jury,” the judge found. Garey was “arguably being held criminally responsible for conduct for which he was not indicted.” Because of the enhancement, Land pointed out, Garey faced a harsher punishment for threatening to blow up a building than would someone who actually followed through on that threat. “A violation for ‘threatening’ to commit an offense of international terrorism … has a maximum sentence of 10 years. Yet, this defendant, who ‘threatened’ to bomb various public facilities, faces life imprisonment.” The judge continued, “It is also troubling that another defendant who carried out a threat to bomb public facilities, injuring and maiming (but not killing) thousands of people, would face the same sentence as this defendant who did not cause physical injury to a single person.”
Land said that elevating Garey’s criminal history to the highest level “ignores the individual ‘history and characteristics’ of the defendant, and instead places too much weight on a questionable interpretation of what constitutes a federal crime of terrorism under the guidelines.”
Land reduced Garey’s criminal history level to the middle range and applied a new sentence—30 years.
Mason, Garey’s attorney, says that there’s no doubt his client’s behavior was “terror-invoking.” But he thinks that the enhancement is not being applied the way that Congress intended. “They want to be able to punish the guy who helped the [9/11 hijackers] sign up for flight school,” Mason says. Garey, by contrast, is an obviously disturbed man who never carried out his threats.
At least one other court has also balked at the dramatic sentencing increases imposed by the enhancement. In July 2004, the U.S. Court of Appeals for the 11th Circuit ruled on the case of Imran Mandhai, an apparently confused would-be jihadist who, over the course of several months, committed to and then backed out of a plot to blow up electrical substations in Florida. Whether Mandhai—who was 18 at the time—really intended to wage war against the government, he never followed through. But in May 2002, the government charged him with conspiring to blow up the stations; Mandhai pleaded guilty in exchange for a reduced sentence.
Federal prosecutors sought the terrorism enhancement, and a judge found that it applied. But he also reduced Mandhai’s sentence because the crime was inchoate. The government appealed to the 11th Circuit, which found that the district judge had acted improperly in the way he reduced Mandhai’s sentence but that he was right to consider the totality of Mandhai’s actions when deciding to deviate from the enhancement’s harsh penalty.
“The terrorism enhancement prevents the penalty from fitting the crime, based on the facts of this record,” the court ruled. “It is easy to forget that the sentencing guidelines are merely that—guidelines. Any attempt to remove all judicial discretion in sentencing would raise serious concerns about the separation of powers.”
The judges remanded Mandhai’s case, and he ultimately received a 14-year prison sentence. Last October, the Supreme Court denied his petition for a hearing. To date, the high court has not heard a single case involving the terrorism enhancement.
A Winning Streak
Taken on their own, the passionate objections and deep concerns surrounding the terrorism enhancement might suggest that the government is having a hard time getting the law to stick. In fact, the opposite is true.
The review of publicly available cases shows that judges uphold the government’s request for an enhancement far more often than they deny it. Prosecutors obtained the enhancement in 27 of the 35 cases that National Journal reviewed—more than 75 percent. To be sure, in a number of those cases the defendants did not object to the enhancement. The Lackawanna Six, for instance, agreed that it would be applied as part of their guilty pleas, and they were spared the 20-years-plus sentences because they cooperated with federal terrorism investigations.
But the government clearly wins on the enhancement more times than it loses, even when defendants object. Despite the skeptical opinions expressed by Cohn, Land, and the judges on the 11th Circuit, most judges appear to have had little problem accepting the guidelines at face value. This isn’t a leap of faith on their part. When it comes to matters of statutory interpretation, judges follow the language of the rule they’re given: They use it for a crime that “involved, or was intended to promote, a
federal crime of terrorism.”
In Daniel McGowan’s case, District Judge Ann Aiken noted that several judges before her—including those in the Graham and Mandhai cases—had offered no contrary statutory interpretation. Aiken applied the enhancement to one of McGowan’s crimes and to others committed by six of his co-defendants. The environmental saboteurs had been rounded up as part of the FBI’s Operation Backfire, a multi-agency investigation of ELF and the Animal Liberation Front.
The enhancement became a central focus of the Backfire cases. Environmental activists accused the government of trying to brand the defendants as “eco-terrorists” to advance the Bush administration’s security agenda. Defense attorneys strenuously objected to the enhancement, which they felt could land their clients in maximum-security penitentiaries with the most hardened criminals.
Echoing the sentiments of other Backfire defendants, the attorney for Kevin Tubbs, who pleaded guilty to multiple counts of arson and conspiracy, noted that the saboteurs took great pains to ensure that no one was harmed in the course of their crimes. (ELF and ALF are fundamentally opposed to taking any life, animal or human, their supporters say.) “A terrorist’s goal is to cause death, because death is the ultimate tool. Death is the ultimate source of fear,” Marc Friedman wrote in a 31-page objection
to the enhancement. “The government, and in particular this administration’s, use of the term ‘eco-terrorism’ and their efforts to tie these actions to domestic terrorism is misplaced. It seeks to place the actions of a loose group of animal rights and environmental activists on par with Timothy McVeigh [who blew up the Murrah Federal Building] and Al Qaeda.”
Friedman cited Judge Cohn’s dissent in the Graham case, arguing that Congress and the Sentencing Commission didn’t envision applying the law to defendants such as Tubbs, “defendants with no long history of association with international terrorist cells.” He portrayed his client as a passionate yet easily persuaded and manipulated man who, for a short period, engaged in “wrongful activities” for which he accepted full responsibility.
Judge Aiken was unmoved by Tubbs’s argument and those of his co-defendants. In sentencing Tubbs to 12 years and seven months’ imprisonment, she said that he had used fear as a tool. “You have created fear, made people fearful in their workplaces and homes,” she said. “Fear and intimidation can play no part in changing hearts and minds in a democracy.” Addressing the larger group of defendants, Aiken lamented, “You all seem to be very smart people. Why couldn’t kindness have been your tool? Stop destroying the Earth to send a message.”
In sentencing the activists under the terrorism enhancement, Aiken insisted that she was not trying to send a message. “The issue the court must decide is not whether the defendants are ‘terrorists’ as the word is commonly used,” she wrote in a lengthy ruling. “Nor is it appropriate for the court to speculate whether the government seeks to promote a particular political agenda or to punish a particular form of activism in requesting the terrorism enhancement.… The debate is about the defendants' criminal conduct—not their political beliefs.”
Prosecutors spent considerable time and energy securing the enhancement. They refused to take it off the table during plea negotiations, says Amanda Lee, McGowan’s attorney. But in the end, none of the defendants received more prison time. In fact, the government recommended reductions equal to the enhancement’s increases. The terrorism label stuck—and McGowan, as part of his plea, agreed not to appeal—but it had no real effect on the sentences.
The government has recommended reduced sentences, usually for cooperative defendants, in a number of other cases where it sought the enhancement. In still others, prosecutors have sought the enhancement only after a defendant reneged on an agreement to cooperate. This has led some analysts to conclude that it’s not always policy and principle that guide the government’s decisions on whom to treat as a terrorist.
Friday, July 13, 2007
There’s no doubt about it: Daniel McGowan is a criminal. In January 2001, he stood lookout while other members of a radical environmentalist group set fire to the offices of the Superior Lumber Co. in the tiny southwestern Oregon town of Glendale. In statement issued after the fire, McGowan justified the after-hours assault, calling Superior “a typical earth raper contributing to the ecological destruction of the Northwest.” Five months later, in the northern town of Clatskanie, McGowan and others torched a farm that grew hybrid poplar-cottonwood trees, which they denounced in another public message as “an ecological nightmare threatening native biodiversity in the ecosystem.” At the scene, McGowan painted the letters ELF, the acronym of the Earth Liberation Front, an underground band of economic saboteurs responsible for a string of arsons across the Northwest and in Colorado and Wyoming. McGowan, fully committed to ELF’s violent tactics, caused more than $2 million in property damage. He is, by the letter of the law and by his own admission of involvement in the two fires, an arsonist.
But is Daniel McGowan a terrorist? As far as the law is concerned, yes. Last month, a U.S. District Court judge in Eugene, Ore., ruled that McGowan set the fire at the tree farm to intimidate state governments. Specifically, the Clatskanie statement had declared, “Pending legislation in Oregon and Washington further criminalizing direct action in defense of the wild will not stop us and only highlights the fragility of the ecocidal empire.” That one sentence, the judge found, showed that McGowan meant to influence the conduct of government by intimidation or coercion, a particular legal standard that elevated his crime from simple arson to terrorism. Under the law, that gave the judge the authority to increase McGowan’s sentence to life in prison. In the end, however, she gave him seven years for his role in the arsons, partly because McGowan helped to persuade his co-conspirators to plead guilty.
McGowan is one of the latest defendants to come under the so-called terrorism enhancement, an obscure measure that allows judges to dramatically increase a person’s sentence if his or her offense “involved, or was intended to promote, a federal crime of terrorism,” as defined by Congress. Enacted in 1995 after the bombings of the World Trade Center and the Alfred P. Murrah Federal Building in Oklahoma City, the law aimed to stiffen sanctions rather than create new categories of crimes.
There is no comprehensive accounting of how often the enhancement has been used, but in the last eight years, federal prosecutors have successfully applied it against at least 57 individuals, according to the U.S. Sentencing Commission and court records. (There is no way to determine how many times prosecutors might have been unsuccessful.) Some of their crimes fit the traditional concept of terrorism, at least the one that the public has come to know in the wake of the 9/11 attacks: indiscriminant assaults on civilian populations, usually inspired by a fundamentalist religious ideology, that are intended to cause mass casualties.
However, an extensive examination by National Journal of cases where the enhancement was in play suggests that the government more often targets individuals who didn’t commit a religiously motivated act of terrorism, or who consciously avoided human casualties. Some defendants were driven by political outrage, and specifically targeted government facilities. But their crimes, while serious and violent, were covered by well-established definitions and punishments.
“We already have a very solid sentencing structure that punishes people for their crimes. This is beyond that,” says Deborah Buckman, a lawyer and an author for the professional journal American Law Reports Federal, who wrote a lengthy report on terrorism enhancements.
Stretching the Limits
In addition to McGowan, judges have imposed the enhancement on criminals for whom the label “terrorist” strikes some lawyers and judges as dubious. They include two men who set fire to an Internal Revenue Service office to protest tax collection; an anti-abortion activist who concocted a plan to blow up abortion clinics but never carried it out; a mentally ill man who telephoned bomb threats against local government offices and a television station; and a man who threatened a federal judge who had ruled against him in a trademark infringement case. Because of his plea deal, McGowan did not receive a tougher sentence despite the judge’s finding. But in other cases, the enhancement has dramatically increased the defendant’s prison time—sometimes more than threefold.
National Journal reviewed 35 cases that were publicly available through legal databases or court records. Fewer than half—13—involved individuals accused of supporting or conspiring with radical Islamic organizations. Three defendants were found to have actively engaged in formulating plots—one to attack the New York City subway system, the other the foiled attack on Los Angeles International Airport during New Year’s celebrations in 1999. A judge also applied the enhancement to John Walker Lindh’s conviction for supplying services to the Taliban regime, and he received a 20-year sentence.
The remaining defendants in those 13 cases provided “material support” to terrorist groups or engaged in preliminary plotting. In one case, the enhancement was applied to a young man who had backed out of a plan to blow up electrical substations in Florida. The government apparently has not sought the enhancement in some high-profile terrorism cases, including that of Zacarias Moussaoui, who was convicted of conspiracy in connection with the September 11 attacks and sentenced to life imprisonment without invoking the enhancement. However, prosecutors did use the law against the “Lackawanna Six,” a group of U.S. citizens in New York state who pleaded guilty to providing material support to Al Qaeda.
The application of the terrorism enhancement has largely been overlooked by the media, legal scholars, Congress, and terrorism analysts. The Justice Department is tight-lipped about how prosecutors determine when to seek it. Department officials declined National Journal’s request for an interview, and several federal prosecutors were reluctant to speak on the record about what motivates them to use it. Dean Boyd, the spokesman for Justice’s National Security Division, which oversees terrorism matters, said, “The decision by federal prosecutors to seek [the] enhancement depends on the facts and circumstances of each particular case. Ultimately, it is up to a federal judge to determine whether or not to apply the enhancement at sentencing.”
The enhancement has outraged some defense lawyers and judges, who see it as a government shortcut to label criminals as terrorists and to punish them in extraordinary ways. A judge, not a jury, decides whether the enhancement applies, based on a threshold of evidence lower than reasonable doubt. The enhancement automatically elevates a defendant’s criminal history—a key factor used to calculate sentences—to the highest possible level. It directs judges to increase the sentencing range at least “12 levels,” which can add 20 years. A defendant convicted of a relatively minor crime could suddenly find himself serving prison time on par with a hardened offender.
“It’s a very onerous enhancement, so when it applies, it’s really devastating,” says James Felman, a criminal defense lawyer and national authority on sentencing guidelines.
And it’s not just the enhancement’s severity that worries some experts. Courts have ruled that a judge can apply it even if a defendant wasn’t convicted of a terrorism act per se. The government need only convince a judge that the crime in question was aimed at the government and that it “involved, or was intended to promote” a specific act of terrorism—even one that was never carried out.
Congressional Confusion
Congress created the terrorism enhancement, not surprisingly, in response to terrorism. As early as 1991, but particularly after the World Trade Center bombing two years later, lawmakers and the Clinton administration realized that crimes involving terrorism—even if the act itself was already covered by statute—needed to be identified in law as such and accorded stiffer punishment. They wanted to account for the severity of the offenses, particularly the indiscriminant killing of civilians, and to deter future acts.
At the same time, lawmakers wanted to carefully define what qualified as terrorism. They had their work cut out for them. For starters, there was no crime of terrorism on the books. There still isn’t: Congress instead sought tougher sentences for a range of existing crimes when they were motivated by terrorist impulses.
Motive has always been a key to defining terrorism. That is, in fact, how society distinguishes the crime from other violent acts, such as murder or arson. Motivation and intent are also key factors in determining sentences. So, in the mid-1990s, Congress ordered the Sentencing Commission, which promulgates the guidelines, to include an anti-terrorism factor in the sentencing phase that accounted for specific crimes and required a basic motivation to affect, influence, or retaliate against government conduct.
Lawmakers gave explicit instructions that the enhancement had to meet two tests. First, there was the government-focused motive of the crime. That was broad, to be sure, but then Congress narrowed things a bit. The enhancement had to apply to one or more specific offenses enumerated in a section of the U.S. Code covering “acts of terrorism transcending national boundaries.” This was, in effect, a master list that Congress wanted judges to use. Today, it contains more than 55 discrete offenses that qualify as terrorism when the requisite motive is present, including destruction of aircraft; use of biological and chemical weapons; the burning or bombing of government property in a way that risks or causes death; providing material support to terrorists; attacks on energy facilities; and assassinating the president.
In so doing, lawmakers wanted to ensure that judges would not apply the terrorism label too broadly. In its conference report on the anti-terrorism legislation that established the sentencing enhancement, the House Judiciary Committee signaled Congress’s intent: “In order to keep a sentencing judge from assigning a terrorist label to crimes that are truly not terrorist, and to adequately punish the terrorist for his offense, it is appropriate to define the term.”
Something, it seems, got lost in translation. The Sentencing Commission’s final version of the enhancement includes a key phrase that never appears in the congressional record: “ … involved, or is intended to promote, a federal crime of terrorism.” On the basis of those 11 words, judges have applied the enhancement broadly—perhaps more broadly than Congress
intended.
An enhancement for “international terrorism,” which had been on the books less than a year, did contain the phrase “involved or is intended to promote.” But there is no indication that Congress intended it to apply to the subsequent version that more specifically defined a crime of terrorism. Still, based on this arguably broader guideline, judges have consistently ruled that a defendant need not be convicted of one of the enumerated crimes of terrorism for the enhancement to apply, so long as the motivation is there. These judges have exhaustively researched the definitions of “involved” and “intended to promote,” pulling out case law, precedent, and even the dictionary.
A Landmark Case
The U.S. Court of Appeals for the 6th Circuit upheld this reading of the guidelines in a landmark enhancement case, which it decided only a few months after the September 11 attacks. Randy Graham, a Michigan marijuana farmer and member of the North American Militia, had been convicted of conspiracy against the United States, as well as various weapons and drug violations. Graham had plotted to launch a “first strike” on the U.S. government by attacking various communications, transportation, and energy facilities, and killing certain federal officials. A District Court judge applied the enhancement to one of his convictions—for an offense not contained in the list of terrorism crimes—finding that Graham intended to promote an act of terrorism by plotting to attack various federal facilities. (He never carried out the plan.) The underlying offense carried a maximum penalty of five years in prison; the judge boosted Graham’s sentence to 55 years.
In a vigorous dissent, Judge Avern Cohn said that Congress never intended for people not convicted of a crime of terrorism to be subject to the enhancement. Senators, in their final conference report, gave the Sentencing Commission clear instructions: The new provision was “applicable only to those specifically listed federal crimes of terrorism, upon conviction of those crimes with the necessary motivational element.” Cohn said he was at a loss to determine why the Sentencing Commission included “involved, or was intended to promote” in the final version, because Congress never instructed it to do so. As he saw it, the commission had gotten it wrong, and the judge who sentenced Graham had made the same mistake.
Cohn had no sympathy for Graham. He wrote that his disagreement on the enhancement issue “should not be considered in any way a denigration of Graham’s crimes or in any way an attempt to simply ameliorate the severity of his sentence.” But to apply the enhancement “effectively labels Graham a terrorist and his activity as displayed in the record as terroristic activity,” Cohn wrote. And that was “grossly contrary to the language…defining a ‘federal crime of terrorism,’ as well as the congressional intent to keep the definition narrow.”
Even with the shock of the attacks on the World Trade Center and the Pentagon still fresh, Cohn found little comparison with Graham’s conduct. “Graham’s actions depict grossly less offensive, and qualitatively different, conduct than that displayed on September 11, 2001.” Cohn added that Congress’s concern in drafting the enhancement was “much like the concern of the delegates to the Constitutional Convention of 1787 over the definition of ‘treason,’ that ‘terrorism’ being a phrase which carries far-reaching connotations … is not to be used indiscriminately and must be carefully defined.”
Critics of the terrorism enhancement have seized on this issue of congressional intent to argue that the courts have veered into forbidden territory. Whether Congress agrees is hard to gauge. The lawmakers and staff involved in creating the enhancement have either retired or taken new jobs. Several former House Judiciary Committee aides contacted by National Journal couldn’t recall the details of the proceedings. By all accounts, Congress hasn’t examined use of the terrorism enhancement since it created it more than a decade ago.
The Punishment and the Crime
Many lawyers who have argued against the law had never heard of it until their clients were facing long prison terms. Sometimes they won partial victories.
William Mason, a criminal defense lawyer in Columbus, Ga., represented Eddie Garey, who was convicted of making several telephone bomb threats involving buildings in Macon. (The trial was moved to Columbus, 100 miles away, because of extensive publicity.) Garey objected to the government’s recommendation that the terrorism enhancement be applied. It was a first for Mason, his court-appointed attorney. “We don’t get any terrorism cases in Columbus, Georgia,” he says.
A jury convicted Garey, whom Mason describes as “mentally ill,” of 27 counts arising from threats to blow up the Macon City Hall, a shopping mall, and a local television station. According to the indictment, over a nine-day period in September 2003, Garey called the threats in to the local 911 center, altering his voice and making demands for cash. Authorities traced the calls to Garey’s home and caught him in the act. “My client was arrested standing in the hallway of his house buck naked making a 911 call,” Mason says.
Garey’s presentencing report, prepared by a local probation officer, recommended the enhancement because he was convicted of a crime involving the use of a weapon of mass destruction—an enumerated crime of terrorism—and because evidence at trial showed that Garey attempted to influence the conduct of government. The requisite elements were all there. Garey already faced a lengthy sentence based on the seriousness of his crimes, but the enhancement elevated his criminal history to the highest level. The probation report recommended a life sentence.
U.S. District Judge Clay D. Land found that a life sentence technically fit the guidelines. But there was a bigger principle at stake, he said, namely the overarching law that sentences must be based upon “the nature and circumstance of the offense and characteristics of the defendant.” The law directs a judge to impose a sentence that metes out appropriate punishment but not one that is more severe than necessary. In Garey’s case, a life term was excessive, regardless of what the terrorism enhancement dictated, Land ruled.
“In this case, the guidelines increase the defendant’s offense by 12 levels [approximately 20 years] for conduct of which he was not convicted by a jury,” the judge found. Garey was “arguably being held criminally responsible for conduct for which he was not indicted.” Because of the enhancement, Land pointed out, Garey faced a harsher punishment for threatening to blow up a building than would someone who actually followed through on that threat. “A violation for ‘threatening’ to commit an offense of international terrorism … has a maximum sentence of 10 years. Yet, this defendant, who ‘threatened’ to bomb various public facilities, faces life imprisonment.” The judge continued, “It is also troubling that another defendant who carried out a threat to bomb public facilities, injuring and maiming (but not killing) thousands of people, would face the same sentence as this defendant who did not cause physical injury to a single person.”
Land said that elevating Garey’s criminal history to the highest level “ignores the individual ‘history and characteristics’ of the defendant, and instead places too much weight on a questionable interpretation of what constitutes a federal crime of terrorism under the guidelines.”
Land reduced Garey’s criminal history level to the middle range and applied a new sentence—30 years.
Mason, Garey’s attorney, says that there’s no doubt his client’s behavior was “terror-invoking.” But he thinks that the enhancement is not being applied the way that Congress intended. “They want to be able to punish the guy who helped the [9/11 hijackers] sign up for flight school,” Mason says. Garey, by contrast, is an obviously disturbed man who never carried out his threats.
At least one other court has also balked at the dramatic sentencing increases imposed by the enhancement. In July 2004, the U.S. Court of Appeals for the 11th Circuit ruled on the case of Imran Mandhai, an apparently confused would-be jihadist who, over the course of several months, committed to and then backed out of a plot to blow up electrical substations in Florida. Whether Mandhai—who was 18 at the time—really intended to wage war against the government, he never followed through. But in May 2002, the government charged him with conspiring to blow up the stations; Mandhai pleaded guilty in exchange for a reduced sentence.
Federal prosecutors sought the terrorism enhancement, and a judge found that it applied. But he also reduced Mandhai’s sentence because the crime was inchoate. The government appealed to the 11th Circuit, which found that the district judge had acted improperly in the way he reduced Mandhai’s sentence but that he was right to consider the totality of Mandhai’s actions when deciding to deviate from the enhancement’s harsh penalty.
“The terrorism enhancement prevents the penalty from fitting the crime, based on the facts of this record,” the court ruled. “It is easy to forget that the sentencing guidelines are merely that—guidelines. Any attempt to remove all judicial discretion in sentencing would raise serious concerns about the separation of powers.”
The judges remanded Mandhai’s case, and he ultimately received a 14-year prison sentence. Last October, the Supreme Court denied his petition for a hearing. To date, the high court has not heard a single case involving the terrorism enhancement.
A Winning Streak
Taken on their own, the passionate objections and deep concerns surrounding the terrorism enhancement might suggest that the government is having a hard time getting the law to stick. In fact, the opposite is true.
The review of publicly available cases shows that judges uphold the government’s request for an enhancement far more often than they deny it. Prosecutors obtained the enhancement in 27 of the 35 cases that National Journal reviewed—more than 75 percent. To be sure, in a number of those cases the defendants did not object to the enhancement. The Lackawanna Six, for instance, agreed that it would be applied as part of their guilty pleas, and they were spared the 20-years-plus sentences because they cooperated with federal terrorism investigations.
But the government clearly wins on the enhancement more times than it loses, even when defendants object. Despite the skeptical opinions expressed by Cohn, Land, and the judges on the 11th Circuit, most judges appear to have had little problem accepting the guidelines at face value. This isn’t a leap of faith on their part. When it comes to matters of statutory interpretation, judges follow the language of the rule they’re given: They use it for a crime that “involved, or was intended to promote, a
federal crime of terrorism.”
In Daniel McGowan’s case, District Judge Ann Aiken noted that several judges before her—including those in the Graham and Mandhai cases—had offered no contrary statutory interpretation. Aiken applied the enhancement to one of McGowan’s crimes and to others committed by six of his co-defendants. The environmental saboteurs had been rounded up as part of the FBI’s Operation Backfire, a multi-agency investigation of ELF and the Animal Liberation Front.
The enhancement became a central focus of the Backfire cases. Environmental activists accused the government of trying to brand the defendants as “eco-terrorists” to advance the Bush administration’s security agenda. Defense attorneys strenuously objected to the enhancement, which they felt could land their clients in maximum-security penitentiaries with the most hardened criminals.
Echoing the sentiments of other Backfire defendants, the attorney for Kevin Tubbs, who pleaded guilty to multiple counts of arson and conspiracy, noted that the saboteurs took great pains to ensure that no one was harmed in the course of their crimes. (ELF and ALF are fundamentally opposed to taking any life, animal or human, their supporters say.) “A terrorist’s goal is to cause death, because death is the ultimate tool. Death is the ultimate source of fear,” Marc Friedman wrote in a 31-page objection
to the enhancement. “The government, and in particular this administration’s, use of the term ‘eco-terrorism’ and their efforts to tie these actions to domestic terrorism is misplaced. It seeks to place the actions of a loose group of animal rights and environmental activists on par with Timothy McVeigh [who blew up the Murrah Federal Building] and Al Qaeda.”
Friedman cited Judge Cohn’s dissent in the Graham case, arguing that Congress and the Sentencing Commission didn’t envision applying the law to defendants such as Tubbs, “defendants with no long history of association with international terrorist cells.” He portrayed his client as a passionate yet easily persuaded and manipulated man who, for a short period, engaged in “wrongful activities” for which he accepted full responsibility.
Judge Aiken was unmoved by Tubbs’s argument and those of his co-defendants. In sentencing Tubbs to 12 years and seven months’ imprisonment, she said that he had used fear as a tool. “You have created fear, made people fearful in their workplaces and homes,” she said. “Fear and intimidation can play no part in changing hearts and minds in a democracy.” Addressing the larger group of defendants, Aiken lamented, “You all seem to be very smart people. Why couldn’t kindness have been your tool? Stop destroying the Earth to send a message.”
In sentencing the activists under the terrorism enhancement, Aiken insisted that she was not trying to send a message. “The issue the court must decide is not whether the defendants are ‘terrorists’ as the word is commonly used,” she wrote in a lengthy ruling. “Nor is it appropriate for the court to speculate whether the government seeks to promote a particular political agenda or to punish a particular form of activism in requesting the terrorism enhancement.… The debate is about the defendants' criminal conduct—not their political beliefs.”
Prosecutors spent considerable time and energy securing the enhancement. They refused to take it off the table during plea negotiations, says Amanda Lee, McGowan’s attorney. But in the end, none of the defendants received more prison time. In fact, the government recommended reductions equal to the enhancement’s increases. The terrorism label stuck—and McGowan, as part of his plea, agreed not to appeal—but it had no real effect on the sentences.
The government has recommended reduced sentences, usually for cooperative defendants, in a number of other cases where it sought the enhancement. In still others, prosecutors have sought the enhancement only after a defendant reneged on an agreement to cooperate. This has led some analysts to conclude that it’s not always policy and principle that guide the government’s decisions on whom to treat as a terrorist.
The Bargaining Chip
Deborah Buckman, the lawyer who studied the use of enhancements, says she always suspected that the government had some motivation other than punishing terrorism.
“I felt, all the way through, that there’s got to be some game going on here,” she says. “It’s so outrageous that you can take someone who would get five to 10 years and sentence them for the rest of their lives.”
Buckman says she sees a pattern in the government’s often inconsistent application of the enhancement. “In the end, it really is just a bargaining chip,” she says. The threat of 20 years or more in prison is enough to compel almost any defendant to cooperate. Indeed, in the cases in which prosecutors sought the enhancement, but also offered sentence reductions, the defendants usually pleaded guilty and agreed to provide the government with information about their crimes or conspiracies.
When defendants renege on their agreements, case history suggests that the government punishes them by applying the enhancement stringently. Randy Graham, for example, initially agreed to cooperate with investigators and plead guilty to one count of conspiracy against the United States, which carries a five-year penalty. Graham’s co-conspirator, Ken Carter, who was the commanding officer of their North American Militia, pleaded guilty to the same charge in exchange for total cooperation with the government. In outlining the sentencing guidelines for Carter and Graham, prosecutors never mentioned the terrorism enhancement. It surfaced in Graham’s case only after he withdrew his plea and went to trial.
The first reference appeared in the government’s presentencing report after a jury found Graham guilty. Prosecutors—apparently without written justification—recommended that the enhancement be applied to not one but four of Graham’s offenses, three of which were not enumerated crimes of terrorism. The judge applied the enhancement to one of the unlisted crimes; Graham appealed, and the 6th Circuit Court’s ruling against him became a national precedent.
But what about Carter’s case? Likewise, the government never mentioned the terrorism enhancement until it submitted a presentencing report. But when the court used those recommendations to determine Carter’s punishment, it departed from the guideline range—that potentially 20-year increase—“because the count of conviction carries a five-year maximum statutory penalty.” Carter got a lesser sentence than Graham, even though he was the militia leader and their conspiracy crimes were the same. The court also recommended to the Bureau of Prisons “that [Carter] be placed in a less-secure facility than may be indicated by criminal history category VI,” the highest level, which the enhancement requires. “In fact, his true criminal history is I.”
Assessing the disparity in sentences between Graham and Carter, Judge Cohn questioned whether the government really thought either man was a terrorist. “Approving a plea agreement which limited [Carter’s] sentence to 60 months was a recognition of the fact that the district court did not believe that Carter committed a ‘federal act of terrorism,’ ” Cohn wrote. “The government also did not consider Carter a terrorist, as evidenced by his plea agreement. Likewise, the government did not view Graham as committing a ‘federal crime of terrorism’ until after it received the [presentencing report].”
Constitutional Stakes
The terrorism enhancement could open a veritable Pandora’s box of constitutional concerns, in light of recent Supreme Court rulings that judges need only consult the sentencing guidelines—they are no longer mandatory. Terrorism enhancement is applied at the judge’s discretion, says Bobby Chesney, an associate professor of law at Wake Forest University Law School, who specializes in national security issues. Because judges can choose when to use the enhancement, Congress’s intent when it crafted the law is less important, Chesney says.
Some experts say that a bigger question is whether a jury should decide when to apply the enhancement. In the landmark case U.S. v. Booker, the Supreme Court ruled that under the Sixth Amendment a jury must determine any facts that increase a criminal defendant’s sentence beyond the customary range for his or her particular crime—which is what the terrorism enhancement does. The standard of evidence is the same as at trial: beyond a reasonable doubt. However, the Court stopped short of requiring juries to review sentencing enhancements. Instead, the sentencing guidelines are now only advisory—judges still have to consult them, but they are no longer required to sentence defendants according to the ranges that the guidelines recommend. So far, judges have ruled that the terrorism enhancement requires a lower evidentiary threshold than reasonable doubt, and no jury has been involved in an enhancement decision. This uneasiness over judges, rather than juries, applying the sentencing law goes to the heart of the Supreme Court’s decision to hear Booker, as well as Washington v. Blakely, which concerned state sentencing guidelines. There, the Court ruled that judges couldn’t
enhance sentences based on facts that a jury didn’t decide.
Felman, the sentencing expert, notes that those rulings didn’t require juries to decide enhancements. Instead, they required sentencing judges to use discretion, and to keep in mind the nature of the crime. “They should not consider themselves bound to sentence within a range determined by the guidelines where it results in a sentence greater than what is necessary to achieve the purposes of punishment,” he says.
Looking to the future of the terrorism enhancement, Felman and other experts ponder the possibilities. In the wake of an event on the scale of 9/11, might prosecutors use the enhancement to label more people as terrorists, or to punish a wider variety of offenses that they believe were “intended to promote” violence against the government?
“Absolutely,” Felman says. “There aren’t too many examples in our history of prosecutors not using power given to them.
“A line prosecutor doesn’t need to get anyone’s permission to go ask for an enhancement. They just do it,” Felman says. That’s problematic, he thinks, when grappling with a concept as amorphous as terrorism. “The word terrorism is kind of a dangerous one,” Felman says. “It’s just inherently going to result in some unfair applications. Any time you have an adjustment that is that large, the potential for abuse is great.”
Reporting Interns Alexander Burns and Candace Mitchell contributed to
this article.
Published in National Journal.
Labels: Homeland Security, Law, Terrorism
Full Article
Most Dangerous Theory
Friday, June 15, 2007
As details emerge in the case of Andrew Speaker, the 31-year-old runaway groom with a drug-resistant strain of tuberculosis, more questions arise about whether the nation's defenses against biological agents, as well as terrorists, are in proper working order, and whether health and homeland-security officials have truly adapted to the unpredictable nature of such threats.
Friday, June 15, 2007
As details emerge in the case of Andrew Speaker, the 31-year-old runaway groom with a drug-resistant strain of tuberculosis, more questions arise about whether the nation's defenses against biological agents, as well as terrorists, are in proper working order, and whether health and homeland-security officials have truly adapted to the unpredictable nature of such threats.
At first glance, it seemed that the breakdown that allowed Speaker to re-enter the United States last month -- after having left for his wedding in Greece knowing that he was infected with TB -- could be laid at the feet of one recalcitrant border guard.
On May 24, Speaker, driving a rented car with his bride, approached the busy U.S.-Canadian border checkpoint in Champlain, N.Y. Speaker presented his passport to a Customs and Border Protection officer, who electronically scanned it and got back a "lookout" notice that Customs officials had dispatched two days earlier.
The notice -- which is not a "no-fly" order or a warning triggered by a terrorist watch list -- instructed that Speaker should be taken to secondary screening, then isolated, placed in a ventilated area, and required to wear a protective mask. It also said that Speaker had an extensively drug-resistant form of TB, and that the border station should contact a specific medical officer at the Centers for Disease Control and Prevention in Atlanta.
The border guard didn't question Speaker about his illness, officials have testified. Nor, apparently, did he pay the alert much mind. Rather, he decided that Speaker "did not appear sick" so he let him go through, officials said. The border guard is awaiting disciplinary action.
Before congressional hearings on Speaker's case last week, officials were on their way to chalking up the incident to human error. Customs' nationwide lookout for Speaker had been transmitted flawlessly. The border guard had all the information he needed to detain Speaker, but simply chose otherwise -- a momentary lapse in judgment that foiled the entire defense apparatus, but an isolated lapse, nonetheless.
Or was it? True, the lookout system -- called the Treasury Enforcement Communications System -- functioned as designed, and officials testified that Customs and CDC employees in Atlanta, where Speaker's original plane reservations were supposed to return him on June 5, cooperated to get his name in the system once health officials determined that he had the resistant, and potentially fatal, form of TB.
But it's what officials didn't do in the two days between the time they learned about Speaker's specific illness and the moment he slipped back into the United States that troubles lawmakers. Although disease experts stress that Speaker was never contagious, the case has exposed weaknesses that plague the nation's multilayered defenses against biological and terrorist threats. These systems have improved markedly since the 9/11 attacks, but they are still vulnerable to human error. And the Homeland Security Department's tendency to treat such threats as routine, when in fact they might be anything but, is unsettling.
Key facts are still unknown about the sequence of events in Speaker's case. But according to congressional testimony last week, Homeland Security officials didn't at first place Speaker on a no-fly list -- which in theory would have kept him off any commercial airliners bound for the United States -- because they didn't believe he would abscond. Indeed, they presumed that Speaker would fly home as planned to Atlanta on a June 5 Air France flight. Even though officials knew that Speaker had a rare form of TB and that Speaker knew they knew, officials thought that he would behave rationally and predictably.
Of course, that's not what happened. Speaker, at significant expense and risk, fled from his hotel in Rome, then made his way to Prague and boarded a Czech Air flight to Montreal. From there, he rented the car and drove across the border. He apparently believed -- incorrectly, as it turned out -- that U.S. officials had placed his name on a no-fly list, which is why he chose to fly through Canada. (In fact, the Canadian no-fly list is identical to the U.S. list, so if Speaker had been listed at that point, it's plausible that he would have been denied permission to fly into Canada.)
Speaker is no terrorist. But he sure acted like one, in several key respects. He deliberately attempted to cover his tracks. He looked for alternative ways to penetrate the U.S. security system. And he disregarded the safety of those around him. Although Speaker emphasizes, and health officials concur, that he was never contagious, they also know that he could have become contagious during his journey. CDC officials told him to stay off commercial flights, and turn himself in to Italian medical authorities. CDC Director Julie Gerberding said, "We make decisions based on the theory that the patient will cooperate." But Speaker didn't.
Experts like to say that terrorists don't follow the "rational actor" model, but that model informed many of the assumptions that the United States followed during its Cold War against the Soviet Union, and the mentality has been hard to shake. The model holds that national decision makers -- and therefore governments, and sometimes individuals -- operate in a manner that maximizes their benefits at the least cost. Terrorists, however, behave irrationally. They engage in all kinds of behaviors that put them at risk for detection and death -- which, of course, doesn't deter them. The "irrational actor" doesn't care how many people he kills or injures, and that mind-set makes his actions harder to anticipate.
So it was, in a sense, with Speaker. But rather than presume that he might act irrationally, or at least less than rationally, Homeland Security officials presumed that Speaker would follow his predetermined course. Jayson Ahern, assistant commissioner for field operations at Customs, told the House Homeland Security Committee that beginning on May 22, the day that Customs officials learned about Speaker's case from the CDC and put his name in the lookout system, the bureau began scanning Speaker's Air France reservation twice daily, to see if he made any modifications.
But, Ahern said, the system isn't designed to detect new reservations -- only changes to existing ones -- so no one noticed when Speaker booked a ticket to Canada on Czech Air. The best way, it seems, to ensure that Speaker stayed off a plane would have been to put him on the no-fly list.
Speaker appears to have behaved somewhat rationally on his return trans-Atlantic journey. According to Homeland Security officials, including the department's chief medical officer, Dr. Jeffrey Runge, Speaker wore a mask on the Czech Air flight. But then, in Canada, he again took evasive action. At the border crossing, officials said, he informed the guard that he and his wife were in Canada on a "mini-vacation." He lied, perhaps to divert attention away from his international travel.
Homeland Security officials didn't put Speaker on the no-fly list until after they learned he had already returned to the United States, and then only after the CDC made a direct request. According to a timeline compiled by the House Homeland Security Committee, government officials engaged in considerable legal wrangling over whether Speaker could be added to the list, because he wasn't a terrorist.
Runge testified that the Transportation Security Administration could not recall an instance where the agency had put an individual on the no-fly list for health reasons. Ultimately, the TSA's general counsel had to convince the administrator, Kip Hawley, that he had the authority under transportation laws to take the action, and Speaker's name was finally added to the list.
"We have no history in this regard," Runge said. "This was, in fact, a novel case."
But lawmakers seemed skeptical of that excuse and of officials' assertions that the entire Speaker manhunt was undone by one human being's mistake.
"DHS states in their testimony today that there was a single point of failure in this case," Homeland Security Committee Chairman Bennie Thompson, D-Miss., said. "But I've done my own timeline of the actions and inactions of DHS and CDC, and it suggests that we should have connected more dots. Shrugging off a deeper analysis of this incident will only cause DHS to repeat its previous failures."
Among the key questions that Thompson wants answered, but that may remain unresolved for some time, are why Homeland Security officials didn't move faster to put Speaker on the no-fly list, and "why did CDC think that Speaker would turn himself in to Italian medical authorities?"
Thompson praised many of the government's actions and said that it would be "unfair ... to characterize this as a total system failure." But the best decisions, he said, were made "ad hoc," which suggested that "we still do not have adequate operational control over our components."
The bigger question may be why officials didn't exercise those controls sooner. In response to the border guard's error, officers no longer will have the authority to overrule a lookout notice without a supervisor's approval. And Runge indicated that, in any future such incident, top DHS officials would convene much sooner, hopefully before a seemingly rational patient becomes an irrational absconder, and a national security risk. If that means that DHS will lower its threshold for action, it could lead to more international manhunts like the one for Speaker, but it also might help the department train itself to adapt to unpredictable threats.
Published in National JournalLabels: Homeland Security, Terrorism, Watch Lists
Full Article
Shadow Hunters
Wednesday, May 02, 2007
It started with a phone call. On April 23, 2004, a Friday, a man calling himself "Al" contacted the Homeland Security Department in Washington. He claimed that he knew a group of terrorists who were going to blow up a building. Al knew this, he said, because he was once a member of Al Qaeda.
Wednesday, May 02, 2007
It started with a phone call. On April 23, 2004, a Friday, a man calling himself "Al" contacted the Homeland Security Department in Washington. He claimed that he knew a group of terrorists who were going to blow up a building. Al knew this, he said, because he was once a member of Al Qaeda.
The shadowy warning could have easily been swallowed up in the flow of hundreds of crank calls and sketchy leads about airport attacks and bombs on bridges that flooded government hotlines that year. But this call was different: Al named a place, and a date.
Los Angeles, next Thursday, the 29th, Al said. A shopping mall near the Federal Building on Wilshire Boulevard and the close-by campus of UCLA. Al said that a cell of three terrorists would enter the country from Canada. He even gave names. This didn't sound like a crank. Could it be for real? Could this be the one?
Forget about what you think homeland security really means. For now, put aside thoughts of stripping down at airport security checks. Never mind those seemingly random spikes in the color-coded national threat level -- and whatever happened to those alerts, anyway? From a city's point of view, where distinguishing hoax from horror can turn on a single phone call, this is how you fight a war on terrorism.
Officials in Washington immediately called L.A.'s Joint Terrorism Task Force, a team of FBI agents, Homeland Security officials, and local police and sheriff's officers. The FBI set up dozens of these task forces in cities across the country after 9/11, and they quickly became magnets for bureaucratic turf tussles. But in L.A., partly owing to a long history of cooperating on anti-gang and drug squads, the local cops and the feds got along well.
After getting Washington's call about Al, the FBI set up a team within the task force to vet incoming tips, including other bomb threats. The police department's terrorism analysts canceled their weekend plans. Unnoticed in the hustle and flow of city life, L.A. went into terror mode.
At least two big malls were near the Federal Building and UCLA. On busy West Pico Boulevard was the Westside Pavilion, with more than 160 stores. Over in the Fairfax District, a historically Jewish neighborhood, the fashionable outdoor plaza called the Grove beckoned shoppers and moviegoers to its stores and cinemas. Before the Los Angeles Police Department and the mayor told thousands of Angelinos to stay away from these two sites, the authorities needed to know what they were up against.
FBI agents traced Al's call to a prepaid phone card. They tracked down the card seller, who gave agents a log of Al's calls. It turned out that his real name was Zameer Mohamed and that he had called in the bomb threat from Room 308 of a Comfort Inn in Calgary.
Hotel management told agents that a Samier Hussein had rented the room. Authorities ran the name and got a hit in federal records: Mohamed had used Hussein as an alias in Texas, where officials had investigated him the year before on a theft charge. Was Mohamed changing names to cover his tracks? That would have helped him if he wanted to evade U.S. authorities or the Qaeda members he had ostensibly just ratted out.
Life Goes On
Meanwhile, in Los Angeles, local authorities were analyzing the bomb threat. The city's top terrorism officials were seasoned experts. John Miller, the head of the LAPD's counter-terrorism operation at the time, was a former journalist with deep ties to the FBI. He was also the last Western reporter to interview Osama bin Laden before 9/11.
The department's chief, William Bratton, was perhaps the most famous cop in America. He was appointed New York City's police commissioner a year after the 1993 World Trade Center bombing, and he led a dramatic reduction in crime citywide. Miller was Bratton's spokesman then. The two were plugged in to those who knew the national threat picture.
No one in Washington had said it publicly yet, but even as Mohamed made his call in April 2004, multiple and credible sources had convinced counter-terrorism officials that Al Qaeda was planning a major attack in the United States. The "chatter" about a strike was at its highest level since 9/11, intelligence agencies calculated.
A month earlier, coordinated bombings on commuter trains in Madrid had killed 191 people. Some senior officials believed that Al Qaeda struck Spain in an effort to turn popular support against the conservative government, which backed the war in Iraq and was up for re-election.
The Americans thought that the terrorists might try something similar in the United States, possibly with attacks at the upcoming national political conventions. Senior officials also feared the possibility of strikes aimed at the Group of Eight summit in Sea Island, Ga., and even the opening of the World War II Memorial in Washington.
There had also been worried talk about a dirty bomb. Specifically, intelligence and diplomatic officials had homed in on three Qaeda operatives who had overseen experiments to build explosives containing radioactive material or deadly chemicals. America was bracing for a hit. In that anxious atmosphere, how could anyone ignore Mohamed's tip that three terrorists were about to go after L.A.?
On Wednesday, the day before the threatened attack, city officials informed the shopping mall owners. On Thursday, Bratton stood before news cameras at the Grove and asked Angelinos for help. "We need the eyes, the ears" of the citizenry, he stressed. He reminded people that bin Laden had recently issued another taped warning promising more violence.
Then-Mayor James Hahn said that people should go about their daily business but should be alert to the out-of-place: "a truck that seems to be parked somewhere for too long, or someone ... wearing bulky clothing on a hot day."
Police stepped up patrols around the two malls and across West Los Angeles. News helicopters whirled above the supposed targets. But by Friday, everything seemed back to normal. Shoppers trolled the window fronts, while L.A. traffic flowed as usual. Nearby, a movie crew erected the set for a day's shooting.
"This just happens all the time.... This is no different than any anonymous bomb threat that gets called in," Gene Thompson, the head of corporate security for the Westside Pavilion's owners, told a reporter for the Los Angeles Times. "Life goes on," said Tom Miles, the Grove's general manager.
In fact, life did go on, unimpeded by a bomb or any other shopping disruptions. On the day Mohamed had warned that his Qaeda friends would strike, federal authorities apprehended him as he crossed the U.S.-Canadian border into Montana.
Mohamed confessed that he'd made the whole thing up. There was no bomb. Those supposed Qaeda operatives were actually friends of his girlfriend. Mohamed had called Homeland Security to get back at her for stealing his paycheck from a Toronto bank where they used to work together. He had asked the three men to help him get the money back, but they had refused. Mohamed said he picked the two malls because he knew the area, having once visited the UCLA Law Library.
Life went on. But the city never really slept.
The Listening Post
Mohamed's unusually specific threat inspired a rare frenzy of activity. To be sure, Los Angeles doesn't ramp up to full alert for every lead that comes over the transom. That would be impossible, because, by officials' count, they have received more than 4,000 tips, leads, and other vague insinuations about possible terrorist attacks in the greater L.A. area in just the past three years.
Most of them turn out to be bogus. Anonymous callers see "Arabs" taking photographs of bridges. Electrical plant owners notice a van driving slowly by their security gates. Some concerned citizen sees "Middle Eastern-looking" men loading fertilizer onto a truck in her neighbor's driveway. Authorities have documented literally thousands of such leads in cities across the country, and few of them come to anything. The camera-toting terrorists are actually tourists; the driver of the van was lost; the men loading fertilizer were Mexican gardeners.
Occasionally, of course, the leads are more substantial and are worth investigating. Some are sourced to U.S. intelligence agencies or to the Homeland Security Department, which is nominally tasked with keeping states and localities abreast of threats to their areas. But the river of leads pouring into L.A. contains mostly unofficial reports from locals, and they run the gamut from the useful to the useless. At such a dizzying pace -- 4,000 in three years -- how could anyone keep up?
Today, in L.A. and in more than four dozen other cities across the country, state and local officials, using mostly federal grant money, have built a network of lead-vetting teams to do just that. They call them "fusion centers," and Bush administration officials, along with powerful members of Congress in both parties, believe that they are one of the best ways to prevent the next attack.
Usually run in partnership with federal agencies, such as the FBI and Homeland Security, fusion centers employ teams of terrorism analysts, many of whom are self-educated. They take every lead, hold it up to the light, and ask, Could this be connected to terrorism? To answer that question, the leads are examined using a wealth of other information, including analysts' own expertise, local police reports, statewide crime databases, and sometimes intelligence from the federal level. "Fused" together, all that analysis tells police and security agencies whether they should rest easy or call out the guard.
In L.A., a city that makes its living spinning fact into fiction -- the buttoned-down terrorism analyst has morphed into Jack Bauer, terrorist-fighting force of nature on "24" -- you might expect the fusion center to pulse at the city's heart. Wrong. To get to the lead-filtering complex -- called the Joint Regional Intelligence Center, or "Jay-Rick" -- you have to leave the beauty bars of the Sunset Strip and the curvy overlooks of the Hollywood Hills. Go south about 10 miles, take the 105 freeway east until it ends, then head down an industrial road, past a taco stand, a carwash, and a movie theater.
There, amid a warren of stout office buildings in the industrial L.A. suburb of Norwalk, is a sand-colored 525,000-square-foot edifice. JRIC is on the seventh floor, next to the corporate headquarters of Bally Total Fitness. This is homeland security's next frontier.
JRIC is L.A.'s terrorism "listening post," says Stephen Tidwell, the assistant director in charge of the FBI's Los Angeles field office. Tidwell, LAPD's Bratton, and L.A. County Sheriff Leroy Baca are among JRIC's most enthusiastic supporters. The three men are friends and self-professed true believers in chasing terrorists down at the local level. Their comradeship has caught Washington's attention. When JRIC opened last summer, Homeland Security Secretary Michael Chertoff came out for the ribbon-cutting. Federal officials call JRIC a "model fusion center," one for others to emulate.
JRIC's roster is a bureaucratic potpourri. It contains FBI agents, LAPD officers, L.A. County sheriff's deputies, public health experts, contract analysts who study radical Islam, a liaison from the Homeland Security Department, and officers detailed from other local law enforcement agencies across the Los Angeles region.
The "region" is a seven-county, 44,000-square-mile sprawl that, historically, has never much cared for jurisdictional spats. As any L.A. cop, firefighter, or paramedic will attest, during an earthquake, fire, or a flood -- all of which the region suffers every year -- you don't much care what color uniform the person coming to your rescue wears. The region adheres to a pact of "mutual aid," which all but eliminates turf tensions. Cooperatively fighting terrorism fits right in with that culture.
Dead Ends
At 9 a.m. every Monday through Friday, the JRIC staff sits down and sorts through the daily cache of leads, to make sure that they're vetted and that all agencies are on the same page. If there's a report that terrorists are spiking the water supply with biotoxins, JRIC will ask a microbiologist to take a look. How credible is the threat? Could that toxin actually live in water? How many people might be affected?
If there's a call about suspicious activity in Long Beach, the appropriate JRIC officer will run it past his sources. Some have likened the hunt for terrorists to looking for a needle in a haystack. But JRIC members go through haystacks, straw by straw, asking, "Could this be a needle?"
So far, none of the leads has revealed an active terrorist conspiracy in the L.A. region. "Ninety-nine-point-nine percent are false," says Bob Galarneau, a sheriff's department lieutenant and a JRIC program manager. "But we still investigate.... Every one is followed up on."
Considering the gravity of the potential threat, one might expect daily life at JRIC to resemble a scene out of a Tom Clancy movie. Wrong again. There are trappings of adventure -- wall-mounted televisions tuned to cable news channels, including Al Jazeera; table tops strewn with copies of Counterterrorism magazine. Beyond that, JRIC looks like just another banal workplace. If this were a TV show, it would be "24" meets "The Office."
But that is what homeland security looks like. A lot of waiting, a lot of wading through noise, and then life goes on, in all its reassuring regularity.
"I wish it were like '24,'" says Kristen von KleinSmid, the FBI supervisory special agent in charge of the threat squad, a JRIC team that can decide to open investigations on particular leads. "I can't redirect satellites. I'm sure there's someone who can. But I just can't make a phone call and have it done."
The threat squad, also called CT-6, worked the 2004 bomb threat on the shopping malls. Today it comprises about 20 analysts and officers from a variety of federal and local agencies. The squad is permanently attached to the fusion center and has "right of first refusal" on all incoming leads. Von KleinSmid says that it handles, on average, about 25 tips a week. "You have to be very organized," she says. "It's hard to keep the leads straight."
As leads go, CT-6 has a low bar. "The only ones we won't work are if we know the person who wrote this complaint is completely crazy," von KleinSmid says -- if the person rambles, or if "it's just some woman saying she saw two Middle Eastern men taking photos of a building." Those tips have no "lead value," she continues, meaning they're dead ends. It's "common," von KleinSmid says, for people to anonymously file complaints about their neighbors.
"Most of the leads are dead ends," Sheriff Baca says. "It's well-meaning information from people who don't know exactly what they're talking about."
Distractions and hoaxes come with the job, but officials are also trying to dissuade future cranks. In one case, officials say, the threat squad responded to a complaint from a military contractor who claimed that his Filipino girlfriend had stolen plans for a shoulder-fired missile and intended to sell them to Abu Sayyaf, a terrorist network based in the Philippines.
CT-6 investigated, and officers tracked down the woman, who, it turned out, was in the country illegally. She and her boyfriend had recently fought, and to get back at her, he reported her as a terrorist supporter, hoping she would be deported. The U.S. attorney's office is prosecuting him for making false claims, officials say.
"About one out of every 100 leads, there's something good that comes out of that, where really useful information is obtained," von KleinSmid says. Agents "know that a lot of the stuff they're working isn't going to go anywhere."
Which makes one wonder: If nothing will come of most -- nearly all -- of the leads that have poured into L.A. over the years, why bother chasing down each one? Because, officials say, chasing ghosts and possible hoaxes is the best chance they have of finding a bona fide threat. One time out of thousands, the lead might bear fruit. The terrorist hunters might get lucky. In fact, they say, it has already happened.
Terror Comes to Town
In the summer of 2005, police officers in Torrance, south of downtown L.A., investigated an armed robbery at a gas station. It was the latest in a string of heists, and each time the bandits had fled without a trace. But this time one of them dropped his cellphone, giving police a rare lead.
Officers traced the phone to Gregory Vernon Patterson, a 21-year-old local man with no criminal record. They placed him under surveillance. According to a criminal complaint, on the evening of July 5, Patterson and Levar Haney Washington, who, later investigations showed, was an L.A. gang member, drove to a gas station in Fullerton, east of Torrance in Orange County.
Washington, dressed in a dark hooded sweatshirt and carrying a shotgun, robbed the clerk, according to the complaint. Police arrested the two men and then searched Washington's apartment in South Los Angeles.
That search, authorities say, ultimately enabled them to disrupt a major terrorist plot aimed at local military recruiting stations, the Israeli consulate, and other targets across L.A. Torrance police officers found documents outlining an imminent attack, possibly timed for the anniversary of September 11, as well as knives, bulletproof vests, and "jihadist" material that wasn't available from the usual sources on the Internet, investigators said.
Almost immediately, one of the officers involved in the search, who had been trained to spot terrorist warning signs in the course of his normal duties, called local counter-terrorism officials. The entire L.A. terrorist hunting apparatus was on alert again.
More than 200 federal and local investigators worked the case, pursuing leads, tracking evidence, and grilling Washington and Patterson. "Virtually every agency in the area jumped on the hunt," says Tidwell, the FBI assistant director in charge. "It was textbook."
According to an FBI affidavit, Washington told investigators that he led an "Islamic council" that was planning a jihad in the United States, "to respond to the oppression of Muslims in Iraq and Afghanistan by the U.S. government."
Washington said that his group had scouted targets, to determine whether they should use a bomb or "rifles and inflict as many casualties as possible." Patterson, the affidavit said, had purchased an AR-15 assault rifle and was only days from picking it up at a sporting goods store. Investigators charged that the men committed the gas-station robberies to pay for their citywide offensive. Planning for the attacks, the FBI said that Washington told them, was nearly complete.
Officials later charged that Washington and Patterson acted at the behest of Kevin Lamar James, a Muslim convert doing time in Folsom prison since 1996 for armed robbery in gang-related crimes. Police said that James had founded a radical Islamic cell called Jamiyyat Ul Islam Is Saheeh, or JIS -- "the Association of True Islam," -- and, from inside Folsom's walls, directed a plot to conduct a violent jihad.
Federal officials had warned about the spread of Islamic radicalism in prisons. Local authorities said that Washington and Patterson had met at an area mosque, and had become radicalized by James's vision. On August 31, 2005, a federal grand jury indicted the three men, along with a Pakistani national, on charges of plotting the L.A. attacks. A trial is scheduled for August.
Ask any of the terrorist hunters in L.A. to cite a plot they've disrupted as a result of their post-9/11 vigilance, and they'll immediately point to JIS. To this day, the FBI calls the incident the closest thing to an "operational" terrorist plot since the September 11 attacks.
Miller, the former LAPD counter-terrorism official who is now the FBI's chief spokesman, has called JIS a "homegrown" terrorist cell. He said that it "is the best example of how the threat now is as much out there on our streets, among some disaffected Americans, as it is teams of sleeper cells who are sent from faraway training camps."
Before 9/11, officials in L.A. agree, the police officers who searched Washington's apartment might have been alarmed by the weaponry and the jihadist literature but wouldn't have known to immediately call the terrorism task force. The JIS case is proof, they say, that the relentless pursuit of leads, the hyper-alertness, the constant probing of every piece of evidence for a terrorist link, actually prevents attacks.
Many terrorism experts, however, aren't so sure. If the evidence is correct, then Washington and Patterson were clearly capable of violence, and very well may have attacked targets in the city. But is it accurate to call them domestic terrorists, members of a homegrown cell?
The case demands comparisons to bona fide homegrown extremists, such as those involved in the London subway and bus bombings in 2005, which killed 52 people. Is JIS the same? Are L.A. terrorist hunters, so intent on turning over every rock, seeing threats where they don't exist?
Seeing Things
Since 9/11, the FBI and local law enforcement have produced few cases of legitimate terrorism, critics say. Miller said recently that the bureau "has had a part in stopping five terrorist plots in progress" in the past year and a half. Among those, he counts the foiled attempt last year to bomb commercial airliners in midflight on their way from England to the United States.
But Miller also includes a plot to blow up a New York City commuter rail line, which investigators have said involved suspects who were never in the United States; the arrest of members of a suspected terrorist cell in Canada who aimed to blow up government buildings there; the arrest of two men in Georgia who the FBI says were linked to the Canadian group and who also discussed attacks on oil refineries and military bases; and the arrest of members of a suspected terrorist group in Florida called "the Seas of David" who officials say wanted to blow up the Sears Tower in Chicago.
Terrorism experts hotly debate whether those four cases and others, including JIS in Los Angeles, can or should be called examples of domestic terrorist cells. Tom Kean, the former co-chairman of the 9/11 commission, has dismissed the comparison of JIS to Al Qaeda.
JIS, he said, is part of a long history of anarchists and disaffected groups that have wanted to harm the government. Al Qaeda, on the other hand, is a worldwide organization that has declared its intention to harm Americans and has the personnel and financial capabilities to do it, Kean said. "That is the enemy," he told the PBS series "Frontlin" last year. "And that is who we're fighting, and we've got to always keep our focus on that."
Amy Zegart, an associate professor of public policy at UCLA and a leading national authority on counter-terrorism, says that officials are too quick to label as terrorists groups that express some outrage at the government. "When you parade things that clearly aren't at the level of 9/11 as successes, you undermine the FBI's credibility with the public," she says.
Zegart is a prominent FBI skeptic. After she wrote a scathing op-ed in the Los Angeles Times last year in which she said that the FBI was "still stupid" about terrorism, Tidwell called her to his office for a dressing down.
Still, after examining the city's terrorist-hunting efforts, including JRIC, Zegart says that there's some reason to take heart. "They have a very forward-thinking approach," she said.
JRIC, for instance, built upon the work of another outfit, the Terrorism Early Warning Group, created in 1996 by the L.A. County Sheriff's Department. Experts have lauded the group and the city's leaders for taking local responsibility for terrorism prevention seriously years before national agencies made it a priority.
But there's a flip side to the city's ceaseless pursuit, Zegart says.
"What worries me about the follow-every-lead approach is that it is done in a strategic void. I think this is an endemic problem that is true across U.S. intelligence. We're ramping up ... saying, 'Let's look at today's threat list,' " Zegart says. "The current news cycle and the terrorist threat are putting more pressure on people to focus on the here and now."
As a result, counter-terrorism officials might miss the bigger, longer-range picture about terrorism trends, and overlook new threats that could be emerging below the daily radar sweep, she fears.
Zegart says she believes that the threat of domestic terrorism is real. Nevertheless, she's unconvinced that other cities should try to emulate L.A.'s approach. "In many ways, we've been the model in terms of prevention and response," she says. "I always say that the good news and the bad news is, L.A. leads the country in counter-terrorism."
Help From Above?
In Washington, many intelligence officials want to push the running of homeland security as far away from the nation's capital as possible. In November 2006, President Bush approved a set of guidelines to govern how federal agencies share terrorism information with states, localities, tribal governments, and the private sector, which owns and operates 80 percent of the nation's infrastructure.
The guidelines were submitted to the White House by the Office of the Director of National Intelligence, but they were developed by state and local officials, including many of those running fusion centers like JRIC.
The guidelines call for a "federalist, or shared-responsibility, approach to information-sharing." The federal government will "promote ... a network of fusion centers" but won't control it. The FBI's Joint Terrorism Task Force and the Homeland Security Department, which is legally the point of contact for states and localities, are cast as partners, not directors.
"Fusion centers cannot carry out their efforts in a vacuum. They rely on intelligence and other information from federal entities so that they can develop intelligence priorities," says John Cohen, a spokesman for Thomas McNamara, the former U.S. ambassador-at-large for counter-terrorism and the man who heads the information-sharing environment office that submitted the guidelines to the president.
"They also need to be able to view local events within the context of national, even global, terrorist patterns," Cohen says. "State and local officials need this federal information so that they can protect their local communities, and they are telling us that they still are not getting the information they need from the federal government. We are listening and are working aggressively with these states and localities, as well as the intelligence community, Homeland Security, the Defense Department, and the FBI to fix it."
Today, some threat reporting comes from the Homeland Security Department and some from the FBI. Those entities have sparred over which should be the primary conduit for states and localities, and who should decide how much they get to know.
State and local officials, meanwhile, complain that threat reporting is inconsistent and that much of what they know comes from their own residents. Even in Los Angeles, where relations have remained congenial, Chief Bratton says that the federal agencies need to settle their disputes and to give the locals more information.
"How do we get the feds to make nice with each other -- that's still the big issue," Bratton says. From his perspective, local officials have already made a sizable investment in homeland-security policy. "I easily spend 40 percent of my time on terrorism matters," Bratton says, including talking to journalists and members of Congress. Of the federal agencies whose intelligence Bratton wants, he says, "Locals have to be accepted into what was a private club.... We're the new kids knocking on the door."
"We're Gonna Get Hit"
Ask Stephen Tidwell where the FBI and his friends in L.A. are looking for the next terrorist threat, and you'll get no specifics. "We're looking everywhere.... We spend hours upon hours," he says. "Got people not sleeping very much. People walking around like zombies.... We can't have enough eyes looking."
Considering his obsession with standing vigil over L.A., it's odd that Tidwell's office on the 11th floor of the Federal Building looks not to the south and east, over the city's concrete expanse, but to the northwest, taking in the verdant Santa Monica Mountains, which run east to west, to the Pacific Ocean. It's a vivid reminder that Los Angeles sits in a bowl, surrounded by natural forces that also conspire to wipe the city off the map.
Immediately outside Tidwell's panoramic window, the Los Angeles National Cemetery spreads in a gradual upward slope toward the mountain range. Dedicated in 1889, the 114-acre garden of stone holds the remains of more than 84,000 veterans of four American wars, from the Spanish-American to the Korean.
"We game out in our heads multiple suicide bombers or multiple IED attacks," Tidwell says, referring to Iraqi insurgents' weapon of choice, the improvised explosive device. He pauses and glances out the window. What really scares him, Tidwell says, is what happens after the attack. "Eighteen million people, trying to self-evacuate out of here, will collapse this place."
"We're gonna get hit here," Tidwell says. "When it does happen, how are we going to hunt them? How are we going to find them?" By his calculus, every set of eyes, every listening post, every JRIC is one more barrier that terrorists have to overcome. The best chance to save L.A. is to make their job harder. "We're building fences," Tidwell says. "We want enough fences between us and them."
Published in National Journal.
Labels: Fusion Centers, Homeland Security, Terrorism
Full Article
Signals and Noise
Friday, June 16, 2006
People like to say that the world changed on 9/11. That it became a more confusing place. But for two men, as buildings and bodies burned, the world became much clearer.
On the morning of September 11, 2001, John Poindexter, a 65-year-old retired rear admiral and President Reagan's onetime national security adviser, was driving to his office at a technology firm in Arlington, Va. He was 5 miles north of the Pentagon.
Poindexter's wife, Linda, rang his cellphone. Airplanes had flown into the twin towers in New York City, and one just crashed into the Pentagon, she said. "But Mark is OK. He wasn't in the building." Mark, one of the Poindexters' five sons, was a commander on the chief of naval operations' staff. His offices sat where the plane crashed, but most of the staff had cleared out earlier to accommodate Pentagon renovations.
"First, I was relieved that Mark was not in the building," Poindexter recalled in interviews in 2004. "Next, I realized this was a well-coordinated attack of the type that we had been working to prevent."
Poindexter was the senior vice president at Syntek Technologies. Under contract with the Defense Advanced Research Projects Agency (DARPA), the Pentagon's renowned innovation center, he helped to design early-warning systems for countering terrorism and other security crises. The technologies would sift through huge, disconnected databases for useful intelligence -- telltale events, names, or places that hinted at malicious intentions -- and then connect the pieces to predict an attack.
"I wondered if the intelligence community had ever considered the use of commercial airplanes as weapons by terrorists," Poindexter said. The signals were there, hiding in a sea of noise. At least 19 hijackers had crossed the border, used credit cards to buy plane tickets, made phone calls to associates, taken pilot training. They left digital footprints every step of the way.
Poindexter arrived at Syntek and found his co-workers huddled around a television. "The first tower had collapsed before I got there, and I watched as the second one came crashing down, in what seemed like slow motion," Poindexter said.
"I was discouraged," he continued. "We had not been able to gain acceptance by the intelligence community of the technologies and concepts that we had developed. It had been a long, slow process over the past six years." Poindexter's staff left for home. "I stayed most of the day, thinking about what needed to be done."
Some 30 miles away, at the headquarters of the National Security Agency in Fort Meade, Md., Michael Hayden, a 56-year-old Air Force lieutenant general and the agency's director, had been working for two hours when the first plane pierced the World Trade Center's North Tower. Almost immediately, submachine-gun-toting guards and bomb-sniffing dogs fanned out across the NSA campus, the nerve center of the most sophisticated electronic spying network ever devised.
As the planes struck their targets, Hayden ordered all non-essential workers to evacuate. He called his wife, Jeanine, asked her to find their three children and headed to the counter-terrorism center.
The agency's "CT shop" housed the experts and linguists who tracked terrorists' foreign communications. Lately, they had intercepted more than usual. The center's offices were located near the top floor of a high-rise.
On 9/11, "for obvious reasons, we had tried to move as many folks as possible into our adjacent lower buildings, but we really couldn't afford to move the counter-terrorism shop," Hayden told a 9/11 congressional inquiry in October 2002. Hayden found the CT staff "emotionally shattered" and crying, but "defiantly tacking up blackout curtains on their windows to mask their location."
Domestic terrorist attacks, though a surprise, were not altogether unanticipated after the 1993 bombing of the World Trade Center. But Hayden knew that on the all-important home front, the NSA was deaf. "Sadly, NSA had no [signals] suggesting that Al Qaeda was specifically targeting New York and Washington, D.C., or even that it was planning an attack on U.S. soil," Hayden told the inquiry. "Indeed, NSA had no knowledge before September 11 that any of the attackers were in the United States."
To avoid charges of domestic spying, the NSA could not monitor Americans inside the country and some foreigners here -- absent a court order. They didn't constitute "foreign-intelligence value," in agency parlance. As Hayden explained in January at the National Press Club, even if the NSA had known of the hijackers' presence, "[they] would have been presumed to have been protected persons, U.S. persons," and therefore of no foreign-intelligence value, he said, his voice tensing. The agency also struggled to keep up with the overwhelming amount of raw intelligence it received every day, most of which was not related to terrorism.
Hayden understood that the terrorists had hatched their plans in this country. They had communicated here, moved about publicly, and left signals. If other terrorists were here, Hayden wanted to find them. "The standard by which we decided ... what [information] was relevant and valuable, and therefore, what was reasonable [to collect], would understandably change, I think, as smoke billowed from two American cities and a Pennsylvania farm field. And we acted accordingly."
Poindexter and Hayden knew that the signals of a future attack dwelled in a sea of noise full of mostly innocent activities. To find the enemies among us, they'd have to look, and listen, everywhere. Over the next two years, Poindexter and Hayden would hunt for signals on the sea. Sometimes they crossed paths.
While Poindexter's and Hayden's journeys were ostensibly separate, they hoped to arrive at the same destination -- knowing what terrorists would do before they acted.
Hayden left the NSA in 2005, to become the second-in-command of all intelligence agencies, but his successor continued his efforts. Some thought Poindexter's trek was finished when, three years ago, Congress eliminated funding for his early-warning research, amid fierce criticism from privacy-rights groups and civil libertarians. But Poindexter's brainchild lives on, in pursuit of the same elusive goal, and one of its biggest patrons is none other than Hayden's old harbor, the NSA. Today, the two men's visions appear more intertwined than ever.
Setting Sail
On the morning of September 12, Poindexter called his friend Brian Sharkey, with whom he had worked on the early-warning systems. They lamented that they hadn't achieved their ultimate vision -- "total information awareness" of terrorist planning.
They decided to urge DARPA to back a full-fledged "TIA" system, as Poindexter called it, comprising the data-mining and analysis tools they had been designing, along with new ones. TIA would train its eyes not only on government databases but also on those caches of valuable, and presumably private, information where terrorists left their footprints, such as credit card purchases, e-mails, and plane and car rental reservations.
"We knew we must work fast and build a convincing case," Poindexter said in an interview. On October 15, 2001, he pitched his plan to DARPA's director, Tony Tether, comparing TIA to another pursuit of a war-ending weapon. Poindexter titled his presentation "A Manhattan Project for Counter-Terrorism."
The government had once harnessed the brightest minds to build the atom bomb. Now Poindexter wanted the sharpest computer scientists and terrorist experts to build an information weapon. He even suggested ensconcing TIA team members at a secret government facility, surrounded by high fences and concertina wire, to remind them of the seriousness, urgency, and sensitivity of their work.
Tether was impressed, and he said that if Poindexter returned to government and ran TIA, DARPA would fund it. Two months later, Poindexter became the director of the agency's Information Awareness Office and kicked off a slew of multimillion-dollar research projects. One of them was designed to create privacy protections so that TIA wouldn't ensnare anyone who wasn't a terrorist. Poindexter's original plan to make TIA classified was changed; making the program public helped to attract new ideas.
While Poindexter pitched DARPA, Hayden met with Bush administration officials about the NSA's role in a future war. The agency was monitoring communications among known or suspected terrorists, regardless of geographic location, under existing authority that allowed domestic surveillance as part of a terrorism investigation. But that authority would eventually expire.
Shortly after the 9/11 attacks, then-CIA Director George Tenet asked Hayden, "Is there anything more you can do?" In response, Hayden said at his recent nomination hearing to be CIA director, "I said, 'Not within my current authorities.' And [Tenet] invited me to come down and talk to the administration about what more could be done."
Hayden proposed monitoring terrorists' communications into and out of the United States indefinitely. Such a program would have to have specific boundaries, he testified. It would have to be "technologically possible," "operationally relevant" to the mission -- foiling or catching terrorists -- and "lawful."
The NSA "would work ... where all three of those [requirements] intersected," Hayden said. It wasn't the surveillance envisioned under the 1978 Foreign Intelligence Surveillance Act, Hayden conceded. This was "hot pursuit" of communications, a distinction that still isn't well understood, but one that Hayden said gave the NSA a faster way to find terrorist signals.
President Bush was impressed. Hayden "showed me the plans.... I said, 'That makes a lot of sense to me,' " Bush said in a speech in February. "I remember some of those phone calls coming out of California," where some of the 9/11 hijackers were living, "just thinking, maybe if we'd have listened to those on a quick-response basis, you know, it might have helped prevent the attacks." On October 4, 2001, the president issued an order "that laid out the underpinnings for what I described," Hayden said at his confirmation hearing. "The math was pretty straightforward. I could not not do this."
Joining Forces
Unbeknownst to each other, Poindexter and Hayden started rigging up separate efforts. In February 2002, Poindexter established a secure, classified computer network for testing analysis software and tools that might be worked into TIA. As the system came together, this experimental network would be the engineers' Bonneville Salt Flats, a place to test-drive the state of the art. If tools passed muster there, they might end up in the design Poindexter had in mind.
"If there was a vendor with some great gizmo, they'd have to go through an arduous one- or two-year process to get that accredited by an intelligence agency," said Robert Popp, who was the No. 2 TIA official and Poindexter's deputy. "That didn't fit our parameters. We wanted to kick around these various technologies to see their utility. The network could put it through that whole two-year process in a few months."
Since intelligence agencies would be some of the ultimate users of TIA, Poindexter wanted them involved. He already had good contacts from his earlier work as a contractor on early-warning systems. He invited agencies to participate in TIA experiments by establishing "nodes," desktop computers connected directly to the network and housed in the agencies' offices. No agency collected more raw, noisy intelligence than the NSA, which was desperate to find ways to interpret the signals. It would be a natural TIA user, and so in late 2002, Poindexter met with NSA officials, including Hayden, and encouraged them to consider his approach.
The NSA agreed to participate in the experiments, and started installing nodes on the TIA network in early 2003. Poindexter also invited the Defense Intelligence Agency, the CIA, and several military combatant commands and intelligence brigades. All of the agencies used real data in the experiments. And the network was designed to let them share their intelligence. They could merge and cross-check, all in a closed environment. In that sense, the network was more than a test bed. It was also an information exchange.
Hayden seemed reticent about TIA, according to people who were privy to the early experiments. He was loathe to be seen publicly supporting the program. That may have been because the NSA was pursuing its own Holy Grail of analysis, apart from Poindexter's work. Indeed, the NSA's effort went back some years but had largely failed.
In the late 1990s, the NSA considered a novel approach to intercepting huge amounts of e-mail and phone traffic as part of a project called ThinThread. According to The Baltimore Sun, which revealed the program's existence last month, "ThinThread's information-sorting system was viewed by some in the agency as a competitor to Trailblazer, a $1.2 billion program that was being developed with similar goals.
The NSA was committed to Trailblazer, which later ran into trouble and has been essentially abandoned." A component of ThinThread exists today and is part of the domestic surveillance program, but it is less sophisticated and has created "a subpar tool for sniffing out information," The Sun reported.
In September 2002, just before the NSA joined Poindexter's laboratory, the agency's primary research unit began another TIA-like quest. The Advanced Research and Development Activity (ARDA), housed at NSA headquarters, awarded $64 million in contracts for the Novel Intelligence From Massive Data program, which was, according to former government officials, a spin-off of work that Poindexter and his team had begun almost a year earlier. At least six of the contractors who worked on TIA also worked on the NSA's version. Hayden's ship, it seems, was watching Poindexter's closely.
Rise and Fall
By mid-2002, the NSA was already secretly collecting huge amounts of phone and Internet data, as part of the terrorism program that Bush authorized. The agency was keen on finding a way to manage it all, but had found no technologies that could meet its dual needs -- sustaining a massive influx of information, in real time, and locating meaningful signals in it -- said sources who knew of the problem.
According to two former government officials, the NSA tried using the data-sorting and analysis tools developed under TIA. The early results, however, were unspectacular. When NSA researchers matched their data against those experimental computer programs, the tools crashed under the strain, one of the former officials said. The researchers did not conduct the tests on the network itself, sources said, suggesting that the NSA took tools that the network developed and used them on its own, without the knowledge of Poindexter's staff.
Documents show that the TIA network participants have tested at least four dozen tools using real intelligence data. The documents don't indicate which tools the NSA or any other agency specifically examined, but they do show that the NSA tested its own, homegrown versions on the TIA network as well.
The NSA was one of biggest players on the TIA network, but not the only one. As months passed, more agencies joined, and some began using TIA for real intelligence operations.
For instance, in 2003 the Pentagon's Criminal Investigation Task Force, which was established to fuse law enforcement and intelligence techniques in fighting terrorism, was interrogating detainees at the U.S. military facility at Guantanamo Bay, Cuba. Stacks of interrogation reports piled up, and the interrogators struggled to make sense of the information they contained. Some detainees frequently mentioned the same names or places. Some detainees claimed to know each other. Others didn't. The interrogators turned to the TIA network to help sort out the hundreds of reports and potential leads.
"They provided the interrogation reports to analysts, and [the analysts], using several link-analysis tools provided by TIA, tried to discover interesting nonobvious relationships," Popp said. Link analysis detects connections between people through common associates or backgrounds, and creates web-like diagrams of the connections.
"The link-analysis tools showed the interrogators things that were not apparent to them -- very valuable, useful information that they could then use in follow-up interrogations." Popp said that the investigators also knew after they concluded their interrogations that some detainees were not terrorists, so those reports were used to create a sort of baseline for what a nonterrorist looked like. The tools could then be calibrated to disregard certain attributes and search for others that were salient, Popp said.
TIA made more data available to the network members. Poindexter's team built a database of simulated intelligence reports about terrorists, including fake accounts of their daily activities that left transactional footprints, so that members could see how well the tools worked on information that mirrored their own.
The TIA researchers nicknamed the database "Ali Baba," a former official said, after the fictional Arabian Nights character who opens a cave hiding fabulous treasures by uttering the words "Open Sesame." Today, troops in Iraq use "Ali Baba" as a slang catchall for insurgents and suspected terrorists.
The TIA network also added real databases of known or suspected terrorists, as well as the people, places, and activities that had been linked to them. These caches, known as "entity databases," were highly classified and were open to other agencies with nodes on the network, according to former TIA officials and documents on the program.
As critics were chastising intelligence agencies for not sharing enough information about terrorism before 9/11, the TIA network partners were actively swapping leads and finding ways to give one another access to their highly classified intelligence.
Poindexter set out an ambitious schedule to enlarge the network and build an eventual TIA system. Every three months, an experiment was aimed at a specific milestone, such as creating an entity database, finding new ways for analysts to collaborate, or testing tools that uncovered terrorist aliases and hidden links between groups. Each experiment period had a code name -- "Mistral," "Sirocco," "Rafale," "Noreaster." The nomenclature paid homage to Poindexter's passion: sailing. Each name is a type of wind.
The TIA network was quickly becoming the most active experiment of its kind. In the network's first year, the number of individual users at agencies increased more than 35 times, from seven to 250. By August 2003, the network had 23 nodes and 320 users.
And then, the bottom fell out.
TIA had come under intense scrutiny from lawmakers and privacy advocates in late 2002, when a series of news articles brought the program to the attention of national policy makers. One piece, by New York Times columnist William Safire, assailed the program as a "far-out Orwellian scenario." It seized on Poindexter's plan to look at databases of personal information as a potential intelligence source. Safire derided TIA as the ultimate snooping machine.
TIA's existence was never a secret, and technology journalists had written about the program. But the national media attention raised questions about just how far the Bush administration was willing to go in the war on terrorism.
Safire also reminded readers that Poindexter was the central figure in the Reagan administration's greatest scandal. Poindexter oversaw the secret sale of missiles to Iran, in exchange for American hostages, and then funneled the proceeds to the anti-communist Contras in Nicaragua. In 1990, he was convicted on multiple felony counts stemming from the affair; an appeals court overturned the convictions a year later. "This ring-knocking master of deceit is back again with a plan even more scandalous than Iran-Contra," Safire wrote.
Poindexter had feared his past would catch up with him and tar TIA, he said in interviews. After Safire's column ran, Defense Secretary Donald Rumsfeld barred Poindexter from speaking publicly. Lawmakers were outraged that the government had even proposed TIA, much less put a once-convicted felon in charge.
Poindexter continued his work, but late in July 2003, The Times revealed that his group was studying a futures market that would let terrorism analysts place bets on likely attacks. Although academics and economists praised the idea -- futures markets can accurately predict commodities prices, housing sales, and sometimes even elections -- it looked perverse when it was attached to Poindexter's shop. The Pentagon forced Poindexter to resign less than two weeks later.
Aggrieved lawmakers and civil libertarians declared victory in September, when Congress eliminated funding in the Defense Department budget for TIA. But they might have missed the fine print. Lawmakers allowed classified intelligence funds to be spent on a "program ... for processing, analysis, and collaboration tools for counter-terrorism foreign intelligence." The program was TIA. And it was about to move to a new home, at the headquarters of the NSA.
Inherit the Winds
As National Journal revealed in February, the NSA's Advanced Research and Development Activity took over TIA and carried on the experimental network in late 2003. ARDA continued vetting new tools and even kept the aggressive experiment schedule, still named after different winds, documents show.
But it discontinued some programs, most notably a multimillion-dollar effort to build privacy-protection technologies. ARDA also abandoned the effort to build audit trails in TIA, which would have permanently recorded any abuse by users.
The experimental network's name was changed from TIA, to erase any connection to its past. Today it's called the Research Development and Experimental Collaboration (RDEC, pronounced ARdeck). The NSA is the biggest player, with at least 15 nodes as of December 2004, according to official documents. "I think it's considerably more today," said a former government official knowledgeable about RDEC. A spokesman for the NSA said he had no information to provide about the network.
Popp, the former TIA deputy director, emphasized that he didn't know if the NSA is using RDEC directly for the domestic surveillance program. "NSA is a big place," he said.
However, some of the tools that TIA developed and experimented with, Popp said, "no question, are the same sorts of tools that the NSA eavesdropping program could possibly use -- meaningfully -- for analytical purposes, based on what's publicly known about it. This certainly seems plausible to me." Popp has recently co-edited a book on technologies for counter-terrorism, and legal and policy structures for implementing them.
"I would bet that the tools NSA is using today [as part of the domestic program] are not the ones they started out with," said a former government official who was close to TIA and the NSA.
RDEC could enhance the domestic surveillance program if the NSA used it as an information-sharing device, to cross-check names and events with other agencies and firm up links, former officials said. In January, The Washington Post reported that the NSA shared information obtained from the domestic program with other agencies, including the Defense Intelligence Agency and the Counterintelligence Field Activity, a Pentagon counter-terrorism group that has collected information about war protesters near military facilities. Both agencies have nodes on RDEC.
The Defense Intelligence Agency, which like the NSA is overseen by the Pentagon, is one of the largest RDEC users. In an interview, Lewis Shepherd, the chief of the agency's Requirements and Research Group, said that RDEC is "the most successful attempt at bringing together a wide variety of analysts and agencies to work and think outside of the box collaboratively," specifically on counter-terrorism. "[It] opens access to a variety of data sources to different tools that haven't been able to access that data."
For example, RDEC lets analysts conduct repeated keyword searches on many different data streams, Shepherd said. It "sparks out-of-the-box innovation in how we do information-sharing."
Asked to elaborate on that innovation, Shepherd said, "It's all classified." But he offered the NSA as a general example. The agency's analysts are well trained in working with electronic signals, but they don't have much history in using other sources, such as satellite photos. RDEC lets NSA analysts, and others, "refine" the way they do their work, Shepherd said.
The former government official who was close to TIA and the NSA said it was "conceivable" that the NSA would use the RDEC to share information from the domestic program with other agencies. "It's a very good forum for doing that," the former official said.
Legacy
On October 6, 2001, two days after Bush cleared Hayden to turn the NSA's ears inward, Hayden met with about 80 agency employees in a large conference room. They became the workforce of the secret program, and Hayden told them what they were allowed to do. "I was explaining what the president had authorized," Hayden recalled at his CIA nomination hearing. "And I ended up by saying, 'And we're going to do exactly what he said and not one photon or one electron more.' And I think that's what we've done."
Hayden had set boundaries -- what was technologically possible, relevant, and lawful. But he has vowed that the NSA will live on the edge of those boundaries. A great fan of sports analogies, Hayden has said in private and public gatherings that for years the NSA played defense against its adversaries. A legal line of scrimmage kept the agency from tackling terrorists inside the country.
But after 9/11, the lines of play were redrawn. The NSA would go right up to the boundaries. "My spikes will have chalk on them," Hayden reportedly told one group when describing the NSA's new game plan. He was clear: "We're pretty aggressive within the law. As a professional, I'm troubled if I'm not using the full authority allowed by law."
Poindexter also thought that 9/11 clarified his purpose. "The attacks brought ... the war to our home," he wrote in his resignation letter in 2003. "After ... 9/11, I felt compelled to do what I could to make sure that never happened again." No one had done enough on 9/10 to stop the next day's horrors. Poindexter and Hayden wouldn't make the same mistake twice.
Poindexter is gone from government, but he still maintains contacts within the intelligence community and exerts a quiet influence. Hayden left the NSA in April 2005 to become the first deputy director of national intelligence. From that office, he oversaw all intelligence activities. Later this year, the office will take over management of the Advanced Research and Development Activity, which runs RDEC. Hayden took over as CIA director in May.
Although they've moved on, Poindexter and Hayden have left a wide wake. Whether or not Poindexter's masterwork has become the centerpiece of Hayden's terrorist hunt, their sails were cut from the same cloth. Their goals were the same. The former official who was close to TIA and the NSA thinks that Hayden didn't want to be associated with Poindexter, either publicly or in government, given his controversial nature.
"I think that Hayden was concerned that [Poindexter's] research was going to call attention, and that would eventually lead people to ask questions about what NSA was doing," the former official said. When TIA was ensnared in controversy, Hayden stayed quiet about the NSA's involvement.
But Hayden was watching, and following the admiral's lead, the former official thinks. Today, what the NSA is known to be doing looks enough like TIA to suggest that Poindexter inspired Hayden and his team. "It's clear to me now, in hindsight, why Hayden really was so unwilling to publicly acknowledge TIA," the former official said. "It's because Hayden was doing many of the things Poindexter did."
Published in National Journal.
Friday, June 16, 2006
People like to say that the world changed on 9/11. That it became a more confusing place. But for two men, as buildings and bodies burned, the world became much clearer.
On the morning of September 11, 2001, John Poindexter, a 65-year-old retired rear admiral and President Reagan's onetime national security adviser, was driving to his office at a technology firm in Arlington, Va. He was 5 miles north of the Pentagon.
Poindexter's wife, Linda, rang his cellphone. Airplanes had flown into the twin towers in New York City, and one just crashed into the Pentagon, she said. "But Mark is OK. He wasn't in the building." Mark, one of the Poindexters' five sons, was a commander on the chief of naval operations' staff. His offices sat where the plane crashed, but most of the staff had cleared out earlier to accommodate Pentagon renovations.
"First, I was relieved that Mark was not in the building," Poindexter recalled in interviews in 2004. "Next, I realized this was a well-coordinated attack of the type that we had been working to prevent."
Poindexter was the senior vice president at Syntek Technologies. Under contract with the Defense Advanced Research Projects Agency (DARPA), the Pentagon's renowned innovation center, he helped to design early-warning systems for countering terrorism and other security crises. The technologies would sift through huge, disconnected databases for useful intelligence -- telltale events, names, or places that hinted at malicious intentions -- and then connect the pieces to predict an attack.
"I wondered if the intelligence community had ever considered the use of commercial airplanes as weapons by terrorists," Poindexter said. The signals were there, hiding in a sea of noise. At least 19 hijackers had crossed the border, used credit cards to buy plane tickets, made phone calls to associates, taken pilot training. They left digital footprints every step of the way.
Poindexter arrived at Syntek and found his co-workers huddled around a television. "The first tower had collapsed before I got there, and I watched as the second one came crashing down, in what seemed like slow motion," Poindexter said.
"I was discouraged," he continued. "We had not been able to gain acceptance by the intelligence community of the technologies and concepts that we had developed. It had been a long, slow process over the past six years." Poindexter's staff left for home. "I stayed most of the day, thinking about what needed to be done."
Some 30 miles away, at the headquarters of the National Security Agency in Fort Meade, Md., Michael Hayden, a 56-year-old Air Force lieutenant general and the agency's director, had been working for two hours when the first plane pierced the World Trade Center's North Tower. Almost immediately, submachine-gun-toting guards and bomb-sniffing dogs fanned out across the NSA campus, the nerve center of the most sophisticated electronic spying network ever devised.
As the planes struck their targets, Hayden ordered all non-essential workers to evacuate. He called his wife, Jeanine, asked her to find their three children and headed to the counter-terrorism center.
The agency's "CT shop" housed the experts and linguists who tracked terrorists' foreign communications. Lately, they had intercepted more than usual. The center's offices were located near the top floor of a high-rise.
On 9/11, "for obvious reasons, we had tried to move as many folks as possible into our adjacent lower buildings, but we really couldn't afford to move the counter-terrorism shop," Hayden told a 9/11 congressional inquiry in October 2002. Hayden found the CT staff "emotionally shattered" and crying, but "defiantly tacking up blackout curtains on their windows to mask their location."
Domestic terrorist attacks, though a surprise, were not altogether unanticipated after the 1993 bombing of the World Trade Center. But Hayden knew that on the all-important home front, the NSA was deaf. "Sadly, NSA had no [signals] suggesting that Al Qaeda was specifically targeting New York and Washington, D.C., or even that it was planning an attack on U.S. soil," Hayden told the inquiry. "Indeed, NSA had no knowledge before September 11 that any of the attackers were in the United States."
To avoid charges of domestic spying, the NSA could not monitor Americans inside the country and some foreigners here -- absent a court order. They didn't constitute "foreign-intelligence value," in agency parlance. As Hayden explained in January at the National Press Club, even if the NSA had known of the hijackers' presence, "[they] would have been presumed to have been protected persons, U.S. persons," and therefore of no foreign-intelligence value, he said, his voice tensing. The agency also struggled to keep up with the overwhelming amount of raw intelligence it received every day, most of which was not related to terrorism.
Hayden understood that the terrorists had hatched their plans in this country. They had communicated here, moved about publicly, and left signals. If other terrorists were here, Hayden wanted to find them. "The standard by which we decided ... what [information] was relevant and valuable, and therefore, what was reasonable [to collect], would understandably change, I think, as smoke billowed from two American cities and a Pennsylvania farm field. And we acted accordingly."
Poindexter and Hayden knew that the signals of a future attack dwelled in a sea of noise full of mostly innocent activities. To find the enemies among us, they'd have to look, and listen, everywhere. Over the next two years, Poindexter and Hayden would hunt for signals on the sea. Sometimes they crossed paths.
While Poindexter's and Hayden's journeys were ostensibly separate, they hoped to arrive at the same destination -- knowing what terrorists would do before they acted.
Hayden left the NSA in 2005, to become the second-in-command of all intelligence agencies, but his successor continued his efforts. Some thought Poindexter's trek was finished when, three years ago, Congress eliminated funding for his early-warning research, amid fierce criticism from privacy-rights groups and civil libertarians. But Poindexter's brainchild lives on, in pursuit of the same elusive goal, and one of its biggest patrons is none other than Hayden's old harbor, the NSA. Today, the two men's visions appear more intertwined than ever.
Setting Sail
On the morning of September 12, Poindexter called his friend Brian Sharkey, with whom he had worked on the early-warning systems. They lamented that they hadn't achieved their ultimate vision -- "total information awareness" of terrorist planning.
They decided to urge DARPA to back a full-fledged "TIA" system, as Poindexter called it, comprising the data-mining and analysis tools they had been designing, along with new ones. TIA would train its eyes not only on government databases but also on those caches of valuable, and presumably private, information where terrorists left their footprints, such as credit card purchases, e-mails, and plane and car rental reservations.
"We knew we must work fast and build a convincing case," Poindexter said in an interview. On October 15, 2001, he pitched his plan to DARPA's director, Tony Tether, comparing TIA to another pursuit of a war-ending weapon. Poindexter titled his presentation "A Manhattan Project for Counter-Terrorism."
The government had once harnessed the brightest minds to build the atom bomb. Now Poindexter wanted the sharpest computer scientists and terrorist experts to build an information weapon. He even suggested ensconcing TIA team members at a secret government facility, surrounded by high fences and concertina wire, to remind them of the seriousness, urgency, and sensitivity of their work.
Tether was impressed, and he said that if Poindexter returned to government and ran TIA, DARPA would fund it. Two months later, Poindexter became the director of the agency's Information Awareness Office and kicked off a slew of multimillion-dollar research projects. One of them was designed to create privacy protections so that TIA wouldn't ensnare anyone who wasn't a terrorist. Poindexter's original plan to make TIA classified was changed; making the program public helped to attract new ideas.
While Poindexter pitched DARPA, Hayden met with Bush administration officials about the NSA's role in a future war. The agency was monitoring communications among known or suspected terrorists, regardless of geographic location, under existing authority that allowed domestic surveillance as part of a terrorism investigation. But that authority would eventually expire.
Shortly after the 9/11 attacks, then-CIA Director George Tenet asked Hayden, "Is there anything more you can do?" In response, Hayden said at his recent nomination hearing to be CIA director, "I said, 'Not within my current authorities.' And [Tenet] invited me to come down and talk to the administration about what more could be done."
Hayden proposed monitoring terrorists' communications into and out of the United States indefinitely. Such a program would have to have specific boundaries, he testified. It would have to be "technologically possible," "operationally relevant" to the mission -- foiling or catching terrorists -- and "lawful."
The NSA "would work ... where all three of those [requirements] intersected," Hayden said. It wasn't the surveillance envisioned under the 1978 Foreign Intelligence Surveillance Act, Hayden conceded. This was "hot pursuit" of communications, a distinction that still isn't well understood, but one that Hayden said gave the NSA a faster way to find terrorist signals.
President Bush was impressed. Hayden "showed me the plans.... I said, 'That makes a lot of sense to me,' " Bush said in a speech in February. "I remember some of those phone calls coming out of California," where some of the 9/11 hijackers were living, "just thinking, maybe if we'd have listened to those on a quick-response basis, you know, it might have helped prevent the attacks." On October 4, 2001, the president issued an order "that laid out the underpinnings for what I described," Hayden said at his confirmation hearing. "The math was pretty straightforward. I could not not do this."
Joining Forces
Unbeknownst to each other, Poindexter and Hayden started rigging up separate efforts. In February 2002, Poindexter established a secure, classified computer network for testing analysis software and tools that might be worked into TIA. As the system came together, this experimental network would be the engineers' Bonneville Salt Flats, a place to test-drive the state of the art. If tools passed muster there, they might end up in the design Poindexter had in mind.
"If there was a vendor with some great gizmo, they'd have to go through an arduous one- or two-year process to get that accredited by an intelligence agency," said Robert Popp, who was the No. 2 TIA official and Poindexter's deputy. "That didn't fit our parameters. We wanted to kick around these various technologies to see their utility. The network could put it through that whole two-year process in a few months."
Since intelligence agencies would be some of the ultimate users of TIA, Poindexter wanted them involved. He already had good contacts from his earlier work as a contractor on early-warning systems. He invited agencies to participate in TIA experiments by establishing "nodes," desktop computers connected directly to the network and housed in the agencies' offices. No agency collected more raw, noisy intelligence than the NSA, which was desperate to find ways to interpret the signals. It would be a natural TIA user, and so in late 2002, Poindexter met with NSA officials, including Hayden, and encouraged them to consider his approach.
The NSA agreed to participate in the experiments, and started installing nodes on the TIA network in early 2003. Poindexter also invited the Defense Intelligence Agency, the CIA, and several military combatant commands and intelligence brigades. All of the agencies used real data in the experiments. And the network was designed to let them share their intelligence. They could merge and cross-check, all in a closed environment. In that sense, the network was more than a test bed. It was also an information exchange.
Hayden seemed reticent about TIA, according to people who were privy to the early experiments. He was loathe to be seen publicly supporting the program. That may have been because the NSA was pursuing its own Holy Grail of analysis, apart from Poindexter's work. Indeed, the NSA's effort went back some years but had largely failed.
In the late 1990s, the NSA considered a novel approach to intercepting huge amounts of e-mail and phone traffic as part of a project called ThinThread. According to The Baltimore Sun, which revealed the program's existence last month, "ThinThread's information-sorting system was viewed by some in the agency as a competitor to Trailblazer, a $1.2 billion program that was being developed with similar goals.
The NSA was committed to Trailblazer, which later ran into trouble and has been essentially abandoned." A component of ThinThread exists today and is part of the domestic surveillance program, but it is less sophisticated and has created "a subpar tool for sniffing out information," The Sun reported.
In September 2002, just before the NSA joined Poindexter's laboratory, the agency's primary research unit began another TIA-like quest. The Advanced Research and Development Activity (ARDA), housed at NSA headquarters, awarded $64 million in contracts for the Novel Intelligence From Massive Data program, which was, according to former government officials, a spin-off of work that Poindexter and his team had begun almost a year earlier. At least six of the contractors who worked on TIA also worked on the NSA's version. Hayden's ship, it seems, was watching Poindexter's closely.
Rise and Fall
By mid-2002, the NSA was already secretly collecting huge amounts of phone and Internet data, as part of the terrorism program that Bush authorized. The agency was keen on finding a way to manage it all, but had found no technologies that could meet its dual needs -- sustaining a massive influx of information, in real time, and locating meaningful signals in it -- said sources who knew of the problem.
According to two former government officials, the NSA tried using the data-sorting and analysis tools developed under TIA. The early results, however, were unspectacular. When NSA researchers matched their data against those experimental computer programs, the tools crashed under the strain, one of the former officials said. The researchers did not conduct the tests on the network itself, sources said, suggesting that the NSA took tools that the network developed and used them on its own, without the knowledge of Poindexter's staff.
Documents show that the TIA network participants have tested at least four dozen tools using real intelligence data. The documents don't indicate which tools the NSA or any other agency specifically examined, but they do show that the NSA tested its own, homegrown versions on the TIA network as well.
The NSA was one of biggest players on the TIA network, but not the only one. As months passed, more agencies joined, and some began using TIA for real intelligence operations.
For instance, in 2003 the Pentagon's Criminal Investigation Task Force, which was established to fuse law enforcement and intelligence techniques in fighting terrorism, was interrogating detainees at the U.S. military facility at Guantanamo Bay, Cuba. Stacks of interrogation reports piled up, and the interrogators struggled to make sense of the information they contained. Some detainees frequently mentioned the same names or places. Some detainees claimed to know each other. Others didn't. The interrogators turned to the TIA network to help sort out the hundreds of reports and potential leads.
"They provided the interrogation reports to analysts, and [the analysts], using several link-analysis tools provided by TIA, tried to discover interesting nonobvious relationships," Popp said. Link analysis detects connections between people through common associates or backgrounds, and creates web-like diagrams of the connections.
"The link-analysis tools showed the interrogators things that were not apparent to them -- very valuable, useful information that they could then use in follow-up interrogations." Popp said that the investigators also knew after they concluded their interrogations that some detainees were not terrorists, so those reports were used to create a sort of baseline for what a nonterrorist looked like. The tools could then be calibrated to disregard certain attributes and search for others that were salient, Popp said.
TIA made more data available to the network members. Poindexter's team built a database of simulated intelligence reports about terrorists, including fake accounts of their daily activities that left transactional footprints, so that members could see how well the tools worked on information that mirrored their own.
The TIA researchers nicknamed the database "Ali Baba," a former official said, after the fictional Arabian Nights character who opens a cave hiding fabulous treasures by uttering the words "Open Sesame." Today, troops in Iraq use "Ali Baba" as a slang catchall for insurgents and suspected terrorists.
The TIA network also added real databases of known or suspected terrorists, as well as the people, places, and activities that had been linked to them. These caches, known as "entity databases," were highly classified and were open to other agencies with nodes on the network, according to former TIA officials and documents on the program.
As critics were chastising intelligence agencies for not sharing enough information about terrorism before 9/11, the TIA network partners were actively swapping leads and finding ways to give one another access to their highly classified intelligence.
Poindexter set out an ambitious schedule to enlarge the network and build an eventual TIA system. Every three months, an experiment was aimed at a specific milestone, such as creating an entity database, finding new ways for analysts to collaborate, or testing tools that uncovered terrorist aliases and hidden links between groups. Each experiment period had a code name -- "Mistral," "Sirocco," "Rafale," "Noreaster." The nomenclature paid homage to Poindexter's passion: sailing. Each name is a type of wind.
The TIA network was quickly becoming the most active experiment of its kind. In the network's first year, the number of individual users at agencies increased more than 35 times, from seven to 250. By August 2003, the network had 23 nodes and 320 users.
And then, the bottom fell out.
TIA had come under intense scrutiny from lawmakers and privacy advocates in late 2002, when a series of news articles brought the program to the attention of national policy makers. One piece, by New York Times columnist William Safire, assailed the program as a "far-out Orwellian scenario." It seized on Poindexter's plan to look at databases of personal information as a potential intelligence source. Safire derided TIA as the ultimate snooping machine.
TIA's existence was never a secret, and technology journalists had written about the program. But the national media attention raised questions about just how far the Bush administration was willing to go in the war on terrorism.
Safire also reminded readers that Poindexter was the central figure in the Reagan administration's greatest scandal. Poindexter oversaw the secret sale of missiles to Iran, in exchange for American hostages, and then funneled the proceeds to the anti-communist Contras in Nicaragua. In 1990, he was convicted on multiple felony counts stemming from the affair; an appeals court overturned the convictions a year later. "This ring-knocking master of deceit is back again with a plan even more scandalous than Iran-Contra," Safire wrote.
Poindexter had feared his past would catch up with him and tar TIA, he said in interviews. After Safire's column ran, Defense Secretary Donald Rumsfeld barred Poindexter from speaking publicly. Lawmakers were outraged that the government had even proposed TIA, much less put a once-convicted felon in charge.
Poindexter continued his work, but late in July 2003, The Times revealed that his group was studying a futures market that would let terrorism analysts place bets on likely attacks. Although academics and economists praised the idea -- futures markets can accurately predict commodities prices, housing sales, and sometimes even elections -- it looked perverse when it was attached to Poindexter's shop. The Pentagon forced Poindexter to resign less than two weeks later.
Aggrieved lawmakers and civil libertarians declared victory in September, when Congress eliminated funding in the Defense Department budget for TIA. But they might have missed the fine print. Lawmakers allowed classified intelligence funds to be spent on a "program ... for processing, analysis, and collaboration tools for counter-terrorism foreign intelligence." The program was TIA. And it was about to move to a new home, at the headquarters of the NSA.
Inherit the Winds
As National Journal revealed in February, the NSA's Advanced Research and Development Activity took over TIA and carried on the experimental network in late 2003. ARDA continued vetting new tools and even kept the aggressive experiment schedule, still named after different winds, documents show.
But it discontinued some programs, most notably a multimillion-dollar effort to build privacy-protection technologies. ARDA also abandoned the effort to build audit trails in TIA, which would have permanently recorded any abuse by users.
The experimental network's name was changed from TIA, to erase any connection to its past. Today it's called the Research Development and Experimental Collaboration (RDEC, pronounced ARdeck). The NSA is the biggest player, with at least 15 nodes as of December 2004, according to official documents. "I think it's considerably more today," said a former government official knowledgeable about RDEC. A spokesman for the NSA said he had no information to provide about the network.
Popp, the former TIA deputy director, emphasized that he didn't know if the NSA is using RDEC directly for the domestic surveillance program. "NSA is a big place," he said.
However, some of the tools that TIA developed and experimented with, Popp said, "no question, are the same sorts of tools that the NSA eavesdropping program could possibly use -- meaningfully -- for analytical purposes, based on what's publicly known about it. This certainly seems plausible to me." Popp has recently co-edited a book on technologies for counter-terrorism, and legal and policy structures for implementing them.
"I would bet that the tools NSA is using today [as part of the domestic program] are not the ones they started out with," said a former government official who was close to TIA and the NSA.
RDEC could enhance the domestic surveillance program if the NSA used it as an information-sharing device, to cross-check names and events with other agencies and firm up links, former officials said. In January, The Washington Post reported that the NSA shared information obtained from the domestic program with other agencies, including the Defense Intelligence Agency and the Counterintelligence Field Activity, a Pentagon counter-terrorism group that has collected information about war protesters near military facilities. Both agencies have nodes on RDEC.
The Defense Intelligence Agency, which like the NSA is overseen by the Pentagon, is one of the largest RDEC users. In an interview, Lewis Shepherd, the chief of the agency's Requirements and Research Group, said that RDEC is "the most successful attempt at bringing together a wide variety of analysts and agencies to work and think outside of the box collaboratively," specifically on counter-terrorism. "[It] opens access to a variety of data sources to different tools that haven't been able to access that data."
For example, RDEC lets analysts conduct repeated keyword searches on many different data streams, Shepherd said. It "sparks out-of-the-box innovation in how we do information-sharing."
Asked to elaborate on that innovation, Shepherd said, "It's all classified." But he offered the NSA as a general example. The agency's analysts are well trained in working with electronic signals, but they don't have much history in using other sources, such as satellite photos. RDEC lets NSA analysts, and others, "refine" the way they do their work, Shepherd said.
The former government official who was close to TIA and the NSA said it was "conceivable" that the NSA would use the RDEC to share information from the domestic program with other agencies. "It's a very good forum for doing that," the former official said.
Legacy
On October 6, 2001, two days after Bush cleared Hayden to turn the NSA's ears inward, Hayden met with about 80 agency employees in a large conference room. They became the workforce of the secret program, and Hayden told them what they were allowed to do. "I was explaining what the president had authorized," Hayden recalled at his CIA nomination hearing. "And I ended up by saying, 'And we're going to do exactly what he said and not one photon or one electron more.' And I think that's what we've done."
Hayden had set boundaries -- what was technologically possible, relevant, and lawful. But he has vowed that the NSA will live on the edge of those boundaries. A great fan of sports analogies, Hayden has said in private and public gatherings that for years the NSA played defense against its adversaries. A legal line of scrimmage kept the agency from tackling terrorists inside the country.
But after 9/11, the lines of play were redrawn. The NSA would go right up to the boundaries. "My spikes will have chalk on them," Hayden reportedly told one group when describing the NSA's new game plan. He was clear: "We're pretty aggressive within the law. As a professional, I'm troubled if I'm not using the full authority allowed by law."
Poindexter also thought that 9/11 clarified his purpose. "The attacks brought ... the war to our home," he wrote in his resignation letter in 2003. "After ... 9/11, I felt compelled to do what I could to make sure that never happened again." No one had done enough on 9/10 to stop the next day's horrors. Poindexter and Hayden wouldn't make the same mistake twice.
Poindexter is gone from government, but he still maintains contacts within the intelligence community and exerts a quiet influence. Hayden left the NSA in April 2005 to become the first deputy director of national intelligence. From that office, he oversaw all intelligence activities. Later this year, the office will take over management of the Advanced Research and Development Activity, which runs RDEC. Hayden took over as CIA director in May.
Although they've moved on, Poindexter and Hayden have left a wide wake. Whether or not Poindexter's masterwork has become the centerpiece of Hayden's terrorist hunt, their sails were cut from the same cloth. Their goals were the same. The former official who was close to TIA and the NSA thinks that Hayden didn't want to be associated with Poindexter, either publicly or in government, given his controversial nature.
"I think that Hayden was concerned that [Poindexter's] research was going to call attention, and that would eventually lead people to ask questions about what NSA was doing," the former official said. When TIA was ensnared in controversy, Hayden stayed quiet about the NSA's involvement.
But Hayden was watching, and following the admiral's lead, the former official thinks. Today, what the NSA is known to be doing looks enough like TIA to suggest that Poindexter inspired Hayden and his team. "It's clear to me now, in hindsight, why Hayden really was so unwilling to publicly acknowledge TIA," the former official said. "It's because Hayden was doing many of the things Poindexter did."
Published in National Journal.
Labels: Intelligence, National Security Agency, Technology, Terrorism, Total Information Awareness
Full Article
More than Meets the Ear
Friday, March 17, 2006
The National Security Agency's warantless surveillance program is broader than officials have described.
The Bush administration has assiduously avoided any talk about the actual workings of its program to intercept the phone calls and e-mails of people in the United States who are suspected of having links to terrorists abroad. Officials' unwavering script goes like this: Present the legal justifications for the president to authorize domestic electronic surveillance without warrants, but say nothing about how the National Security Agency actually does it -- or about what else the agency might be doing.
But when Attorney General Alberto Gonzales appeared before the Senate Judiciary Committee on February 6 to answer questions about the program, what he didn't say pulled back the curtain on how the NSA decides which calls and e-mails to monitor. The agency bases those decisions on a broad and less focused surveillance than officials have publicly described, a surveillance that may, or may not, be legal.
In a hearing that lasted more than eight hours, Gonzales, who didn't testify under oath, dutifully batted away senators' inquiries about "operational details" and stayed silent, under determined questioning by some Democrats, about other warrantless programs that the president might have secretly authorized. When the hearing finally ended, so did Gonzales's comments on the program.
Until 22 days later. On February 28, Gonzales sent committee Chairman Arlen Specter, R-Pa., a six-page letter, partly to respond to questions he was unprepared to answer at the hearing, but also "to clarify certain of my responses" in the earlier testimony. In the letter, Gonzales took pains to correct any "misimpressions" that he might have created about whether the Justice Department had assessed the legality of intercepting purely domestic communications, for example, as opposed to those covered by the NSA program, in which one party is outside the United States. The attorney general didn't say that Justice had contemplated the legality of purely domestic eavesdropping without a warrant, but he also didn't say it hadn't.
Gonzales's letter was intriguing for what else it didn't say, especially on one point: With exacting language, he narrowed the scope of his comments to address only "questions relating to the specific NSA activities that have been publicly confirmed by the president." Then, as if to avoid any confusion, Gonzales added, "Those activities involve the interception by the NSA of the contents of communications" involving suspected terrorists and people in the United States.
Slightly, and with a single word, Gonzales was tipping his hand. The content of electronic communications is usually considered to be the spoken words of a phone call or the written words in an electronic message. The term does not include the wealth of so-called transactional data that accompany every communication: a phone number, and what calls were placed to and from that number; the time a call was placed; whether the call was answered and how long it lasted, down to the second; the time and date that an e-mail message was sent, as well as its unique address and routing path, which reveals the location of the computer that sent it and, presumably, the author.
Considering that terrorists often talk and write in code, the transactional data of a communication, properly exploited, could yield more valuable intelligence than the content itself. "You will get a very full picture of a person's associations and their patterns of activity," said Jim Dempsey, the policy director of the Center for Democracy and Technology, an electronic-privacy advocacy group. "You'll know who they're talking to, when they're talking, how long, how frequently.... It's a lot [of information]. I mean, a lot."
According to sources who are familiar with the details of what the White House calls the "terrorist surveillance program," and who asked to remain anonymous because the program is still classified, analyzing transactional data is one of the first and most important steps the agency takes in deciding which phone calls to listen to and which electronic messages to read. Far from the limited or targeted surveillance that Gonzales, President Bush, and intelligence officials have described, this traffic analysis examines thousands, perhaps hundreds of thousands, of individuals, because nearly every phone number and nearly every e-mail address is connected to a person.
Patterns in the Sea
Analysis of telephone traffic patterns helps analysts and investigators spot relationships among people that aren't always obvious. For instance, imagine that a man in Portland, Ore., receives a call from someone at a pay phone in Brooklyn, N.Y., every Tuesday at 9 a.m. Also every Tuesday, but minutes earlier, the pay phone caller rings up a man in Miami. An investigator might look at that pattern and suspect that the men in Portland and Miami are communicating through the Brooklyn caller, who's acting as a kind of courier, to mask their relationship. Patterns like this have led criminal investigators into the inner workings of drug cartels and have proved vital in breaking these cartels up.
Terrorists employ similar masking techniques. They use go-betweens to circuitously route calls, and they change cellphones often to avoid detection. Transactional data, however, capture those behaviors. If NSA analysts -- or their computers -- can find these patterns or signatures, then they might find the terrorists, or at least know which ones they should monitor.
Just after 9/11, according to knowledgeable sources, the NSA began intercepting the communications of specific foreign persons and groups named on a list. The sources didn't specify whether persons inside the United States were monitored as part of that list. But a former government official who is knowledgeable about NSA activities and the warrantless surveillance program said that this original list of people and groups, or others like it, could have formed the base of the NSA's surveillance of transactional data, the parts of a communication that aren't considered content.
If the agency started with a list of phone numbers, it could find all the numbers dialed from those phones. The NSA could then learn what numbers were called from that second list of numbers, and what calls that list received, and so on, "pushing out" the lists until the agency had identified a vast network of callers and their transactional data, the former official said. The agency might eavesdrop on only a few conversations or e-mails. But starting with even an initial target list of, say, 10 phone numbers quickly yields a web of hundreds of thousands of communications, because the volume increases exponentially with every new layer of callers.
To find meaningful patterns in transactional data, analysts need a lot of it. They must set baselines about what constitutes "normal" behavior versus "suspicious" activity. Administration officials have said that the NSA doesn't intercept the contents of a communication unless officials have a "reasonable" basis to conclude that at least one party is linked to a terrorist organization. To make any reasonable determination like that, the agency needs hundreds of thousands, or even millions, of call records, preferably as soon as they are created, said a senior person in the defense industry who is familiar with the NSA program and is an expert in the analytical tools used to find patterns and connections. Asked if this means that the NSA program is much broader and less targeted than administration officials have described, the expert replied, "I think that's correct."
In theory, finding reasonable connections in data is a straightforward and largely automated process. Analysts use computer programs based on algorithms -- mathematical procedures for solving a particular problem -- much the same way that meteorologists use data models to forecast the weather. Counter-terrorism algorithms look for the transactional indicators that match what analysts recognize as signs of a plot.
Of course, those algorithms must be sophisticated enough to spot many not-so-obvious patterns in a mass of data that are mostly uninteresting, and they work best when the data come from many sources. Algorithms have proven useful for detecting frequent criminal activity, such as credit card fraud. "Historical data clearly indicate that if a credit card turns up in two cities on two continents on the same day, that's a useful pattern," says Jeff Jonas, a computer scientist who invented a technology to connect known scam artists who are on casinos' watch lists with new potential grifters, and is now the chief scientist of IBM Entity Analytics. "The challenge of predicting terrorism is that unlike fraud, we don't have the same volume of historical data to learn from," Jonas said. "Compounding this is the fact that terrorists are constantly changing their methods and do their best to avoid leaving any digital footprints in the first place."
The obvious solution would be to write an algorithm that is flexible and fast enough to weigh millions of pieces of evidence, including exculpatory ones, against each other. But according to technology experts, and even the NSA's own stated research accomplishments, that technology has not been perfected.
The Bleeding Edge
The NSA began soon after the 9/11 terrorist attacks to collect transactional data from telecommunications companies. Several telecom executives said in press accounts that their companies gave the NSA access to their switches, the terminals that handle most of the country's electronic traffic. One executive told National Journal that NSA officials urged him to hand over his company's call logs. When he resisted, the officials implied that most of his competitors had acceded to the agency's request.
Not long after the surveillance program started, in October 2001, the NSA began looking for new tools to mine the telecom data. The agency, the industry expert said, considered some that the Defense Department's Total Information Awareness program was developing. TIA was an ambitious and controversial experiment to find patterns of terrorist activity in a much broader range of transactions than just telephone data. But NSA officials rejected the TIA tools because they were "too brittle," the expert said, meaning that they failed to manage the torrent of data that the NSA wanted to analyze. He noted the irony of rejecting the TIA technologies -- which privacy advocates had characterized as huge, all-seeing, digital dragnets -- because they couldn't handle the size of the NSA's load.
In the fall of 2002, a federal research-and-development agency that builds technologies primarily for the NSA launched another search for pattern-detection solutions. The Advanced Research and Development Activity, ARDA, issued $64 million in contracts for the Novel Intelligence for Massive Data, or NIMD, program. Its goal was "to help analysts deal with information overload, detect early indicators of strategic surprise, and avoid analytic errors," according to ARDA's public call for proposals released last year. In essence, NIMD is an early-warning system, which is how the administration has described the terrorist surveillance program. In 2003, ARDA also took over research of the tools being developed under TIA.
While the NSA was searching for the next generation of data-sifters, it continued to rely on less sophisticated tools. For an example, the former government official who spoke to NJ cited applications that organize data into broad categories, allowing analysts to see some relationships but obscuring some of the nuance in the underlying information. The results of this kind of category analysis can be displayed on a graph. But the graph might reveal only how many times a particular word appears in a conversation, not necessarily the significance of the word or how it relates to other words. Technologists sarcastically call these diagrams BAGs -- big-ass graphs.
Such was the state of affairs when the NSA started looking for terrorist patterns in a telephonic ocean. So, instead of looking for a tool that could cull through the data, the agency decided to "reverse" the process, starting with the data set and working backward, looking for algorithms that could work with it.
The NSA has made some breakthroughs, the industry expert said, but its solution relies in part on a technological "trick," which he wouldn't disclose. Another data-mining expert, who also asked not to be identified because the NSA's work is classified, said that computer engineers probably started with the telecom companies' call data, looked for patterns, and then wrote algorithms to detect them as they went along, tweaking the algorithms as needed.
Such an ad hoc approach is brittle in its own right. For starters, if analysts are working with algorithms designed to detect only certain patterns, they could be missing others, the technology expert said. At the same time, the more dependent the algorithms are on identifying very specific patterns of behavior, the more vulnerable the NSA's monitoring is to being foiled if terrorists discover what the agency is watching for, or if they change their behavior. A more complex algorithm that considers thousands, or even millions, of patterns is harder to defeat.
The industry expert added that NSA officials have worried that "if you knew what the technical trick was they were doing [to make the surveillance program function], you wouldn't have to know what specific algorithms" the agency was using. This reliance on a "trick" makes the program very vulnerable to defeat and helps explain why the Bush administration is so keen on cloaking its inner workings."
It's pretty bleeding-edge," the expert said, referring to a technology that's unperfected and therefore prone to instability. "We're talking about dumping hundreds of thousands or millions of records" into a system. In an unsophisticated system, connections among people can emerge that look suspicious but are actually meaningless. A book agent who represents a journalist who once interviewed Osama bin Laden, for example, doesn't herself necessarily know bin Laden. But she might turn up in an NSA search of transactional data. "False positives will happen," the expert said.
Gonzales and former NSA Director Michael V. Hayden have said that career agency employees decide to eavesdrop only if they have a "reasonable" basis to believe one party to a communication is a terrorist or connected to a terrorist organization. But what determines reasonableness? In a January speech at the National Press Club, Hayden drew a distinction between the Fourth Amendment's requirement that "no warrants shall issue, but upon probable cause," and its protection against "unreasonable searches and seizures."
When a journalist in the crowd questioned his logic, Hayden heatedly replied, "If there's any amendment to the Constitution that employees of the National Security Agency are familiar with, it's the Fourth. And it is a reasonableness standard in the Fourth Amendment.... I am convinced that we are lawful, because what it is we're doing [intercepting content] is reasonable." He said that the terrorist attacks fundamentally altered the NSA's thinking. "The standard of what [information] was relevant and valuable, and therefore, what was reasonable, would understandably change, I think, as smoke billowed from two American cities and a Pennsylvania farm field. And we acted accordingly."
Aside from the question of whether NSA employees, rather than federal judges, are qualified to determine what constitutes a reasonable search, that determination provides much of the basis for deciding whose communications will be intercepted without a warrant. If the technology the NSA is using to determine what constitutes a reasonable search is unsophisticated, the industry expert said, "you're talking about tapping a phone based on a statistical correlation."
A New Legal Battle?
Gonzales's narrowly tailored letter to Sen. Specter raised more questions than it answered. Democrats were outraged by what they saw as the attorney general's attempt to alter his testimony and to obstruct senators' attempts to fully assess the program's legal basis. "Much of your letter is devoted to not providing answers to the questions of a number of us regarding legal justifications for activities beyond those narrowly conceded by you to have already been confirmed by the president," Sen. Patrick Leahy of Vermont, the Judiciary Committee's ranking Democrat, wrote to the attorney general in a follow-up letter.
Leahy also raised the question of what else Gonzales hadn't told lawmakers. The attorney general's letter contained "disturbing suggestions ... that there are other secret programs," Leahy wrote. In Gonzales's letter to Specter, the attorney general had referred to "other intelligence activities" and to his inability to discuss them; he left open the possibility that the president may not have authorized these activities. Gonzales wrote, "When I testified in response to questions from Sen. Leahy, 'Sir, I have tried to outline ... what the president has authorized, and that is all that he has authorized,' I was confining my remarks to the Terrorist Surveillance Program as described by the president."
Gonzales's testimony was meant to defend the program's legality. But as more about the NSA's operations become known, new legal questions arise, including one that goes to the heart of how officials reasonably identify suspected terrorists.
Under normal criminal law, content is defined as "any information concerning the substance, purport, or meaning of [a] communication," but the definition of content under the law that governs electronic eavesdropping on U.S. persons for intelligence purposes is different and is potentially in conflict with normal jurisprudence. That law, the Foreign Intelligence Surveillance Act, states that content "includes any information concerning the identity of the parties ... or the existence, substance, purport, or meaning of [their] communication."
A phone number can be used to identify a person, said Dempsey of the Center for Democracy and Technology, who for nine years was assistant counsel to the House Judiciary Subcommittee on Civil and Constitutional Rights. Does that mean that a phone number is "content" under the law? FISA, enacted in 1978, didn't envision today's technology, when anyone with an Internet connection can use a phone number to find someone's name, address, and even an aerial photograph of his house, Dempsey said.
"I just cannot read [FISA] and figure out what it means in the context of analysis of [transactional] data," he added. "Presumably somebody in the administration thinks they understand it.... Whether that's providing any clear guidance" to the people working on the NSA program, "that's not clear."
Friday, March 17, 2006
The National Security Agency's warantless surveillance program is broader than officials have described.
The Bush administration has assiduously avoided any talk about the actual workings of its program to intercept the phone calls and e-mails of people in the United States who are suspected of having links to terrorists abroad. Officials' unwavering script goes like this: Present the legal justifications for the president to authorize domestic electronic surveillance without warrants, but say nothing about how the National Security Agency actually does it -- or about what else the agency might be doing.
But when Attorney General Alberto Gonzales appeared before the Senate Judiciary Committee on February 6 to answer questions about the program, what he didn't say pulled back the curtain on how the NSA decides which calls and e-mails to monitor. The agency bases those decisions on a broad and less focused surveillance than officials have publicly described, a surveillance that may, or may not, be legal.
In a hearing that lasted more than eight hours, Gonzales, who didn't testify under oath, dutifully batted away senators' inquiries about "operational details" and stayed silent, under determined questioning by some Democrats, about other warrantless programs that the president might have secretly authorized. When the hearing finally ended, so did Gonzales's comments on the program.
Until 22 days later. On February 28, Gonzales sent committee Chairman Arlen Specter, R-Pa., a six-page letter, partly to respond to questions he was unprepared to answer at the hearing, but also "to clarify certain of my responses" in the earlier testimony. In the letter, Gonzales took pains to correct any "misimpressions" that he might have created about whether the Justice Department had assessed the legality of intercepting purely domestic communications, for example, as opposed to those covered by the NSA program, in which one party is outside the United States. The attorney general didn't say that Justice had contemplated the legality of purely domestic eavesdropping without a warrant, but he also didn't say it hadn't.
Gonzales's letter was intriguing for what else it didn't say, especially on one point: With exacting language, he narrowed the scope of his comments to address only "questions relating to the specific NSA activities that have been publicly confirmed by the president." Then, as if to avoid any confusion, Gonzales added, "Those activities involve the interception by the NSA of the contents of communications" involving suspected terrorists and people in the United States.
Slightly, and with a single word, Gonzales was tipping his hand. The content of electronic communications is usually considered to be the spoken words of a phone call or the written words in an electronic message. The term does not include the wealth of so-called transactional data that accompany every communication: a phone number, and what calls were placed to and from that number; the time a call was placed; whether the call was answered and how long it lasted, down to the second; the time and date that an e-mail message was sent, as well as its unique address and routing path, which reveals the location of the computer that sent it and, presumably, the author.
Considering that terrorists often talk and write in code, the transactional data of a communication, properly exploited, could yield more valuable intelligence than the content itself. "You will get a very full picture of a person's associations and their patterns of activity," said Jim Dempsey, the policy director of the Center for Democracy and Technology, an electronic-privacy advocacy group. "You'll know who they're talking to, when they're talking, how long, how frequently.... It's a lot [of information]. I mean, a lot."
According to sources who are familiar with the details of what the White House calls the "terrorist surveillance program," and who asked to remain anonymous because the program is still classified, analyzing transactional data is one of the first and most important steps the agency takes in deciding which phone calls to listen to and which electronic messages to read. Far from the limited or targeted surveillance that Gonzales, President Bush, and intelligence officials have described, this traffic analysis examines thousands, perhaps hundreds of thousands, of individuals, because nearly every phone number and nearly every e-mail address is connected to a person.
Patterns in the Sea
Analysis of telephone traffic patterns helps analysts and investigators spot relationships among people that aren't always obvious. For instance, imagine that a man in Portland, Ore., receives a call from someone at a pay phone in Brooklyn, N.Y., every Tuesday at 9 a.m. Also every Tuesday, but minutes earlier, the pay phone caller rings up a man in Miami. An investigator might look at that pattern and suspect that the men in Portland and Miami are communicating through the Brooklyn caller, who's acting as a kind of courier, to mask their relationship. Patterns like this have led criminal investigators into the inner workings of drug cartels and have proved vital in breaking these cartels up.
Terrorists employ similar masking techniques. They use go-betweens to circuitously route calls, and they change cellphones often to avoid detection. Transactional data, however, capture those behaviors. If NSA analysts -- or their computers -- can find these patterns or signatures, then they might find the terrorists, or at least know which ones they should monitor.
Just after 9/11, according to knowledgeable sources, the NSA began intercepting the communications of specific foreign persons and groups named on a list. The sources didn't specify whether persons inside the United States were monitored as part of that list. But a former government official who is knowledgeable about NSA activities and the warrantless surveillance program said that this original list of people and groups, or others like it, could have formed the base of the NSA's surveillance of transactional data, the parts of a communication that aren't considered content.
If the agency started with a list of phone numbers, it could find all the numbers dialed from those phones. The NSA could then learn what numbers were called from that second list of numbers, and what calls that list received, and so on, "pushing out" the lists until the agency had identified a vast network of callers and their transactional data, the former official said. The agency might eavesdrop on only a few conversations or e-mails. But starting with even an initial target list of, say, 10 phone numbers quickly yields a web of hundreds of thousands of communications, because the volume increases exponentially with every new layer of callers.
To find meaningful patterns in transactional data, analysts need a lot of it. They must set baselines about what constitutes "normal" behavior versus "suspicious" activity. Administration officials have said that the NSA doesn't intercept the contents of a communication unless officials have a "reasonable" basis to conclude that at least one party is linked to a terrorist organization. To make any reasonable determination like that, the agency needs hundreds of thousands, or even millions, of call records, preferably as soon as they are created, said a senior person in the defense industry who is familiar with the NSA program and is an expert in the analytical tools used to find patterns and connections. Asked if this means that the NSA program is much broader and less targeted than administration officials have described, the expert replied, "I think that's correct."
In theory, finding reasonable connections in data is a straightforward and largely automated process. Analysts use computer programs based on algorithms -- mathematical procedures for solving a particular problem -- much the same way that meteorologists use data models to forecast the weather. Counter-terrorism algorithms look for the transactional indicators that match what analysts recognize as signs of a plot.
Of course, those algorithms must be sophisticated enough to spot many not-so-obvious patterns in a mass of data that are mostly uninteresting, and they work best when the data come from many sources. Algorithms have proven useful for detecting frequent criminal activity, such as credit card fraud. "Historical data clearly indicate that if a credit card turns up in two cities on two continents on the same day, that's a useful pattern," says Jeff Jonas, a computer scientist who invented a technology to connect known scam artists who are on casinos' watch lists with new potential grifters, and is now the chief scientist of IBM Entity Analytics. "The challenge of predicting terrorism is that unlike fraud, we don't have the same volume of historical data to learn from," Jonas said. "Compounding this is the fact that terrorists are constantly changing their methods and do their best to avoid leaving any digital footprints in the first place."
The obvious solution would be to write an algorithm that is flexible and fast enough to weigh millions of pieces of evidence, including exculpatory ones, against each other. But according to technology experts, and even the NSA's own stated research accomplishments, that technology has not been perfected.
The Bleeding Edge
The NSA began soon after the 9/11 terrorist attacks to collect transactional data from telecommunications companies. Several telecom executives said in press accounts that their companies gave the NSA access to their switches, the terminals that handle most of the country's electronic traffic. One executive told National Journal that NSA officials urged him to hand over his company's call logs. When he resisted, the officials implied that most of his competitors had acceded to the agency's request.
Not long after the surveillance program started, in October 2001, the NSA began looking for new tools to mine the telecom data. The agency, the industry expert said, considered some that the Defense Department's Total Information Awareness program was developing. TIA was an ambitious and controversial experiment to find patterns of terrorist activity in a much broader range of transactions than just telephone data. But NSA officials rejected the TIA tools because they were "too brittle," the expert said, meaning that they failed to manage the torrent of data that the NSA wanted to analyze. He noted the irony of rejecting the TIA technologies -- which privacy advocates had characterized as huge, all-seeing, digital dragnets -- because they couldn't handle the size of the NSA's load.
In the fall of 2002, a federal research-and-development agency that builds technologies primarily for the NSA launched another search for pattern-detection solutions. The Advanced Research and Development Activity, ARDA, issued $64 million in contracts for the Novel Intelligence for Massive Data, or NIMD, program. Its goal was "to help analysts deal with information overload, detect early indicators of strategic surprise, and avoid analytic errors," according to ARDA's public call for proposals released last year. In essence, NIMD is an early-warning system, which is how the administration has described the terrorist surveillance program. In 2003, ARDA also took over research of the tools being developed under TIA.
While the NSA was searching for the next generation of data-sifters, it continued to rely on less sophisticated tools. For an example, the former government official who spoke to NJ cited applications that organize data into broad categories, allowing analysts to see some relationships but obscuring some of the nuance in the underlying information. The results of this kind of category analysis can be displayed on a graph. But the graph might reveal only how many times a particular word appears in a conversation, not necessarily the significance of the word or how it relates to other words. Technologists sarcastically call these diagrams BAGs -- big-ass graphs.
Such was the state of affairs when the NSA started looking for terrorist patterns in a telephonic ocean. So, instead of looking for a tool that could cull through the data, the agency decided to "reverse" the process, starting with the data set and working backward, looking for algorithms that could work with it.
The NSA has made some breakthroughs, the industry expert said, but its solution relies in part on a technological "trick," which he wouldn't disclose. Another data-mining expert, who also asked not to be identified because the NSA's work is classified, said that computer engineers probably started with the telecom companies' call data, looked for patterns, and then wrote algorithms to detect them as they went along, tweaking the algorithms as needed.
Such an ad hoc approach is brittle in its own right. For starters, if analysts are working with algorithms designed to detect only certain patterns, they could be missing others, the technology expert said. At the same time, the more dependent the algorithms are on identifying very specific patterns of behavior, the more vulnerable the NSA's monitoring is to being foiled if terrorists discover what the agency is watching for, or if they change their behavior. A more complex algorithm that considers thousands, or even millions, of patterns is harder to defeat.
The industry expert added that NSA officials have worried that "if you knew what the technical trick was they were doing [to make the surveillance program function], you wouldn't have to know what specific algorithms" the agency was using. This reliance on a "trick" makes the program very vulnerable to defeat and helps explain why the Bush administration is so keen on cloaking its inner workings."
It's pretty bleeding-edge," the expert said, referring to a technology that's unperfected and therefore prone to instability. "We're talking about dumping hundreds of thousands or millions of records" into a system. In an unsophisticated system, connections among people can emerge that look suspicious but are actually meaningless. A book agent who represents a journalist who once interviewed Osama bin Laden, for example, doesn't herself necessarily know bin Laden. But she might turn up in an NSA search of transactional data. "False positives will happen," the expert said.
Gonzales and former NSA Director Michael V. Hayden have said that career agency employees decide to eavesdrop only if they have a "reasonable" basis to believe one party to a communication is a terrorist or connected to a terrorist organization. But what determines reasonableness? In a January speech at the National Press Club, Hayden drew a distinction between the Fourth Amendment's requirement that "no warrants shall issue, but upon probable cause," and its protection against "unreasonable searches and seizures."
When a journalist in the crowd questioned his logic, Hayden heatedly replied, "If there's any amendment to the Constitution that employees of the National Security Agency are familiar with, it's the Fourth. And it is a reasonableness standard in the Fourth Amendment.... I am convinced that we are lawful, because what it is we're doing [intercepting content] is reasonable." He said that the terrorist attacks fundamentally altered the NSA's thinking. "The standard of what [information] was relevant and valuable, and therefore, what was reasonable, would understandably change, I think, as smoke billowed from two American cities and a Pennsylvania farm field. And we acted accordingly."
Aside from the question of whether NSA employees, rather than federal judges, are qualified to determine what constitutes a reasonable search, that determination provides much of the basis for deciding whose communications will be intercepted without a warrant. If the technology the NSA is using to determine what constitutes a reasonable search is unsophisticated, the industry expert said, "you're talking about tapping a phone based on a statistical correlation."
A New Legal Battle?
Gonzales's narrowly tailored letter to Sen. Specter raised more questions than it answered. Democrats were outraged by what they saw as the attorney general's attempt to alter his testimony and to obstruct senators' attempts to fully assess the program's legal basis. "Much of your letter is devoted to not providing answers to the questions of a number of us regarding legal justifications for activities beyond those narrowly conceded by you to have already been confirmed by the president," Sen. Patrick Leahy of Vermont, the Judiciary Committee's ranking Democrat, wrote to the attorney general in a follow-up letter.
Leahy also raised the question of what else Gonzales hadn't told lawmakers. The attorney general's letter contained "disturbing suggestions ... that there are other secret programs," Leahy wrote. In Gonzales's letter to Specter, the attorney general had referred to "other intelligence activities" and to his inability to discuss them; he left open the possibility that the president may not have authorized these activities. Gonzales wrote, "When I testified in response to questions from Sen. Leahy, 'Sir, I have tried to outline ... what the president has authorized, and that is all that he has authorized,' I was confining my remarks to the Terrorist Surveillance Program as described by the president."
Gonzales's testimony was meant to defend the program's legality. But as more about the NSA's operations become known, new legal questions arise, including one that goes to the heart of how officials reasonably identify suspected terrorists.
Under normal criminal law, content is defined as "any information concerning the substance, purport, or meaning of [a] communication," but the definition of content under the law that governs electronic eavesdropping on U.S. persons for intelligence purposes is different and is potentially in conflict with normal jurisprudence. That law, the Foreign Intelligence Surveillance Act, states that content "includes any information concerning the identity of the parties ... or the existence, substance, purport, or meaning of [their] communication."
A phone number can be used to identify a person, said Dempsey of the Center for Democracy and Technology, who for nine years was assistant counsel to the House Judiciary Subcommittee on Civil and Constitutional Rights. Does that mean that a phone number is "content" under the law? FISA, enacted in 1978, didn't envision today's technology, when anyone with an Internet connection can use a phone number to find someone's name, address, and even an aerial photograph of his house, Dempsey said.
"I just cannot read [FISA] and figure out what it means in the context of analysis of [transactional] data," he added. "Presumably somebody in the administration thinks they understand it.... Whether that's providing any clear guidance" to the people working on the NSA program, "that's not clear."
Labels: Intelligence, Law, National Security Agency, Technology, Terrorism
Full Article
Intelligence Designs
Friday, December 02, 2005
In the spring of 2000, a year and a half before the 9/11 attacks, Erik Kleinsmith made a decision that history may judge as a colossal mistake.
Then a 35-year-old Army major assigned to a little-known intelligence organization at Fort Belvoir in Virginia, Kleinsmith had compiled an enormous cache of information -- most of it electronically stored -- about the Al Qaeda terrorist network. It described the group's presence in countries around the world, including the United States.
It was of great interest to military planners eager to strike the terrorists' weak spots. And it may have contained the names of some of the 9/11 hijackers, including the ringleader, Mohamed Atta.
The intelligence data totaled 2.5 terabytes, equal to about 12 percent of all printed pages held by the Library of Congress. Neither the FBI nor the CIA had ever seen the information. And that spring, Kleinsmith destroyed every bit of it.
Why did he do that? And how did a midlevel officer in a minor intelligence outfit obtain that information in the first place? Those questions lie behind the latest phase of a simmering controversy in Washington: whether something could have been done to prevent the terror attacks of September 11.
Kleinsmith worked for an Army project code-named "Able Danger." This past summer, a number of former project members -- none of whom had worked for Kleinsmith -- came forward to say that Able Danger had identified Atta and linked him to a convicted terrorist who is still serving time in federal prison for his role in the 1993 bombing of the World Trade Center.
The Able Danger members recalled charts showing names and pictures of suspects, and their links to each other. Rep. Curt Weldon, an outspoken Pennsylvania Republican and longtime supporter of intelligence reform, has demanded to know why the charts were never shared with an agency positioned to halt the attacks.
He also points out that the 9/11 commission failed to include any mention of Able Danger in its final report, which is regarded as an authoritative history of the attacks. The Pentagon searched more than 80,000 documents and found no chart with the name "Mohamed Atta." Weldon has accused the government of a cover-up and called for a criminal investigation.
But Able Danger, for all its intrigue, is just one piece of the unusual intelligence practices that Kleinsmith was engaged in, years before 9/11. In the late 1990s, Kleinsmith was the chief of intelligence for the Army's Land Information Warfare Activity, a support unit assigned to the Intelligence and Security Command. LIWA had broad authority to assist the Army and all military commands in conducting "information operations," a broad discipline that includes information warfare, public deception in combat, and intelligence analysis.
The Army's hub in this effort was the aptly named Information Dominance Center, based at Fort Belvoir. Since the late 1990s, the IDC has been home to some of the most innovative, unconventional, and controversial minds in the intelligence business. In its futuristic-style building -- its interior spaces designed by a Hollywood set artist to mimic the bridge of the starship Enterprise, complete with a large captain's chair in the center of the main room -- the IDC covered a range of topics.
Analysts tracked computer hackers who were targeting military networks, watched for potential avenues of Chinese government espionage, and charted the working relationships among foreign terrorists. To do this, the IDC relied heavily on a novel technique called "data mining."
On a recent afternoon at a coffee shop in Springfield, Va., not far from the IDC, Kleinsmith explained how data mining works. Putting pen to paper, Kleinsmith sketched clumps of circles, then surrounded some with concentric, wavy perimeters, until he'd drawn a crude version of a topographical map.
In data mining, he explained, a powerful search engine is used to "harvest" tens of thousands of Web pages that contain key words of interest -- "Al Qaeda" and "bin Laden," for instance. Another tool, called a data visualization program, then creates a three-dimensional map showing which words appear most often and how they relate.
The features and contours of the map tell an analyst about the underlying information's significance, Kleinsmith said. High peaks represent words that appear frequently. Peaks close together signal words that share some context. The analysts can click on a peak and pull up the information that helped create it. With data mining, analysts don't just read information, they "see" it. Kleinsmith called this kind of data mining "intelligence on steroids," and it was the IDC's hallmark.
Data mining works best with large sets of information, so it's particularly useful for Internet searches. At the IDC, Kleinsmith and three colleagues mapped Al Qaeda for Able Danger by mining open sources and fusing their results with classified government intelligence. But in addition to the mass of information they returned on suspected terrorists, they collected thousands of names of U.S. citizens.
People's names and personal information litter the Internet. Data harvesting, by its very nature, is indiscriminate and sweeping. Unavoidably, along with "Osama Bin Laden," an often-mentioned name like "Bill Clinton" will be harvested. That says a lot about the power, and the limits, of data mining, and why Kleinsmith destroyed what he had; the military is not supposed to be gathering information on U.S. citizens.
A First Test
From its earliest days, the IDC was a haven for renegades who wanted to use technology to step outside traditional intelligence-gathering, which relies heavily on classified sources and labor-intensive analysis. The center had high-level champions, including Lt. Gen. Keith Alexander, who from 2000 to 2003 directed the Intelligence and Security Command, the IDC's parent. Alexander now heads the National Security Agency, which operates the most-sophisticated electronic eavesdropping devices in the world.
Alexander also worked closely with James Heath, who headed the IDC in the late 1990s and whom former employees recall as a mix of driven genius and mad scientist. According to one such former employee of the center, Heath saw the IDC as "an experimentation table" on which to try out all kinds of new tools, depending on what the Army wanted at the time. Analysts and technicians worked together, "speaking the same language" and building useful data-mining tools. This dynamic didn't exist in other intelligence agencies, the former employee noted.
The IDC earned a reputation for innovation, but it also stepped over the bounds of traditional military intelligence. One of its first outside fans was Curt Weldon. Rep. Weldon had been advocating a "national collaborative center" to fuse law enforcement and intelligence units, and their information, from across the government.
In 1997, as the U.S. intervened in the Balkan War, senior Russian officials wanted Weldon (who had had good and long-standing contacts with the Russians) to meet in Belgrade with Yugoslavia's then-president, Slobodan Milosevic, to negotiate a peace settlement.
As Weldon stated on the House floor in 2002, the Russians offered to arrange a meeting between Weldon and Dragomir Karic, a rich Serb closely tied to Milosevic. Perhaps, the Russians said, Karic could act as a go-between with the Serbian president. But according to Weldon, State Department officials said they'd never heard of Karic, and thought the meeting was a ploy to manipulate the congressman.
Weldon met with Karic on neutral territory, in Vienna. But before leaving the States, he asked then-CIA Director George Tenet for background on the Serb. Tenet "called me back the next day and gave me two or three sentences ... and said they thought he was tied in with the corruption in Russia, but did not know much else about him," Weldon said.
Unsatisfied, Weldon contacted his "friends at the Information Dominance Center," which he considered a model for his own intelligence collaboration venture. The IDC "came back to me with eight pages about this man," who the analysts said "was very close to Milosevic personally." Former IDC employees confirmed that they provided Weldon with detailed information on Karic.
The talks with Karic bore no fruit. But when Weldon returned to Washington, he said, the FBI and CIA asked to debrief him on what he knew about Karic. Weldon delivered a thorough dossier.
"I told them that there were four Karic brothers; that they were the owners of the largest banking system in the former Yugoslavia; that they employed some 60,000 people; that their bank had tried to finance the sale of an SA-10 [missile system] from Russia to Milosevic; that their bank had been involved in a $4 billion German bond scam; that one of the brothers had financed Milosevic's election; that the house Milosevic lived in was really their house; that, in fact, the Karic brothers' wives were best of friends with Milosevic's wife; and that they were the closest people to this leader."
Surprised to hear such details on a man they barely knew of, the agents presumed Weldon got the information from the Russians. When he told them that the facts came from the Army's Information Dominance Center, Weldon recalls, the agents replied, "What ... is the Information Dominance Center?"
The event convinced Weldon that the CIA and the FBI didn't "get it," and that the IDC was the wave of the future. He became its biggest proponent in Congress, and sang its praises to the highest levels of the Defense Department.
After Weldon submitted the Karic dossier, word of the IDC's work spread outside the Army realm, Kleinsmith said. He had put just two analysts on the Weldon project, and they had taken only a day to generate the Karic profile. It "shocked me that we were outdoing these other organizations," namely the CIA, Kleinsmith said.
The China Problem
Intrigued with the Karic work, senior Pentagon officials decided to see if the tiny band of analysts could prove their mettle on a bigger problem. Officials were concerned about the possible leakage of U.S. military technology abroad, through unauthorized exports or through espionage. In the spring of 1999, the Pentagon "initiated a onetime project, to use data-correlation tools to decide if we could use those methods as a superior approach for counterintelligence," said John Hamre, the deputy Defense secretary at the time. "It was an experiment."
The people involved said the experiment looked specifically at technology transfers to China, whose military posed the gravest post-Cold War threat to the United States. Kleinsmith says the particular technology the IDC researched was arbitrary. "I think we flipped a coin" to decide. The point was to show the Pentagon that data mining could identify front companies, potential leaks of technology, and other vulnerabilities. "What we found was absolutely enormous," Kleinsmith said.
Former IDC employees and others familiar with the work say the China research exposed a variety of avenues through which military technology designs could end up in Chinese government hands. The IDC created a diagram showing how organizations and people in the United States were connected to the Chinese. Hamre had visited the center, and according to Weldon, reported back, "It is amazing what they are doing there."
The experiment "went well," the former IDC employee said. "Unfortunately, it went too well." During construction of those link diagrams, the names of a number of U.S. citizens popped up, including some very prominent figures. Condoleezza Rice, then the provost at Stanford University, appeared in one of the harvests, the by-product of a presumably innocuous connection between other subjects and the university, which hosts notable Chinese scholars.
William Cohen, then the secretary of Defense, also appeared. As one former senior Defense official explained, the IDC's results "raised eyebrows," and leaders in the Pentagon grew nervous about the political implications of turning up such high-profile names, or those of any American citizens who were not the subject of a legally authorized intelligence investigation. Rumors still abound about other notable figures caught up in the IDC's harvest. "I heard they turned up Hillary Clinton," the official said. The experiment was not continued.
"We determined that there were significant methodological problems," Hamre said of the IDC's techniques. Data-correlation analyses on raw information "produce impossibly large numbers of potential correlations. The numbers are too large to be operationally helpful."
But it appears not everyone in the military establishment agreed. Over the next several months, Kleinsmith estimated he gave more than 200 briefings on the IDC to members of Congress, generals, and senior government officials. "I could tell in three to four minutes if someone 'got it,' " Kleinsmith said. Hamre got it, he noted. And so, it seems, did officials with the Army's Special Operations Command, who, despite the unease over the China experiment, came to the IDC asking for information about a then-shadowy organization called Al Qaeda.
Able Danger
In the fall of 1999, top officials in the Special Operations Command were looking for a way to take the nascent fight on terrorism to its source. Al Qaeda had recently destroyed the U.S. embassies in Kenya and Tanzania. Special Operations' top officers, including the commander, Gen. Peter Schoomaker, "wanted the mission of 'putting boots on the ground' to get at [Osama] bin Laden and Al Qaeda," according to the 9/11 commission report.
But the military leadership believed that without concrete intelligence about Al Qaeda, a strike on the group was doomed to fail. President Clinton told the 9/11 commission, "If we had really good intelligence about ... where [bin Laden] was, I would have done it." Plans were already under way to attack Al Qaeda using AC-130 gunships. What was lacking was actionable intelligence to tell the military whom to hit and where.
Kleinsmith said that a pair of Special Operations officials visited him at the IDC in December 1999. At the instruction of the Joint Chiefs of Staff, the officials wanted as much intelligence on Al Qaeda and other transnational terrorists that could be mustered. They called the project Able Danger. (The word "able" has been commonly used for military exercises for more than two decades.)
The officials asked Kleinsmith about the technologies the IDC was using. "They didn't talk specifics," Kleinsmith said, but it was clear that "we had something they could really use." Later, he offered to "run some data" and produce a preliminary analysis. Within 90 minutes, Kleinsmith said, his analysts found evidence that Al Qaeda had a "worldwide footprint," including "a surprising presence in the U.S. That's when we started losing sleep."
In January 2000, Special Operations gave Kleinsmith and his team the green light to find as much information as they could. "They told us, 'Start with the words "Al Qaeda," and go,' " he said. A month later, the IDC conducted the first Able Danger harvest. The initial results, while impressive, were hardly what Special Operations forces needed to put boots on the ground.
The harvest "was a mile wide and an inch deep," Kleinsmith said. It included more than two terabytes of information, too vast an amount to provide specific targets. The IDC analysts could see the broad outlines of Al Qaeda, particularly its transformation from an idealistic movement into an operational network that could possibly inflict damage. Names, locations, and capabilities, and even the group's financial sources, were "coming together," Kleinsmith said. But the data set was still too big.
That didn't stop the analysts from trying to pare the information down. The former IDC employee said analysts played what they called "the Kevin Bacon game," referring to the popular notion that the prolific film actor can be linked to any other actor through no more than five people. (The game is based on the "six degrees of separation" theory that anyone on Earth can be linked to anyone else through five intermediaries.)
"Let's say you had a bad guy at each end of a string," the employee said. The analysts looked for the people between them, and then those people's ties to each other and to still others, asking whether any of the links came back to the initial bad guys. The analysts played this game routinely to firm up the connections in the large data sets. Eventually, they were able to isolate some 20 people about whom Special Operations wanted further, deeper analysis, Kleinsmith said.
The team developed charts to serve as "simplified explanations" of what they found. But those charts, now famously alluded to by Weldon and others as having named Mohamed Atta, sometimes measured 20 feet in length and were covered with small type, the former IDC employee said. The charts were so big, in fact, that analysts had to hang them on walls just to read them. The former employee doesn't remember seeing Atta's picture.
The IDC might have followed Atta's trail if it had been told to do so, the former employee said. But just pulling names at random from the chart was pointless. And a simple connection between two people on a chart was not evidence of any criminality or pending attack. "Do you have any idea how many people on the planet would go to jail just because they knew somebody bad?" the former employee asked.
The IDC produced an impressive array of intelligence, but it also came dangerously close to an important legal line. The basic harvesting methodology guaranteed that the names of U.S. citizens would appear. "You'll pull in 16,000 people in a harvest," Kleinsmith said. It's "100 percent likely" that an American will be there. And sometimes the names themselves seemed meaningless.
If an analyst found "Clinton," Kleinsmith noted, that could mean George Clinton, the funk musician, or the town of Clinton, Md. Was the collection accidental or intentional? Regulations that restrict domestic surveillance of U.S. citizens don't necessarily apply to names that are swept up inadvertently in a data harvest. The IDC team pulled in hundreds of names every hour, Kleinsmith said. When asked which prominent Americans were included, he replied, "Everybody was coming up."
Data Destruction
As quickly as the IDC garnered powerful fans, it also earned some enemies. The center was not a chartered member of the formal intelligence community -- the 14 agencies that in 1999 officially constituted the country's spy apparatus. For a support organization, buried several layers deep in the Army, to tread on territory normally reserved for big-name agencies like the CIA and the Defense Intelligence Agency, and to present intelligence gleaned from the Internet, of all places, was simply anathema to people steeped in decades of intelligence rules and culture. The IDC analysts were mavericks.
In particular, the Defense Intelligence Agency questioned the analysts' results on a number of projects, not just Able Danger, the former IDC employee said. "We'd show them our stuff, and they'd say, 'Show us the math.' " But the answers didn't always add up so neatly. The combination of data mining and hunches sometimes produced results that the bigger intelligence agencies viewed as murky, even if military commanders found them compelling.
At a Pentagon briefing on Able Danger in September of this year, Thomas Gandy, the Army's director of counterintelligence and human intelligence, cautioned reporters about inferring too much information from the "links" the IDC established, particularly because its data-mining tools were far less sophisticated than the ones used today. "Just that there are links established doesn't really mean anything," Gandy said. "In the primacy of this technology, you get some very goofy links that require research."
Kleinsmith and the former employee, as well as others who worked tangentially to the IDC over the years, insisted that the IDC analysts were senior and seasoned, and that they recognized the fact that simple links required further investigation. Yet the analysts' enthusiasm for a less tidy sort of inquiry, which often raised more questions than answers, divided intelligence professionals. Some former government officials, who declined to be named, derided the IDC analysts as "zealots" and said their work never produced the eureka-like results that some, particularly former Able Danger members, now claim.
One senior IDC analyst, Eileen Preisser, who worked with Kleinsmith on Able Danger and other projects, was characterized by a former Defense official as "an uncontrolled flake." Kleinsmith, who called Preisser an "analytical genius," admitted that she "has constant trouble in working with others in the community." Preisser has worked in several intelligence jobs, inside and outside the government, and those who know her see her as the prototypical IDC believer.
She "is especially critical of those folks who she feels did not, or do not, 'get' the technology," Kleinsmith said. "Instead of working within the system, maneuvering around the tough spots, negotiating and dealing, she tends to burn her way through an issue to get where she needs to go." Preisser now works for the National Geospatial Intelligence Agency. A spokeswoman there said Preisser declined all requests for interviews.
In early 2000, in the midst of Able Danger, a lawyer with the Army's general counsel visited Kleinsmith. As Kleinsmith testified before the Senate Judiciary Committee in September, the lawyer reminded him that under Army regulations, any data the IDC collected on U.S. persons -- even inadvertently -- had to be destroyed within 90 days. If analysts could establish a legitimate reason to investigate a person further, they could keep the corresponding data.
But with potentially tens of thousands of names, checking each one would have been impossible, Kleinsmith said. In the Pentagon briefing, Gandy concurred: "I don't think they had the capability to scrub it in the fashion that the oversight rules could live with."
By the spring of 2000, Kleinsmith said, the IDC had the list of 20 individuals whom Special Operations wanted investigated further under Able Danger. But in March, Kleinsmith was ordered to cease all work on the project. He believes the order came from outside the IDC's command. From May to June, Kleinsmith and his team destroyed the information, and possibly the linkages between Mohamed Atta, Al Qaeda, and convicted terrorists already sitting in U.S. prisons.
"It was terrible," Kleinsmith said.
'So It Begins'
After the data purge, the heartbeat of the IDC slowed. In late September 2000, the center was authorized to begin new work on Able Danger, Kleinsmith said. A data harvest would take no time to replicate, but the analysis on people and locations was much harder to reproduce.
But Able Danger never ramped up a second time. On October 12, while the USS Cole was docked in Yemen's port city of Aden, Al Qaeda suicide bombers rammed the destroyer with a small explosive-laden boat, killing 17 U.S. sailors and wounding 39. From then on, U.S. Central Command, responsible for the Middle East, became the IDC's primary customer, Kleinsmith said. Special Operations Command, unhappy because the IDC's attention had shifted, moved Able Danger to a private intelligence research center run by Raytheon in Garland, Texas, Kleinsmith said.
A Raytheon spokesman did not respond to a request for comment. But Eileen Preisser, the IDC analyst who had worked on Able Danger with Kleinsmith, was working for Raytheon after the September 11 attacks. In a 2001 interview with National Journal, she spoke of projects she was involved with that were essentially the same as those at the IDC.
After the Cole bombing, the IDC concentrated on projects not related to Al Qaeda. "We went on to do some other things, other projects," the former IDC employee said. Less than a year later, the 9/11 attackers struck. Looking back, Kleinsmith doesn't claim that he saw the attacks coming. Rather, he felt resigned. "I wasn't surprised," he said. He had studied Al Qaeda's evolution and believed he knew its capabilities. "I thought, 'So it begins.'
Total Information Awareness
The 9/11 attacks breathed some new life into the Information Dominance Center. In late 2001, retired Navy Adm. John Poindexter, who had served as President Reagan's national security adviser, met with the director of the Defense Advanced Research Projects Agency, where Poindexter was soon to be employed. Poindexter was looking for a site to test new technologies under his Total Information Awareness program, which, not unlike the IDC, aimed to use open-source data and government information to understand terrorism.
TIA also looked at tools to examine commercial databases containing information on U.S. citizens, within the context of privacy regulations.
Poindexter wanted a proving ground staffed by seasoned, technology-inclined analysts, a "Manhattan Project" for counterterrorism, he said. The DARPA director, Tony Tether, told him to consider the IDC. After meeting with Gen. Alexander, the Army commander overseeing the center, Poindexter agreed to test some of the TIA tools at the IDC.
"TIA was a very good concept," the former IDC employee said. The center offered TIA "a high-speed testing bed" for its new technologies. "Some of the tools sucked, and some of them were good ideas," the employee said. The frustration came from officials' reluctance to use the tools for active intelligence projects. Poindexter emphasized that TIA was a research project and wasn't using data mining as part of any real intelligence operations. TIA was an experiment.
But the experiment was short-lived. In late 2002, Poindexter's role in TIA was revealed in the press. The controversial retired admiral's past caught up with him -- Poindexter was the central figure in the Iran-Contra scandal, which diverted the profits from covert arms sales to Iran to anti-Communist rebels in Nicaragua.
Members of Congress derided TIA as an Orwellian excess of the post-9/11 era. The funding was pulled. Kleinsmith, who had left the Army by the time TIA arrived, seemed perplexed by lawmakers' concerns. "We've had this capability for years," he remembered thinking. "Who cares?"
TIA's detractors declared a victory for privacy protection when they killed the project. Poindexter was forced to resign in August 2003. But research on TIA tools has hardly ceased.
Rather, it has moved into the intelligence agencies, where the work and the budgets for it are classified, Poindexter said, noting that now Congress has more-limited oversight and should be more concerned about privacy infringements. The former IDC employee concurred, saying "The [TIA] concept hasn't died off. It continues. And it continues elsewhere now, and I can't talk about that. The tools are continuing to be developed."
What-Ifs
Five years after Able Danger, Erik Kleinsmith seems oddly at ease for a key figure in a brewing political controversy. Inevitably, Kleinsmith would be a major witness in any investigation of the project. No one has suggested he did anything other than follow Army regulations in destroying the Able Danger documents.
Kleinsmith remains unconvinced that, despite the IDC's innovations, the 9/11 attacks were foreseeable. But "I do go to bed every night ... [thinking] that if we had not been shut down, we would have at least been able to prevent something or assist the United States in some way," Kleinsmith told the Senate Judiciary Committee during September's hearing. "Could we have prevented 9/11?" He paused, and then said: "I don't think I can ever speculate to that extent, that we could have done that."
Today, Kleinsmith is an employee with Lockheed Martin, working as a contractor to the Army's Information Operations Center, an IDC spin-off that is chartered to support the global war on terrorism. He oversees an intelligence training team of about 28 instructors, five of whom are working in Iraq to train U.S. analysts in data mining.
"One of the most amazing aspects of the Able Danger team is that, for a time, you had what I believe was the perfect combination of technology, data, and expert analysts that combined to create analysis that was above and beyond what the intelligence community was producing," Kleinsmith said. The results of the China experiment brought Special Operations Command to the IDC. That's proof enough for Kleinsmith that his group was providing what no one else could.
"I have been asked by several folks on Capitol Hill, members and staffers alike, whether the capability still exists to do what we did," Kleinsmith said. "My answer is, 'yes and no.' " Paradoxically, analysts are being trained to rely on the technological tools -- what Kleinsmith called "buttonology" -- too much, instead of thinking creatively on their own, he explained.
The technology is powerful, but needs to augment the analyst's work, he said. "There are still those who want to train analysts on how the engine of the car works instead of how to drive the car."
Kleinsmith recognized that the IDC's methods caused some consternation, but he takes pride in his former work and looks at the controversy pragmatically. "We understood that [there were objections], but we also understood that a lot of our customers didn't care."
Today, Kleinsmith is still struggling with the same puzzles. And, to hear him tell it, apart from the advancements in technology, little has changed. So much is still unknown, and undone, about the terrorist threat to the United States, he said. He can simply watch television to know that law enforcement isn't rounding up the terrorist cells he believes his team identified in the United States five years ago.
Ultimately, Kleinsmith sounds less like a man burdened by his past than one nervous about the future. No one seems to be acting on the information the IDC found that terrorists had taken up residence in the United States, far from New York, he said. And, as if they were listening, waiting for him to tip his hand, Kleinsmith cautiously added, "I'd just prefer not to say where they are."
Published in National Journal
Friday, December 02, 2005
In the spring of 2000, a year and a half before the 9/11 attacks, Erik Kleinsmith made a decision that history may judge as a colossal mistake.
Then a 35-year-old Army major assigned to a little-known intelligence organization at Fort Belvoir in Virginia, Kleinsmith had compiled an enormous cache of information -- most of it electronically stored -- about the Al Qaeda terrorist network. It described the group's presence in countries around the world, including the United States.
It was of great interest to military planners eager to strike the terrorists' weak spots. And it may have contained the names of some of the 9/11 hijackers, including the ringleader, Mohamed Atta.
The intelligence data totaled 2.5 terabytes, equal to about 12 percent of all printed pages held by the Library of Congress. Neither the FBI nor the CIA had ever seen the information. And that spring, Kleinsmith destroyed every bit of it.
Why did he do that? And how did a midlevel officer in a minor intelligence outfit obtain that information in the first place? Those questions lie behind the latest phase of a simmering controversy in Washington: whether something could have been done to prevent the terror attacks of September 11.
Kleinsmith worked for an Army project code-named "Able Danger." This past summer, a number of former project members -- none of whom had worked for Kleinsmith -- came forward to say that Able Danger had identified Atta and linked him to a convicted terrorist who is still serving time in federal prison for his role in the 1993 bombing of the World Trade Center.
The Able Danger members recalled charts showing names and pictures of suspects, and their links to each other. Rep. Curt Weldon, an outspoken Pennsylvania Republican and longtime supporter of intelligence reform, has demanded to know why the charts were never shared with an agency positioned to halt the attacks.
He also points out that the 9/11 commission failed to include any mention of Able Danger in its final report, which is regarded as an authoritative history of the attacks. The Pentagon searched more than 80,000 documents and found no chart with the name "Mohamed Atta." Weldon has accused the government of a cover-up and called for a criminal investigation.
But Able Danger, for all its intrigue, is just one piece of the unusual intelligence practices that Kleinsmith was engaged in, years before 9/11. In the late 1990s, Kleinsmith was the chief of intelligence for the Army's Land Information Warfare Activity, a support unit assigned to the Intelligence and Security Command. LIWA had broad authority to assist the Army and all military commands in conducting "information operations," a broad discipline that includes information warfare, public deception in combat, and intelligence analysis.
The Army's hub in this effort was the aptly named Information Dominance Center, based at Fort Belvoir. Since the late 1990s, the IDC has been home to some of the most innovative, unconventional, and controversial minds in the intelligence business. In its futuristic-style building -- its interior spaces designed by a Hollywood set artist to mimic the bridge of the starship Enterprise, complete with a large captain's chair in the center of the main room -- the IDC covered a range of topics.
Analysts tracked computer hackers who were targeting military networks, watched for potential avenues of Chinese government espionage, and charted the working relationships among foreign terrorists. To do this, the IDC relied heavily on a novel technique called "data mining."
On a recent afternoon at a coffee shop in Springfield, Va., not far from the IDC, Kleinsmith explained how data mining works. Putting pen to paper, Kleinsmith sketched clumps of circles, then surrounded some with concentric, wavy perimeters, until he'd drawn a crude version of a topographical map.
In data mining, he explained, a powerful search engine is used to "harvest" tens of thousands of Web pages that contain key words of interest -- "Al Qaeda" and "bin Laden," for instance. Another tool, called a data visualization program, then creates a three-dimensional map showing which words appear most often and how they relate.
The features and contours of the map tell an analyst about the underlying information's significance, Kleinsmith said. High peaks represent words that appear frequently. Peaks close together signal words that share some context. The analysts can click on a peak and pull up the information that helped create it. With data mining, analysts don't just read information, they "see" it. Kleinsmith called this kind of data mining "intelligence on steroids," and it was the IDC's hallmark.
Data mining works best with large sets of information, so it's particularly useful for Internet searches. At the IDC, Kleinsmith and three colleagues mapped Al Qaeda for Able Danger by mining open sources and fusing their results with classified government intelligence. But in addition to the mass of information they returned on suspected terrorists, they collected thousands of names of U.S. citizens.
People's names and personal information litter the Internet. Data harvesting, by its very nature, is indiscriminate and sweeping. Unavoidably, along with "Osama Bin Laden," an often-mentioned name like "Bill Clinton" will be harvested. That says a lot about the power, and the limits, of data mining, and why Kleinsmith destroyed what he had; the military is not supposed to be gathering information on U.S. citizens.
A First Test
From its earliest days, the IDC was a haven for renegades who wanted to use technology to step outside traditional intelligence-gathering, which relies heavily on classified sources and labor-intensive analysis. The center had high-level champions, including Lt. Gen. Keith Alexander, who from 2000 to 2003 directed the Intelligence and Security Command, the IDC's parent. Alexander now heads the National Security Agency, which operates the most-sophisticated electronic eavesdropping devices in the world.
Alexander also worked closely with James Heath, who headed the IDC in the late 1990s and whom former employees recall as a mix of driven genius and mad scientist. According to one such former employee of the center, Heath saw the IDC as "an experimentation table" on which to try out all kinds of new tools, depending on what the Army wanted at the time. Analysts and technicians worked together, "speaking the same language" and building useful data-mining tools. This dynamic didn't exist in other intelligence agencies, the former employee noted.
The IDC earned a reputation for innovation, but it also stepped over the bounds of traditional military intelligence. One of its first outside fans was Curt Weldon. Rep. Weldon had been advocating a "national collaborative center" to fuse law enforcement and intelligence units, and their information, from across the government.
In 1997, as the U.S. intervened in the Balkan War, senior Russian officials wanted Weldon (who had had good and long-standing contacts with the Russians) to meet in Belgrade with Yugoslavia's then-president, Slobodan Milosevic, to negotiate a peace settlement.
As Weldon stated on the House floor in 2002, the Russians offered to arrange a meeting between Weldon and Dragomir Karic, a rich Serb closely tied to Milosevic. Perhaps, the Russians said, Karic could act as a go-between with the Serbian president. But according to Weldon, State Department officials said they'd never heard of Karic, and thought the meeting was a ploy to manipulate the congressman.
Weldon met with Karic on neutral territory, in Vienna. But before leaving the States, he asked then-CIA Director George Tenet for background on the Serb. Tenet "called me back the next day and gave me two or three sentences ... and said they thought he was tied in with the corruption in Russia, but did not know much else about him," Weldon said.
Unsatisfied, Weldon contacted his "friends at the Information Dominance Center," which he considered a model for his own intelligence collaboration venture. The IDC "came back to me with eight pages about this man," who the analysts said "was very close to Milosevic personally." Former IDC employees confirmed that they provided Weldon with detailed information on Karic.
The talks with Karic bore no fruit. But when Weldon returned to Washington, he said, the FBI and CIA asked to debrief him on what he knew about Karic. Weldon delivered a thorough dossier.
"I told them that there were four Karic brothers; that they were the owners of the largest banking system in the former Yugoslavia; that they employed some 60,000 people; that their bank had tried to finance the sale of an SA-10 [missile system] from Russia to Milosevic; that their bank had been involved in a $4 billion German bond scam; that one of the brothers had financed Milosevic's election; that the house Milosevic lived in was really their house; that, in fact, the Karic brothers' wives were best of friends with Milosevic's wife; and that they were the closest people to this leader."
Surprised to hear such details on a man they barely knew of, the agents presumed Weldon got the information from the Russians. When he told them that the facts came from the Army's Information Dominance Center, Weldon recalls, the agents replied, "What ... is the Information Dominance Center?"
The event convinced Weldon that the CIA and the FBI didn't "get it," and that the IDC was the wave of the future. He became its biggest proponent in Congress, and sang its praises to the highest levels of the Defense Department.
After Weldon submitted the Karic dossier, word of the IDC's work spread outside the Army realm, Kleinsmith said. He had put just two analysts on the Weldon project, and they had taken only a day to generate the Karic profile. It "shocked me that we were outdoing these other organizations," namely the CIA, Kleinsmith said.
The China Problem
Intrigued with the Karic work, senior Pentagon officials decided to see if the tiny band of analysts could prove their mettle on a bigger problem. Officials were concerned about the possible leakage of U.S. military technology abroad, through unauthorized exports or through espionage. In the spring of 1999, the Pentagon "initiated a onetime project, to use data-correlation tools to decide if we could use those methods as a superior approach for counterintelligence," said John Hamre, the deputy Defense secretary at the time. "It was an experiment."
The people involved said the experiment looked specifically at technology transfers to China, whose military posed the gravest post-Cold War threat to the United States. Kleinsmith says the particular technology the IDC researched was arbitrary. "I think we flipped a coin" to decide. The point was to show the Pentagon that data mining could identify front companies, potential leaks of technology, and other vulnerabilities. "What we found was absolutely enormous," Kleinsmith said.
Former IDC employees and others familiar with the work say the China research exposed a variety of avenues through which military technology designs could end up in Chinese government hands. The IDC created a diagram showing how organizations and people in the United States were connected to the Chinese. Hamre had visited the center, and according to Weldon, reported back, "It is amazing what they are doing there."
The experiment "went well," the former IDC employee said. "Unfortunately, it went too well." During construction of those link diagrams, the names of a number of U.S. citizens popped up, including some very prominent figures. Condoleezza Rice, then the provost at Stanford University, appeared in one of the harvests, the by-product of a presumably innocuous connection between other subjects and the university, which hosts notable Chinese scholars.
William Cohen, then the secretary of Defense, also appeared. As one former senior Defense official explained, the IDC's results "raised eyebrows," and leaders in the Pentagon grew nervous about the political implications of turning up such high-profile names, or those of any American citizens who were not the subject of a legally authorized intelligence investigation. Rumors still abound about other notable figures caught up in the IDC's harvest. "I heard they turned up Hillary Clinton," the official said. The experiment was not continued.
"We determined that there were significant methodological problems," Hamre said of the IDC's techniques. Data-correlation analyses on raw information "produce impossibly large numbers of potential correlations. The numbers are too large to be operationally helpful."
But it appears not everyone in the military establishment agreed. Over the next several months, Kleinsmith estimated he gave more than 200 briefings on the IDC to members of Congress, generals, and senior government officials. "I could tell in three to four minutes if someone 'got it,' " Kleinsmith said. Hamre got it, he noted. And so, it seems, did officials with the Army's Special Operations Command, who, despite the unease over the China experiment, came to the IDC asking for information about a then-shadowy organization called Al Qaeda.
Able Danger
In the fall of 1999, top officials in the Special Operations Command were looking for a way to take the nascent fight on terrorism to its source. Al Qaeda had recently destroyed the U.S. embassies in Kenya and Tanzania. Special Operations' top officers, including the commander, Gen. Peter Schoomaker, "wanted the mission of 'putting boots on the ground' to get at [Osama] bin Laden and Al Qaeda," according to the 9/11 commission report.
But the military leadership believed that without concrete intelligence about Al Qaeda, a strike on the group was doomed to fail. President Clinton told the 9/11 commission, "If we had really good intelligence about ... where [bin Laden] was, I would have done it." Plans were already under way to attack Al Qaeda using AC-130 gunships. What was lacking was actionable intelligence to tell the military whom to hit and where.
Kleinsmith said that a pair of Special Operations officials visited him at the IDC in December 1999. At the instruction of the Joint Chiefs of Staff, the officials wanted as much intelligence on Al Qaeda and other transnational terrorists that could be mustered. They called the project Able Danger. (The word "able" has been commonly used for military exercises for more than two decades.)
The officials asked Kleinsmith about the technologies the IDC was using. "They didn't talk specifics," Kleinsmith said, but it was clear that "we had something they could really use." Later, he offered to "run some data" and produce a preliminary analysis. Within 90 minutes, Kleinsmith said, his analysts found evidence that Al Qaeda had a "worldwide footprint," including "a surprising presence in the U.S. That's when we started losing sleep."
In January 2000, Special Operations gave Kleinsmith and his team the green light to find as much information as they could. "They told us, 'Start with the words "Al Qaeda," and go,' " he said. A month later, the IDC conducted the first Able Danger harvest. The initial results, while impressive, were hardly what Special Operations forces needed to put boots on the ground.
The harvest "was a mile wide and an inch deep," Kleinsmith said. It included more than two terabytes of information, too vast an amount to provide specific targets. The IDC analysts could see the broad outlines of Al Qaeda, particularly its transformation from an idealistic movement into an operational network that could possibly inflict damage. Names, locations, and capabilities, and even the group's financial sources, were "coming together," Kleinsmith said. But the data set was still too big.
That didn't stop the analysts from trying to pare the information down. The former IDC employee said analysts played what they called "the Kevin Bacon game," referring to the popular notion that the prolific film actor can be linked to any other actor through no more than five people. (The game is based on the "six degrees of separation" theory that anyone on Earth can be linked to anyone else through five intermediaries.)
"Let's say you had a bad guy at each end of a string," the employee said. The analysts looked for the people between them, and then those people's ties to each other and to still others, asking whether any of the links came back to the initial bad guys. The analysts played this game routinely to firm up the connections in the large data sets. Eventually, they were able to isolate some 20 people about whom Special Operations wanted further, deeper analysis, Kleinsmith said.
The team developed charts to serve as "simplified explanations" of what they found. But those charts, now famously alluded to by Weldon and others as having named Mohamed Atta, sometimes measured 20 feet in length and were covered with small type, the former IDC employee said. The charts were so big, in fact, that analysts had to hang them on walls just to read them. The former employee doesn't remember seeing Atta's picture.
The IDC might have followed Atta's trail if it had been told to do so, the former employee said. But just pulling names at random from the chart was pointless. And a simple connection between two people on a chart was not evidence of any criminality or pending attack. "Do you have any idea how many people on the planet would go to jail just because they knew somebody bad?" the former employee asked.
The IDC produced an impressive array of intelligence, but it also came dangerously close to an important legal line. The basic harvesting methodology guaranteed that the names of U.S. citizens would appear. "You'll pull in 16,000 people in a harvest," Kleinsmith said. It's "100 percent likely" that an American will be there. And sometimes the names themselves seemed meaningless.
If an analyst found "Clinton," Kleinsmith noted, that could mean George Clinton, the funk musician, or the town of Clinton, Md. Was the collection accidental or intentional? Regulations that restrict domestic surveillance of U.S. citizens don't necessarily apply to names that are swept up inadvertently in a data harvest. The IDC team pulled in hundreds of names every hour, Kleinsmith said. When asked which prominent Americans were included, he replied, "Everybody was coming up."
Data Destruction
As quickly as the IDC garnered powerful fans, it also earned some enemies. The center was not a chartered member of the formal intelligence community -- the 14 agencies that in 1999 officially constituted the country's spy apparatus. For a support organization, buried several layers deep in the Army, to tread on territory normally reserved for big-name agencies like the CIA and the Defense Intelligence Agency, and to present intelligence gleaned from the Internet, of all places, was simply anathema to people steeped in decades of intelligence rules and culture. The IDC analysts were mavericks.
In particular, the Defense Intelligence Agency questioned the analysts' results on a number of projects, not just Able Danger, the former IDC employee said. "We'd show them our stuff, and they'd say, 'Show us the math.' " But the answers didn't always add up so neatly. The combination of data mining and hunches sometimes produced results that the bigger intelligence agencies viewed as murky, even if military commanders found them compelling.
At a Pentagon briefing on Able Danger in September of this year, Thomas Gandy, the Army's director of counterintelligence and human intelligence, cautioned reporters about inferring too much information from the "links" the IDC established, particularly because its data-mining tools were far less sophisticated than the ones used today. "Just that there are links established doesn't really mean anything," Gandy said. "In the primacy of this technology, you get some very goofy links that require research."
Kleinsmith and the former employee, as well as others who worked tangentially to the IDC over the years, insisted that the IDC analysts were senior and seasoned, and that they recognized the fact that simple links required further investigation. Yet the analysts' enthusiasm for a less tidy sort of inquiry, which often raised more questions than answers, divided intelligence professionals. Some former government officials, who declined to be named, derided the IDC analysts as "zealots" and said their work never produced the eureka-like results that some, particularly former Able Danger members, now claim.
One senior IDC analyst, Eileen Preisser, who worked with Kleinsmith on Able Danger and other projects, was characterized by a former Defense official as "an uncontrolled flake." Kleinsmith, who called Preisser an "analytical genius," admitted that she "has constant trouble in working with others in the community." Preisser has worked in several intelligence jobs, inside and outside the government, and those who know her see her as the prototypical IDC believer.
She "is especially critical of those folks who she feels did not, or do not, 'get' the technology," Kleinsmith said. "Instead of working within the system, maneuvering around the tough spots, negotiating and dealing, she tends to burn her way through an issue to get where she needs to go." Preisser now works for the National Geospatial Intelligence Agency. A spokeswoman there said Preisser declined all requests for interviews.
In early 2000, in the midst of Able Danger, a lawyer with the Army's general counsel visited Kleinsmith. As Kleinsmith testified before the Senate Judiciary Committee in September, the lawyer reminded him that under Army regulations, any data the IDC collected on U.S. persons -- even inadvertently -- had to be destroyed within 90 days. If analysts could establish a legitimate reason to investigate a person further, they could keep the corresponding data.
But with potentially tens of thousands of names, checking each one would have been impossible, Kleinsmith said. In the Pentagon briefing, Gandy concurred: "I don't think they had the capability to scrub it in the fashion that the oversight rules could live with."
By the spring of 2000, Kleinsmith said, the IDC had the list of 20 individuals whom Special Operations wanted investigated further under Able Danger. But in March, Kleinsmith was ordered to cease all work on the project. He believes the order came from outside the IDC's command. From May to June, Kleinsmith and his team destroyed the information, and possibly the linkages between Mohamed Atta, Al Qaeda, and convicted terrorists already sitting in U.S. prisons.
"It was terrible," Kleinsmith said.
'So It Begins'
After the data purge, the heartbeat of the IDC slowed. In late September 2000, the center was authorized to begin new work on Able Danger, Kleinsmith said. A data harvest would take no time to replicate, but the analysis on people and locations was much harder to reproduce.
But Able Danger never ramped up a second time. On October 12, while the USS Cole was docked in Yemen's port city of Aden, Al Qaeda suicide bombers rammed the destroyer with a small explosive-laden boat, killing 17 U.S. sailors and wounding 39. From then on, U.S. Central Command, responsible for the Middle East, became the IDC's primary customer, Kleinsmith said. Special Operations Command, unhappy because the IDC's attention had shifted, moved Able Danger to a private intelligence research center run by Raytheon in Garland, Texas, Kleinsmith said.
A Raytheon spokesman did not respond to a request for comment. But Eileen Preisser, the IDC analyst who had worked on Able Danger with Kleinsmith, was working for Raytheon after the September 11 attacks. In a 2001 interview with National Journal, she spoke of projects she was involved with that were essentially the same as those at the IDC.
After the Cole bombing, the IDC concentrated on projects not related to Al Qaeda. "We went on to do some other things, other projects," the former IDC employee said. Less than a year later, the 9/11 attackers struck. Looking back, Kleinsmith doesn't claim that he saw the attacks coming. Rather, he felt resigned. "I wasn't surprised," he said. He had studied Al Qaeda's evolution and believed he knew its capabilities. "I thought, 'So it begins.'
Total Information Awareness
The 9/11 attacks breathed some new life into the Information Dominance Center. In late 2001, retired Navy Adm. John Poindexter, who had served as President Reagan's national security adviser, met with the director of the Defense Advanced Research Projects Agency, where Poindexter was soon to be employed. Poindexter was looking for a site to test new technologies under his Total Information Awareness program, which, not unlike the IDC, aimed to use open-source data and government information to understand terrorism.
TIA also looked at tools to examine commercial databases containing information on U.S. citizens, within the context of privacy regulations.
Poindexter wanted a proving ground staffed by seasoned, technology-inclined analysts, a "Manhattan Project" for counterterrorism, he said. The DARPA director, Tony Tether, told him to consider the IDC. After meeting with Gen. Alexander, the Army commander overseeing the center, Poindexter agreed to test some of the TIA tools at the IDC.
"TIA was a very good concept," the former IDC employee said. The center offered TIA "a high-speed testing bed" for its new technologies. "Some of the tools sucked, and some of them were good ideas," the employee said. The frustration came from officials' reluctance to use the tools for active intelligence projects. Poindexter emphasized that TIA was a research project and wasn't using data mining as part of any real intelligence operations. TIA was an experiment.
But the experiment was short-lived. In late 2002, Poindexter's role in TIA was revealed in the press. The controversial retired admiral's past caught up with him -- Poindexter was the central figure in the Iran-Contra scandal, which diverted the profits from covert arms sales to Iran to anti-Communist rebels in Nicaragua.
Members of Congress derided TIA as an Orwellian excess of the post-9/11 era. The funding was pulled. Kleinsmith, who had left the Army by the time TIA arrived, seemed perplexed by lawmakers' concerns. "We've had this capability for years," he remembered thinking. "Who cares?"
TIA's detractors declared a victory for privacy protection when they killed the project. Poindexter was forced to resign in August 2003. But research on TIA tools has hardly ceased.
Rather, it has moved into the intelligence agencies, where the work and the budgets for it are classified, Poindexter said, noting that now Congress has more-limited oversight and should be more concerned about privacy infringements. The former IDC employee concurred, saying "The [TIA] concept hasn't died off. It continues. And it continues elsewhere now, and I can't talk about that. The tools are continuing to be developed."
What-Ifs
Five years after Able Danger, Erik Kleinsmith seems oddly at ease for a key figure in a brewing political controversy. Inevitably, Kleinsmith would be a major witness in any investigation of the project. No one has suggested he did anything other than follow Army regulations in destroying the Able Danger documents.
Kleinsmith remains unconvinced that, despite the IDC's innovations, the 9/11 attacks were foreseeable. But "I do go to bed every night ... [thinking] that if we had not been shut down, we would have at least been able to prevent something or assist the United States in some way," Kleinsmith told the Senate Judiciary Committee during September's hearing. "Could we have prevented 9/11?" He paused, and then said: "I don't think I can ever speculate to that extent, that we could have done that."
Today, Kleinsmith is an employee with Lockheed Martin, working as a contractor to the Army's Information Operations Center, an IDC spin-off that is chartered to support the global war on terrorism. He oversees an intelligence training team of about 28 instructors, five of whom are working in Iraq to train U.S. analysts in data mining.
"One of the most amazing aspects of the Able Danger team is that, for a time, you had what I believe was the perfect combination of technology, data, and expert analysts that combined to create analysis that was above and beyond what the intelligence community was producing," Kleinsmith said. The results of the China experiment brought Special Operations Command to the IDC. That's proof enough for Kleinsmith that his group was providing what no one else could.
"I have been asked by several folks on Capitol Hill, members and staffers alike, whether the capability still exists to do what we did," Kleinsmith said. "My answer is, 'yes and no.' " Paradoxically, analysts are being trained to rely on the technological tools -- what Kleinsmith called "buttonology" -- too much, instead of thinking creatively on their own, he explained.
The technology is powerful, but needs to augment the analyst's work, he said. "There are still those who want to train analysts on how the engine of the car works instead of how to drive the car."
Kleinsmith recognized that the IDC's methods caused some consternation, but he takes pride in his former work and looks at the controversy pragmatically. "We understood that [there were objections], but we also understood that a lot of our customers didn't care."
Today, Kleinsmith is still struggling with the same puzzles. And, to hear him tell it, apart from the advancements in technology, little has changed. So much is still unknown, and undone, about the terrorist threat to the United States, he said. He can simply watch television to know that law enforcement isn't rounding up the terrorist cells he believes his team identified in the United States five years ago.
Ultimately, Kleinsmith sounds less like a man burdened by his past than one nervous about the future. No one seems to be acting on the information the IDC found that terrorists had taken up residence in the United States, far from New York, he said. And, as if they were listening, waiting for him to tip his hand, Kleinsmith cautiously added, "I'd just prefer not to say where they are."
Published in National Journal
Labels: Homeland Security, Intelligence, Technology, Terrorism
Full Article
The Private Spy Among Us
Thursday, November 10, 2005
To help the government track suspected terrorists and spies who may be visiting or residing in this country, the FBI and the Defense Department for the past three years have been paying a Georgia-based company for access to its vast databases that contain billions of personal records about nearly every person -- citizens and noncitizens alike -- in the United States.
According to federal documents obtained by National Journal and Government Executive, among the services that ChoicePoint provides to the government is access to a previously undisclosed, and vaguely described, "exclusive" data-searching system. This system in effect gives law enforcement and intelligence agents the ability to use the private data broker to do something that they legally can't -- keep tabs on nearly every American citizen and foreigner in the United States.
ChoicePoint is famous for being the largest and most sophisticated aggregator of public records on U.S. citizens and residents. The company has built an enormous electronic cache of more than 19 billion records -- all of which are legally obtained -- that it mines to locate criminals and suspects, their family members and known associates, and their hidden financial assets.
Most of ChoicePoint's customers are other companies -- insurance providers trying to spot potential scam artists applying for policies, for instance. But the company's work for the government is significant and growing. Using its DNA analysis lab, ChoicePoint helped identify victims of the September 11 attacks. And the following year, the company helped locate the Washington-area snipers by leading investigators to the blue Chevrolet Caprice that the two killers used in their spree. (ChoicePoint compiles hundreds of millions of motor vehicle registrations.)
Although it has generally been known that the FBI and intelligence agencies use ChoicePoint's people-tracking skills, federal and company officials have refused to discuss the particulars of their arrangements. ChoicePoint declined a request for an interview about its work for the FBI and the Defense Department. But a set of contract documents, obtained under the Freedom of Information Act, and which the government sought to withhold for almost two years, reveals details not previously reported about ChoicePoint's work for the FBI's Foreign Terrorist Tracking Task Force, called FTTTF or "F tre F." This task force was set up soon after the 9/11 attacks to assist law enforcement and intelligence agencies in locating foreign terrorists and their supporters in the United States. Because the task force can't maintain records on U.S. persons without opening an official investigation, it relies on ChoicePoint to augment the intelligence that the government collects through legal channels.
The documents show that ChoicePoint has provided an arsenal of data and analysis to the task force and its partner group, the Defense Department's Assessments and Technology Directorate, which in turn is part of a counterintelligence unit that identifies covert threats -- namely spies and terrorists -- to Defense Department personnel and property. The FBI task force and the Defense directorate share an office and have helped to identify more than 200 terrorist suspects in the United States, FBI officials say. The partnership has also helped track suspected suicide bombers; the FBI component, among other things, vets all foreigners attending U.S. flight schools.
According to the contract documents, which have been heavily redacted, in 2002 the FBI task force had an "urgent need to acquire high-volume public record data" to help locate and track "foreign terrorists and related activities." At that point, the task force purchased some of the company's most popular services.
In the beginning, ChoicePoint performed search work at its own facilities, taking "input criteria" -- a name or other identifying data supplied by the government -- and returning useful information, such as a subject's address or any disparity between his name and Social Security number (a signal that the person may have purchased a stolen number to shield his true identity).
A year later, the government's appetite for data apparently became more sophisticated. In early 2003, the agencies ordered a set of Internet-based services from ChoicePoint. These services, the documents show, effectively put the power of the company's databases at government agents' fingertips on their desktop computers. The agencies also bought the company's AutoTrack product, which creates "easy-to-read reports" and gives users the "ability to locate people and assets faster ... and solve more crimes," according to marketing materials on ChoicePoint's Web site. And the agencies purchased ChoicePoint's "national comprehensive reports with associates," a service that lists the names, Social Security numbers, addresses, properties, and even pilot licenses to which someone is connected, directly or through known associates and relatives. FBI officials have said that such services are an invaluable complement to traditional criminal investigations.
But the documents indicate that ChoicePoint may have gone beyond simply offering its commercially available products to the government. In 2003, ChoicePoint agreed to provide access to an "exclusive" system used to help identify terrorism suspects. Although much of the description of the system has been redacted from the documents -- on the grounds that it would reveal law enforcement tactics and operations -- the portions that were released indicate that ChoicePoint's work involves continuously tracking a "subject of interest" and notifying the government when new information has surfaced on that person.
After a string of redacted text about this exclusive service, the document states, "When this new information is added and identified as relevant new data for a subject of interest, the FTTTF will receive electronic notification.... Additional information beyond the identity and address data can be provided to the FTTTF with a subpoena." In releasing the contract documents, the government said it could not elaborate on the system, because doing so "could certainly assist ... terrorists in circumventing detection." The government also redacted the dollar amount of the contracts, making it harder to assess costs and scope.
According to an outside expert on ChoicePoint who reviewed the documents for National Journal, the exclusive service looks like something ChoicePoint built specifically for federal agencies, and the arrangement raises questions about whether the company is effectively becoming an arm of the federal government.
"The language [of the contract], and ChoicePoint making their full system available to the government and [performing] custom-tailored searches for the government, show a high degree of cooperation," says Chris Hoofnagle, a researcher with the Electronic Privacy Information Center, who has obtained ChoicePoint contracts and corporate documents through other legal filings.
FBI officials have stated publicly that they don't use ChoicePoint for "fishing expeditions," that they tap its services only in the course of an official investigation. But the threshold for what constitutes a "subject of interest" is unclear. So are the restrictions, if any, that the government faces when it searches private databases for information on U.S. citizens. And it's unclear whether these restrictions differ from the rules for investigating foreigners.
Even though existing laws strictly limit the government's ability to conduct surveillance on U.S. citizens, those limitations don't apply to corporations. And so, the more ChoicePoint takes on exclusive work for the government that the government is prohibited from doing on its own, "the more it looks like a government actor," Hoofnagle says.
ChoicePoint collects a dizzying variety of newly filed public records from sources as varied as courthouses and motor vehicle departments, any of which could be a key data point in building a profile about a person being investigated. Standard ChoicePoint fare includes concealed-weapons permits; marriage and death certificates; registrations for boats, aircraft, and automobiles; eviction notices; credit card information; hazardous-materials-handling permits; and employment histories.
Without question, ChoicePoint provides services that the government feels it can't live without. "The enormous number of visitors to the U.S. and avenues of entry and exit makes it inordinately difficult, if not impossible, to accurately account for each entrant," the FBI task force director, Mark Tanner, told House lawmakers in 2003. He was describing how agents use private data brokers' information to help find people who've overstayed their visas, a class the government deems a security risk. FBI agents privately also sing the company's praises and say that if they couldn't get public records from ChoicePoint, they'd have to dispatch investigators to courthouses and clerks' offices across the country, greatly slowing the pace of their work.
But as ChoicePoint's databases grow, Hoofnagle asks, "at what point do [the company's] records become the equivalent of a 'system of records,' " an official collection that is subject to government regulation and oversight and that must be publicly announced? Writing in the George Washington Law Review last November, two members of the Center for Democracy and Technology wondered whether government's use of private databases renders useless the federal Privacy Act, which is supposed to protect private information. "If the government is simply accessing databases created by commercial entities for their own reasons, there may be no system of records subject to Privacy Act requirements," the members wrote.
U.S. citizens have few avenues to monitor how the government is using their personal data when it resides outside government hands. "We have the legal authority to collect certain types of information," says Ed Cogswell, an FBI spokesman. ChoicePoint is "a commercial database, and we purchase a lot of different commercial databases.... They have collated information that we legitimately have the authority to obtain."
But because the FBI is so reluctant to discuss how it uses the data, and what its own guidelines are for monitoring agents' access to it, a cloak is cast over the government's work. "From the perspective of an American citizen, this is another example where a company that's built a massive personal-information database is being used regularly by the government to track citizens," says Hoofnagle, who supports using ChoicePoint for terrorism investigations but wants more public assurances that the information isn't being misused.
Congress wants similar assurances. In the wake of several security breaches this year, at ChoicePoint and other firms, in which identity thieves accessed people's financial records, lawmakers have proposed several bills that would rein in the private data brokers and monitor more closely how the government uses them. One bill, the Personal Data Privacy and Security Act, introduced by Sens. Arlen Specter, R-Pa., and Patrick Leahy, D-Vt., would require the government to establish rules protecting privacy and security when it hires data brokers, and to conduct regular audits of those contracts.
Privacy advocates following the bills say that they're weaker than legislation being pushed through in state legislatures, and that no single congressional bill fully addresses all their concerns. But the legislation has data brokers' attention. Hoofnagle says that lobbying expenditures by private data collectors are up across the industry. And this year, ChoicePoint has hired a number of lobby shops specializing in the executive branch. One hired last month is none other than the Ashcroft Group, founded by former Attorney General John Ashcroft, who oversaw the establishment of the FBI task force in 2002.
Steven Aftergood, who directs the Project on Government Secrecy at the Federation of American Scientists, says, however, that it is always hard to monitor what private contractors do in the intelligence field.
"Using contractors to perform sensitive intelligence or counterintelligence work, whether it's prisoner interrogation in Iraq or data mining in D.C., is always problematic, because their activities are much harder to oversee," Aftergood says. "Unlike government agencies, contractors are not answerable to Congress. And the secrecy of most intelligence work makes them all but impervious to independent oversight. If they broke or bent the law, we might never find out."
Thursday, November 10, 2005
To help the government track suspected terrorists and spies who may be visiting or residing in this country, the FBI and the Defense Department for the past three years have been paying a Georgia-based company for access to its vast databases that contain billions of personal records about nearly every person -- citizens and noncitizens alike -- in the United States.
According to federal documents obtained by National Journal and Government Executive, among the services that ChoicePoint provides to the government is access to a previously undisclosed, and vaguely described, "exclusive" data-searching system. This system in effect gives law enforcement and intelligence agents the ability to use the private data broker to do something that they legally can't -- keep tabs on nearly every American citizen and foreigner in the United States.
ChoicePoint is famous for being the largest and most sophisticated aggregator of public records on U.S. citizens and residents. The company has built an enormous electronic cache of more than 19 billion records -- all of which are legally obtained -- that it mines to locate criminals and suspects, their family members and known associates, and their hidden financial assets.
Most of ChoicePoint's customers are other companies -- insurance providers trying to spot potential scam artists applying for policies, for instance. But the company's work for the government is significant and growing. Using its DNA analysis lab, ChoicePoint helped identify victims of the September 11 attacks. And the following year, the company helped locate the Washington-area snipers by leading investigators to the blue Chevrolet Caprice that the two killers used in their spree. (ChoicePoint compiles hundreds of millions of motor vehicle registrations.)
Although it has generally been known that the FBI and intelligence agencies use ChoicePoint's people-tracking skills, federal and company officials have refused to discuss the particulars of their arrangements. ChoicePoint declined a request for an interview about its work for the FBI and the Defense Department. But a set of contract documents, obtained under the Freedom of Information Act, and which the government sought to withhold for almost two years, reveals details not previously reported about ChoicePoint's work for the FBI's Foreign Terrorist Tracking Task Force, called FTTTF or "F tre F." This task force was set up soon after the 9/11 attacks to assist law enforcement and intelligence agencies in locating foreign terrorists and their supporters in the United States. Because the task force can't maintain records on U.S. persons without opening an official investigation, it relies on ChoicePoint to augment the intelligence that the government collects through legal channels.
The documents show that ChoicePoint has provided an arsenal of data and analysis to the task force and its partner group, the Defense Department's Assessments and Technology Directorate, which in turn is part of a counterintelligence unit that identifies covert threats -- namely spies and terrorists -- to Defense Department personnel and property. The FBI task force and the Defense directorate share an office and have helped to identify more than 200 terrorist suspects in the United States, FBI officials say. The partnership has also helped track suspected suicide bombers; the FBI component, among other things, vets all foreigners attending U.S. flight schools.
According to the contract documents, which have been heavily redacted, in 2002 the FBI task force had an "urgent need to acquire high-volume public record data" to help locate and track "foreign terrorists and related activities." At that point, the task force purchased some of the company's most popular services.
In the beginning, ChoicePoint performed search work at its own facilities, taking "input criteria" -- a name or other identifying data supplied by the government -- and returning useful information, such as a subject's address or any disparity between his name and Social Security number (a signal that the person may have purchased a stolen number to shield his true identity).
A year later, the government's appetite for data apparently became more sophisticated. In early 2003, the agencies ordered a set of Internet-based services from ChoicePoint. These services, the documents show, effectively put the power of the company's databases at government agents' fingertips on their desktop computers. The agencies also bought the company's AutoTrack product, which creates "easy-to-read reports" and gives users the "ability to locate people and assets faster ... and solve more crimes," according to marketing materials on ChoicePoint's Web site. And the agencies purchased ChoicePoint's "national comprehensive reports with associates," a service that lists the names, Social Security numbers, addresses, properties, and even pilot licenses to which someone is connected, directly or through known associates and relatives. FBI officials have said that such services are an invaluable complement to traditional criminal investigations.
But the documents indicate that ChoicePoint may have gone beyond simply offering its commercially available products to the government. In 2003, ChoicePoint agreed to provide access to an "exclusive" system used to help identify terrorism suspects. Although much of the description of the system has been redacted from the documents -- on the grounds that it would reveal law enforcement tactics and operations -- the portions that were released indicate that ChoicePoint's work involves continuously tracking a "subject of interest" and notifying the government when new information has surfaced on that person.
After a string of redacted text about this exclusive service, the document states, "When this new information is added and identified as relevant new data for a subject of interest, the FTTTF will receive electronic notification.... Additional information beyond the identity and address data can be provided to the FTTTF with a subpoena." In releasing the contract documents, the government said it could not elaborate on the system, because doing so "could certainly assist ... terrorists in circumventing detection." The government also redacted the dollar amount of the contracts, making it harder to assess costs and scope.
According to an outside expert on ChoicePoint who reviewed the documents for National Journal, the exclusive service looks like something ChoicePoint built specifically for federal agencies, and the arrangement raises questions about whether the company is effectively becoming an arm of the federal government.
"The language [of the contract], and ChoicePoint making their full system available to the government and [performing] custom-tailored searches for the government, show a high degree of cooperation," says Chris Hoofnagle, a researcher with the Electronic Privacy Information Center, who has obtained ChoicePoint contracts and corporate documents through other legal filings.
FBI officials have stated publicly that they don't use ChoicePoint for "fishing expeditions," that they tap its services only in the course of an official investigation. But the threshold for what constitutes a "subject of interest" is unclear. So are the restrictions, if any, that the government faces when it searches private databases for information on U.S. citizens. And it's unclear whether these restrictions differ from the rules for investigating foreigners.
Even though existing laws strictly limit the government's ability to conduct surveillance on U.S. citizens, those limitations don't apply to corporations. And so, the more ChoicePoint takes on exclusive work for the government that the government is prohibited from doing on its own, "the more it looks like a government actor," Hoofnagle says.
ChoicePoint collects a dizzying variety of newly filed public records from sources as varied as courthouses and motor vehicle departments, any of which could be a key data point in building a profile about a person being investigated. Standard ChoicePoint fare includes concealed-weapons permits; marriage and death certificates; registrations for boats, aircraft, and automobiles; eviction notices; credit card information; hazardous-materials-handling permits; and employment histories.
Without question, ChoicePoint provides services that the government feels it can't live without. "The enormous number of visitors to the U.S. and avenues of entry and exit makes it inordinately difficult, if not impossible, to accurately account for each entrant," the FBI task force director, Mark Tanner, told House lawmakers in 2003. He was describing how agents use private data brokers' information to help find people who've overstayed their visas, a class the government deems a security risk. FBI agents privately also sing the company's praises and say that if they couldn't get public records from ChoicePoint, they'd have to dispatch investigators to courthouses and clerks' offices across the country, greatly slowing the pace of their work.
But as ChoicePoint's databases grow, Hoofnagle asks, "at what point do [the company's] records become the equivalent of a 'system of records,' " an official collection that is subject to government regulation and oversight and that must be publicly announced? Writing in the George Washington Law Review last November, two members of the Center for Democracy and Technology wondered whether government's use of private databases renders useless the federal Privacy Act, which is supposed to protect private information. "If the government is simply accessing databases created by commercial entities for their own reasons, there may be no system of records subject to Privacy Act requirements," the members wrote.
U.S. citizens have few avenues to monitor how the government is using their personal data when it resides outside government hands. "We have the legal authority to collect certain types of information," says Ed Cogswell, an FBI spokesman. ChoicePoint is "a commercial database, and we purchase a lot of different commercial databases.... They have collated information that we legitimately have the authority to obtain."
But because the FBI is so reluctant to discuss how it uses the data, and what its own guidelines are for monitoring agents' access to it, a cloak is cast over the government's work. "From the perspective of an American citizen, this is another example where a company that's built a massive personal-information database is being used regularly by the government to track citizens," says Hoofnagle, who supports using ChoicePoint for terrorism investigations but wants more public assurances that the information isn't being misused.
Congress wants similar assurances. In the wake of several security breaches this year, at ChoicePoint and other firms, in which identity thieves accessed people's financial records, lawmakers have proposed several bills that would rein in the private data brokers and monitor more closely how the government uses them. One bill, the Personal Data Privacy and Security Act, introduced by Sens. Arlen Specter, R-Pa., and Patrick Leahy, D-Vt., would require the government to establish rules protecting privacy and security when it hires data brokers, and to conduct regular audits of those contracts.
Privacy advocates following the bills say that they're weaker than legislation being pushed through in state legislatures, and that no single congressional bill fully addresses all their concerns. But the legislation has data brokers' attention. Hoofnagle says that lobbying expenditures by private data collectors are up across the industry. And this year, ChoicePoint has hired a number of lobby shops specializing in the executive branch. One hired last month is none other than the Ashcroft Group, founded by former Attorney General John Ashcroft, who oversaw the establishment of the FBI task force in 2002.
Steven Aftergood, who directs the Project on Government Secrecy at the Federation of American Scientists, says, however, that it is always hard to monitor what private contractors do in the intelligence field.
"Using contractors to perform sensitive intelligence or counterintelligence work, whether it's prisoner interrogation in Iraq or data mining in D.C., is always problematic, because their activities are much harder to oversee," Aftergood says. "Unlike government agencies, contractors are not answerable to Congress. And the secrecy of most intelligence work makes them all but impervious to independent oversight. If they broke or bent the law, we might never find out."
Published in National Journal
Labels: Homeland Security, Intelligence, Law, Technology, Terrorism
Full Article
The Forgotten War
Thursday, May 15, 2003
Underequipped. Underfunded. Overshadowed. Life on the front lines of the drug war.
"If you've got anything to say, say it now!" Chris Fertig stammered while being electrocuted.
Fertig, a Coast Guard lieutenant junior grade, had been riding shotgun in a stubby, 22-foot boat with inflatable sides, plowing through rough Caribbean seas at a neck-snapping 35 knots. He and his four-man crew were chasing drug smugglers racing north from Colombia in a cigar-shaped speedboat called a "go-fast." They believed the boat was packed with cocaine. But with their target in sight, the engine on Fertig's vessel broke down, and the boat went dead in the water.
Cast adrift, Fertig had tried to radio his mother ship, the 270-foot Coast Guard cutter Bear, which was coordinating the chase from dozens of miles away. But the wires connecting his headset to the radio had come apart. So, standing ankle deep in seawater, Fertig took the broken wires in his hands and forced them together. Shock waves pulsed through his bones, and his mates heard him yelling through their head sets to speak up.
The crew took turns holding the connection a few seconds at a time and updated the Bear's commanders. The sailors had been only 1.5 nautical miles off the go-fast's tail. A Coast Guard helicopter, launched from the Bear's aft flight deck, had trailed Fertig's boat along the way. If the smugglers failed to stop, the Coast Guard had authority to shoot out the go-fast's engines.
But the helicopter carried no guns. The Coast Guard didn't have enough armed helicopters for all its ships. The only hope was that Fertig, whose crew was armed, could get close to the go-fast in their boat, called an "OTH," because it launches from the Bear and travels "over the horizon" and out of sight.
The OTH had powered at full speed toward the fleeing smugglers. The cacophony of boat engines and helicopter blades was deafening. Crew members hung on for their lives. Whenever the OTH hit a wave, the sailors felt like they had been tossed into a concrete wall. At such times, the human body's instinct is to stiffen like a signpost and fight to stay upright. The crew members' every muscle clenched, diverting energy to the spine and their inner thighs, which were gripped around saddle-like seats so high off the deck the OTH sailors were actually standing through the chase. As the OTH broke through waves, the sailors looked like pegs bolted into the deck.
An OTH has no seat belts or harnesses. A pair of canvas foot stirrups screwed into the deck on either side of the saddle keeps crew members from being ejected. Fertig, not quite tall enough to reach both his straps, held on with one foot, fighting not to be flung into the radar console in front of him. The strain of a chase on the OTH is so great that when it finally returns to the Bear, mechanics must turn a wrench on all the boat's bolts to retighten them.
Fertig's OTH was no match for the go-fast. The smugglers' boat skipped like a stone over the waves, which come close together in the Caribbean and make for a choppy ride. The OTH, with its thick, rubbery skin and ribbed underbelly, has to negotiate each wave carefully. To keep the boat from leaping out of the water, the driver eases back on the throttle when riding up a wave, and increases speed on the way down. When the boat goes airborne - as it often does - it crashes back onto the ocean surface with the force of a gigantic belly flop.
With the salty seawater whipping the sailors' cheeks, their muscles ready to snap and the radio connection failing as darkness fell, the chase became a farce. An OTH crewman carried an M-16 rifle. But even if the engines hadn't failed and the bouncing boat had come within firing range, he couldn't hold his aim for more than a few seconds.
After the OTH crew spotted the Bear on the distant horizon, the men took turns holding the radio wires and were rescued.
Fertig hadn't scored a single go-fast bust in almost two months at sea. He was hungry. He could have attributed the foiled pursuit to bad luck. But Fertig had plenty of stories just like this one. Failing equipment, insufficient resources and hand-tying policies had conspired many times to let go-fasts slip through the Bear's fingers. "We could have had those guys," some crew members would say later, cursing the engines, radios and other defective equipment.
Fertig and his shipmates fight a war they didn't start, one that was declared by President Richard Nixon in 1971, before many of them were born. For nearly three decades, the U.S. government has waged the drug war in the news media, in classrooms, at border crossings and on the high seas.
The Coast Guard stands point on that last front, as the lead federal agency for maritime drug interdiction. Cutters like the Bear are deployed in a 6 million-square-mile area that stretches from the Caribbean Sea to the Gulf of Mexico and the Eastern Pacific Ocean. The Bear sails back and forth across its patrol zone, which stretches across the smuggling routes from Colombia, where the bulk of the U.S. cocaine supply is produced, to drop-off points in Cuba, Haiti, the Dominican Republic and Puerto Rico.
The Bear's motto is: "Greatest strength through versatility." The ship's crew stands by to discharge any of the Coast Guard's myriad duties, which include search and rescue, fisheries enforcement and the evolving task of homeland security. But chasing go-fasts is the biggest rush and the largest source of pride. For every cocaine seizure, the crew paints a single snowflake outside the bridge. The cutter sports seven such insignias and 14 marijuana leaves for pot busts.
Yet the sailors of the Bear are fighting a forgotten war. The drug war has been overshadowed by bigger, more troubling conflicts: war in Iraq, the global campaign against terrorism, and simmering dangers on the Korean peninsula, in Iran and elsewhere. The Coast Guard's sailors fight with too little equipment, much of it antiquated, and can expect few of their circumstances to change.
Fertig's bittersweet run-in with the go-fast, in October 2002, was his last chase before the Bear returned home to Portsmouth, Va., the following month. He recalls the event on a wintry afternoon the following January, as he and his shipmates are finishing a two month "in-port" stint and are preparing to embark on another Caribbean tour.
The Bear's crew rotates between Portsmouth and the open seas, usually in two-month cycles. Fertig, 24, had spent his shore time with his wife, working at home on his own boat and making repairs to the Bear.
OUT TO SEA
While the respite was welcome, as winter envelops the port town, the lure of warm Caribbean seas and the pursuit of go-fasts is irresistible. As the enlisted men stock their berthing areas with the necessities of life at sea - clothes, towels, crackers, peanuts, CDs, magazines - Cmdr. Charley Diaz gathers his officers - half of them under the age of 25 - for a navigational briefing.
Diaz is new to the Bear. He'd been serving as a Coast Guard congressional fellow in Washington when he was offered the command in 2002. Few such billets open each year, so he jumped at the job. At 43, Diaz is nearly old enough to be his officers' father.
Diaz sits at the head of a long table in the wardroom, the officers' all-purpose dining, meeting and recreational quarters. Ensign Aaron Delano-Johnson, a fresh-faced recent Coast Guard Academy grad, stands before maps of Portsmouth harbor taped to the walls. "OK, D.J.," Diaz says. "Tell us how you're going to get us out of here."
D.J. walks the crew through his plan to navigate one of the most treacherous parts of the patrol - the short chug from the pier to open shipping lanes. The journey will take about two hours, and along the way the Bear risks running aground on a shoal, veering off its preset course or colliding with another vessel. This is D.J.'s first time taking the cutter out, so half a dozen senior mariners will watch his every move on the bridge.
As D.J. performs his dress rehearsal, Diaz quizzes him like a schoolmaster. Is he sure his heading is correct? How does he plan to make his first turn? What if the wind changes direction? Diaz places his hand flat on the table, pretending it's the Bear. He slowly pivots it to show D.J. how to nuzzle the bow into the pier and fend off the structure, bringing the stern about and clear of another cutter moored behind them.
"Keep it simple," he admonishes. "Patience is a virtue."
Fertig can't wait to get moving. D.J. finishes the briefing, and as talk turns to drug smugglers, Fertig gets jumpy. An ear-to-ear grin overtakes his face, and he asks the chaplain if he'd say a prayer "that we find some fatty go-fasts." Fertig bounces in his seat and the other officers laugh and nod approvingly.
"Pray for many go-fasts," one officer agrees. "And no migrants."
In mid-winter, Cuban and Haitian refugees take to the sea in dilapidated boats and pray that warm currents will carry them to Florida. Few on the Bear have fond stories about immigrant interdiction. On Christmas Day 2000, the ship picked up more than 160 Haitians heading for Florida. Not knowing what foods and spices might make them sick, the cooks prepared plain red beans and rice. The Haitians told the chef his food was terrible. The ship's doctor let the cooks add a few spices. Then the Haitians accused the chef of trying to poison them. Rescuing immigrants takes the Bear out of the go-fast chase, the sailors say.
AT WAR
For the crew, the drug war is a matter of thrills, not politics. Most of the men on board are the same age as many convicts serving time for drug offenses. But none of them talks about the morality of stopping the drug trade or its consequences. Most of them would rather drive fast boats and visit tropical islands.
Only Diaz speaks idealistically about the drug war. During his Capitol Hill fellowship, he served as drug policy adviser to House Speaker Dennis Hastert, R-Ill. Diaz says his biggest achievement was getting Hastert to publicly link the sale of drugs to the financing of terrorism.
Ten days after the Sept. 11 terrorist attacks, Diaz says he told Hastert that Afghanistan's Taliban rulers, who had given safe harbor to Osama bin Laden and his terrorist training camps, produced more than 70 percent of the world's heroin and collected more than $20 million in annual tax revenue from its export.
Hastert looked at Diaz disbelievingly. Diaz insisted that the information was accurate, that he'd just confirmed it with Asa Hutchinson, then the head of the Drug Enforcement Administration. Minutes later, Hastert stood before a throng of journalists to announce the creation of a new congressional drug task force, saying that the heroin trade supported terrorists.
One go-fast can carry up to 1.5 tons of cocaine - about 1 million individual doses. That's the figure Diaz keeps in mind every time his crew busts a boat. In fiscal 2002, the Coast Guard seized almost 59 tons of the narcotic.
Yet the government has little evidence that it's winning the drug war.
In June, the White House Office of National Drug Control Policy will abandon a $150 million media campaign linking drug sales to terrorism. One of the campaign's primary goals was to reduce drug use among youths. However, recent General Accounting Office and White House studies have concluded that drug usage rates aren't declining. A drug office official blames the Clinton administration for failing to craft a coherent anti-drug campaign in the late 1990s.
Funding is another issue. From fiscal 2002 to fiscal 2003, the federal drug control budget dropped by 2 percent. The Coast Guard received $610 million for drug control in fiscal 2002, and is requesting $669 million for fiscal 2004. But walking the decks of the Bear, it seems clear that not enough anti-drug money is making its way to sea.
OUTMATCHED
The ship's combat command center is the best seat in the house during a go-fast chase, other than a saddle on the OTH. At the peak of a chase, about a dozen sailors gather around radars and satellite telephones, which keep them in touch with command headquarters in Florida. The loudest sound in the room is the hum of the air conditioner, which struggles to keep the quarters cool.
The room's array of blinking radar screens and elaborate maps makes it look like a modern military nerve center. But in reality, the technology the Bear uses to track go-fasts is so antiquated that, outside the Coast Guard, the only place it's likely to be found is in a maritime museum.
The Bear's primary radar system, which shows the position and identity of ships in the patrol zone, only refreshes data a few times an hour. If the Bear is deployed with more sophisticated Navy vessels, as it was during NATO-led operations in the Balkans in 1999, those ships don't receive regular updates on the cutter's position. The crew must verbally relay that information to other ships' commanders, so they won't mistake the Bear for an enemy ship and fire on it.
At times, the Bear is the only Coast Guard cutter in its Caribbean patrol area. The ship sails in small, square-shaped sectors, waiting for Coast Guard intelligence experts to relay tips about smugglers seen leaving Colombia. Navy surveillance airplanes often spot the go-fasts from the air and relay their location to the Coast Guard. But under U.S. law, the military can't participate in the actual interdiction. The Coast Guard has no long-range, sensor-laden planes of its own. "Without [the Navy] . . . we're just never going to find these guys," Diaz says.
At night, the hunt is harder. Before 2003, Coast Guard helicopters, which take off and land from the cutters, weren't even allowed to fly after dark. That policy has changed, and now, pilots wearing night-vision goggles can help sniff out go-fasts. But the work is confounding. "It's like trying to spot a fly on a wall looking through a straw," Diaz says.
Once the Bear's crew learns that a suspected smuggling boat is in the area, the best tool for tracking it down is the simplest: geometry. Mike Moyers, the operations officer, compares calculating the ship's position and the go-fast's likely heading to deer hunting. "He's here," Moyers says, drawing a boat-like shape on a pad of paper. "We're here." He draws a series of lines called "threat vectors," the most likely tacks the go-fast will take. "There are only so many places he can go." Still, Moyers, who hangs a calendar illustrated with big game photographs in his stateroom, would appreciate some modern technology to augment his predator instincts.
When the ship spots its prey, Coast Guard regulations strictly limit the crew's ability to use force, mainly to keep chases from escalating into shootouts. OTH crews or helicopter pilots must make several attempts to communicate with smugglers on go-fasts, by using international hand gestures to indicate they should stop or even holding up signs, before they can shoot at the boats' engines.
Before this year, helicopter crews couldn't fire unless an OTH was present to provide cover in case the smugglers shot back. Coast Guard officials hoped helicopters could intimidate go-fasts into stopping.
But smugglers figured out the Coast Guard policy, and when they saw helicopters with no OTH backup, they often communicated to the pilots with another well-known hand gesture - the extended middle finger. The smugglers have learned many of the Coast Guard's hunting techniques. When they see a Navy plane overhead, they often stop and throw a blue tarp over the boat, making it virtually invisible from the air.
Coast Guard sailors have tried other means to stop the go-fasts, including shooting the smugglers with paint pellets and pummeling them with "malodorous devices" - stink bombs. But the smugglers just adapted. They started wearing hard plastic masks and thick clothing to guard against the projectiles.
The smugglers know their greatest strength is their superior equipment. They drive their nimble go-fasts in tight corkscrew maneuvers around the less agile OTH boats, to confuse and dizzy crews. If two OTH boats are in pursuit, the smugglers use the spiraling dance to try to make them collide.
The Coast Guard has taken steps to even the odds. In addition to letting helicopters engage smugglers at night, now they can take shots without backup from an OTH. Realizing that an OTH can't keep pace with a go-fast, Coast Guard officials plan to make the helicopter crews the primary shooters in the future. The aircraft provide a stable nest for Coast Guard marksmen, and can outrun the fastest boats on the water.
Policies have been easier to change than working conditions. The Bear's officers had no money in the ship's budget to replace the malfunctioning headset that caused Fertig to take matters into his own hands. Moyers finagled a deal for new helmets from a general Coast Guard fund, but only got enough for half the OTH crew. The new helmets cost $1,000 a piece, and, unlike their predecessors, they're waterproof. The helmets Fertig and his crew had been using were designed for Army tank drivers. Saltwater corroded and severed their wires.
In addition to better helmets, the crew wants better boats. OTH engines break down frequently because of the hours-long strain of chases. Far too often, smugglers get away simply because they have better equipment.
When the stars finally align - the Bear finds a go-fast, the OTH catches it, the rules for use of force are met, and nothing breaks - a single bullet can bring the go-fast to a halt. Then, the OTH crewmen storm the boat, guns drawn, and handcuff its crew. The fact that neither side understands each other's language matters little, says Lt. j.g. Chuck Banks, one of the OTH crew. "Everybody speaks 9 millimeter."
OVER THE HORIZON
The raucousness of go-fast chases is belied by day-to-day life on the Bear. At times, the ship feels like a floating summer camp. The sailors pass time lifting weights, watching movies, smoking countless cigarettes or dueling on the Sony PlayStation purchased with money from the ship's morale fund.
Frittering away the hours can keep the crew from thinking about the future, but not for long. Many of the officers will be transferred to new assignments after they return to Portsmouth. A Coast Guard billet only lasts a few years. Some will be reassigned as far away as Alaska.
Fertig wonders if he's had enough go-fast chases for a while. He wants to get an assignment in port and spend more time with his wife. He wants to work on his house and his boat. But it won't be easy to leave the Bear.
D.J., the ensign who drove the ship out of Portsmouth, had planned to request a command position on a 110-foot boat, but now he's decided he wants to be a diver, like his father who served in an Army Special Operations unit. D.J. would dive to repair buoys or as part of a scientific expedition, but the job sounds exciting enough.
His superiors tell him it's a bad career move, that as a Coast Guard Academy graduate he should go for a command billet. But D.J. won't listen. He grew up on a 1,000-acre dairy farm in Oregon, and if things don't work out with the Coast Guard, he could always go back, he says.
Keeping options open might as well be the Coast Guard's new motto these days. In February, the agency officially transferred from the Transportation Department to the new Homeland Security Department. John Philip Sousa marches and a military color guard marked the occasion at a "change of watch" ceremony in Washington.
Yet, on the Bear, it seems the transition will change little more than the letterhead. Few sailors are sure what homeland security really means. After the Sept. 11 attacks, the ship patrolled the waters off Savannah, Ga., and Charleston, S.C. It was monotonous work, and the crew wondered whom, or what, they were supposed to guard against. Coast Guard leaders say the drug war must be widened to encompass the war on terrorism. Go-fasts could easily replace their usual cargo with a weapon of mass destruction, says Rear Adm. Jeffrey Hathaway, the Coast Guard's top counterdrug official.
For now, though, the Bear's role in homeland security remains unclear. And the reality of scarce resources and higher priorities is sinking in.
On the second day of the patrol, some of the officers huddle with Diaz in Moyers' stateroom and discuss whether to test fire the massive 75-mm gun mounted on the ship's bow. They don't want the crew to get rusty, and they want to be sure the gun is in working order. But some officers question whether there's enough ammunition to spare. Most of it has been loaded on ships heading for the Persian Gulf. It's unclear whether a requisition for more will be granted.
Banks speaks up, earnest concern on his face. They have to test the gun, he says plainly. "If it's broken, and we get the homeland security call . . . then we're out of the game." Everyone is silent. The officers look at their shoes, and then look past each other. The elders among them have learned to play things by ear. For the moment, they decide not to decide. They'll worry about firing the gun later.
FULL STEAM
The Coast Guard's senior leaders best understand the agency's untenable circumstances. In 2002, they launched a long-term project called Deepwater to replace the aging fleet and the dilapidated OTH boats and to outfit new and existing vessels with modern technology and equipment. The project is scheduled to last 20 years. In March, at Congress' request, the Coast Guard assessed whether Deepwater could be completed in 10 years and whether truncating the schedules would enhance homeland security. No one was surprised when the agency's leaders said yes.
Accelerating Deepwater would cost an additional $4 billion over the next five years, but it would save $4 billion over the course of the project, the Coast Guard said in its report. "Providing newer assets [ships, aircraft and technology] sooner will reverse adverse trends in deteriorating material . . . dangerous conditions and spiraling maintenance costs," the report said. Coast Guard officials also said the agency could not meet "today's challenges" because of a "lack of a Coast Guard-wide capability to intercept . . . 'go-fast' boats." And they emphasized that cutters don't have "real-time [electronic] connectivity to other units."
But despite the conclusions, congressional appropriators aren't likely to approve a plan to accelerate Deepwater, which is budgeted at $500 million a year for 20 years. If the timeline were shortened, $1.89 billion would have to be pumped into the project for fiscal 2005. From then on, it would receive $1.2 billion a year through fiscal 2010. That's more than one-fifth of the Coast Guard's 2004 budget request.
Fertig and his shipmates aren't holding their breath for improvements on the Bear anytime soon. But Fertig doesn't seem to care. On a cloudy January morning off the coast of Jacksonville, Fla., he just wants to go for a ride.
Barely a week into what may be Fertig's final trip on the Bear, he and his crew climb into the OTH for the first time in months. The skies are menacing. The water is chilly, and it pours onto the deck. The microphones on the headset are shorting out. And Fertig's eyes are brighter than they have been in days. Sliding onto his seat, slipping one foot into the deck strap, he orders his driver to go. With a roar, the boat lurches forward. Fertig is again wearing an ear-to-ear grin, and he says quietly, to no one in particular, "This is what it's all about."
Thursday, May 15, 2003
Underequipped. Underfunded. Overshadowed. Life on the front lines of the drug war.
"If you've got anything to say, say it now!" Chris Fertig stammered while being electrocuted.
Fertig, a Coast Guard lieutenant junior grade, had been riding shotgun in a stubby, 22-foot boat with inflatable sides, plowing through rough Caribbean seas at a neck-snapping 35 knots. He and his four-man crew were chasing drug smugglers racing north from Colombia in a cigar-shaped speedboat called a "go-fast." They believed the boat was packed with cocaine. But with their target in sight, the engine on Fertig's vessel broke down, and the boat went dead in the water.
Cast adrift, Fertig had tried to radio his mother ship, the 270-foot Coast Guard cutter Bear, which was coordinating the chase from dozens of miles away. But the wires connecting his headset to the radio had come apart. So, standing ankle deep in seawater, Fertig took the broken wires in his hands and forced them together. Shock waves pulsed through his bones, and his mates heard him yelling through their head sets to speak up.
The crew took turns holding the connection a few seconds at a time and updated the Bear's commanders. The sailors had been only 1.5 nautical miles off the go-fast's tail. A Coast Guard helicopter, launched from the Bear's aft flight deck, had trailed Fertig's boat along the way. If the smugglers failed to stop, the Coast Guard had authority to shoot out the go-fast's engines.
But the helicopter carried no guns. The Coast Guard didn't have enough armed helicopters for all its ships. The only hope was that Fertig, whose crew was armed, could get close to the go-fast in their boat, called an "OTH," because it launches from the Bear and travels "over the horizon" and out of sight.
The OTH had powered at full speed toward the fleeing smugglers. The cacophony of boat engines and helicopter blades was deafening. Crew members hung on for their lives. Whenever the OTH hit a wave, the sailors felt like they had been tossed into a concrete wall. At such times, the human body's instinct is to stiffen like a signpost and fight to stay upright. The crew members' every muscle clenched, diverting energy to the spine and their inner thighs, which were gripped around saddle-like seats so high off the deck the OTH sailors were actually standing through the chase. As the OTH broke through waves, the sailors looked like pegs bolted into the deck.
An OTH has no seat belts or harnesses. A pair of canvas foot stirrups screwed into the deck on either side of the saddle keeps crew members from being ejected. Fertig, not quite tall enough to reach both his straps, held on with one foot, fighting not to be flung into the radar console in front of him. The strain of a chase on the OTH is so great that when it finally returns to the Bear, mechanics must turn a wrench on all the boat's bolts to retighten them.
Fertig's OTH was no match for the go-fast. The smugglers' boat skipped like a stone over the waves, which come close together in the Caribbean and make for a choppy ride. The OTH, with its thick, rubbery skin and ribbed underbelly, has to negotiate each wave carefully. To keep the boat from leaping out of the water, the driver eases back on the throttle when riding up a wave, and increases speed on the way down. When the boat goes airborne - as it often does - it crashes back onto the ocean surface with the force of a gigantic belly flop.
With the salty seawater whipping the sailors' cheeks, their muscles ready to snap and the radio connection failing as darkness fell, the chase became a farce. An OTH crewman carried an M-16 rifle. But even if the engines hadn't failed and the bouncing boat had come within firing range, he couldn't hold his aim for more than a few seconds.
After the OTH crew spotted the Bear on the distant horizon, the men took turns holding the radio wires and were rescued.
Fertig hadn't scored a single go-fast bust in almost two months at sea. He was hungry. He could have attributed the foiled pursuit to bad luck. But Fertig had plenty of stories just like this one. Failing equipment, insufficient resources and hand-tying policies had conspired many times to let go-fasts slip through the Bear's fingers. "We could have had those guys," some crew members would say later, cursing the engines, radios and other defective equipment.
Fertig and his shipmates fight a war they didn't start, one that was declared by President Richard Nixon in 1971, before many of them were born. For nearly three decades, the U.S. government has waged the drug war in the news media, in classrooms, at border crossings and on the high seas.
The Coast Guard stands point on that last front, as the lead federal agency for maritime drug interdiction. Cutters like the Bear are deployed in a 6 million-square-mile area that stretches from the Caribbean Sea to the Gulf of Mexico and the Eastern Pacific Ocean. The Bear sails back and forth across its patrol zone, which stretches across the smuggling routes from Colombia, where the bulk of the U.S. cocaine supply is produced, to drop-off points in Cuba, Haiti, the Dominican Republic and Puerto Rico.
The Bear's motto is: "Greatest strength through versatility." The ship's crew stands by to discharge any of the Coast Guard's myriad duties, which include search and rescue, fisheries enforcement and the evolving task of homeland security. But chasing go-fasts is the biggest rush and the largest source of pride. For every cocaine seizure, the crew paints a single snowflake outside the bridge. The cutter sports seven such insignias and 14 marijuana leaves for pot busts.
Yet the sailors of the Bear are fighting a forgotten war. The drug war has been overshadowed by bigger, more troubling conflicts: war in Iraq, the global campaign against terrorism, and simmering dangers on the Korean peninsula, in Iran and elsewhere. The Coast Guard's sailors fight with too little equipment, much of it antiquated, and can expect few of their circumstances to change.
Fertig's bittersweet run-in with the go-fast, in October 2002, was his last chase before the Bear returned home to Portsmouth, Va., the following month. He recalls the event on a wintry afternoon the following January, as he and his shipmates are finishing a two month "in-port" stint and are preparing to embark on another Caribbean tour.
The Bear's crew rotates between Portsmouth and the open seas, usually in two-month cycles. Fertig, 24, had spent his shore time with his wife, working at home on his own boat and making repairs to the Bear.
OUT TO SEA
While the respite was welcome, as winter envelops the port town, the lure of warm Caribbean seas and the pursuit of go-fasts is irresistible. As the enlisted men stock their berthing areas with the necessities of life at sea - clothes, towels, crackers, peanuts, CDs, magazines - Cmdr. Charley Diaz gathers his officers - half of them under the age of 25 - for a navigational briefing.
Diaz is new to the Bear. He'd been serving as a Coast Guard congressional fellow in Washington when he was offered the command in 2002. Few such billets open each year, so he jumped at the job. At 43, Diaz is nearly old enough to be his officers' father.
Diaz sits at the head of a long table in the wardroom, the officers' all-purpose dining, meeting and recreational quarters. Ensign Aaron Delano-Johnson, a fresh-faced recent Coast Guard Academy grad, stands before maps of Portsmouth harbor taped to the walls. "OK, D.J.," Diaz says. "Tell us how you're going to get us out of here."
D.J. walks the crew through his plan to navigate one of the most treacherous parts of the patrol - the short chug from the pier to open shipping lanes. The journey will take about two hours, and along the way the Bear risks running aground on a shoal, veering off its preset course or colliding with another vessel. This is D.J.'s first time taking the cutter out, so half a dozen senior mariners will watch his every move on the bridge.
As D.J. performs his dress rehearsal, Diaz quizzes him like a schoolmaster. Is he sure his heading is correct? How does he plan to make his first turn? What if the wind changes direction? Diaz places his hand flat on the table, pretending it's the Bear. He slowly pivots it to show D.J. how to nuzzle the bow into the pier and fend off the structure, bringing the stern about and clear of another cutter moored behind them.
"Keep it simple," he admonishes. "Patience is a virtue."
Fertig can't wait to get moving. D.J. finishes the briefing, and as talk turns to drug smugglers, Fertig gets jumpy. An ear-to-ear grin overtakes his face, and he asks the chaplain if he'd say a prayer "that we find some fatty go-fasts." Fertig bounces in his seat and the other officers laugh and nod approvingly.
"Pray for many go-fasts," one officer agrees. "And no migrants."
In mid-winter, Cuban and Haitian refugees take to the sea in dilapidated boats and pray that warm currents will carry them to Florida. Few on the Bear have fond stories about immigrant interdiction. On Christmas Day 2000, the ship picked up more than 160 Haitians heading for Florida. Not knowing what foods and spices might make them sick, the cooks prepared plain red beans and rice. The Haitians told the chef his food was terrible. The ship's doctor let the cooks add a few spices. Then the Haitians accused the chef of trying to poison them. Rescuing immigrants takes the Bear out of the go-fast chase, the sailors say.
AT WAR
For the crew, the drug war is a matter of thrills, not politics. Most of the men on board are the same age as many convicts serving time for drug offenses. But none of them talks about the morality of stopping the drug trade or its consequences. Most of them would rather drive fast boats and visit tropical islands.
Only Diaz speaks idealistically about the drug war. During his Capitol Hill fellowship, he served as drug policy adviser to House Speaker Dennis Hastert, R-Ill. Diaz says his biggest achievement was getting Hastert to publicly link the sale of drugs to the financing of terrorism.
Ten days after the Sept. 11 terrorist attacks, Diaz says he told Hastert that Afghanistan's Taliban rulers, who had given safe harbor to Osama bin Laden and his terrorist training camps, produced more than 70 percent of the world's heroin and collected more than $20 million in annual tax revenue from its export.
Hastert looked at Diaz disbelievingly. Diaz insisted that the information was accurate, that he'd just confirmed it with Asa Hutchinson, then the head of the Drug Enforcement Administration. Minutes later, Hastert stood before a throng of journalists to announce the creation of a new congressional drug task force, saying that the heroin trade supported terrorists.
One go-fast can carry up to 1.5 tons of cocaine - about 1 million individual doses. That's the figure Diaz keeps in mind every time his crew busts a boat. In fiscal 2002, the Coast Guard seized almost 59 tons of the narcotic.
Yet the government has little evidence that it's winning the drug war.
In June, the White House Office of National Drug Control Policy will abandon a $150 million media campaign linking drug sales to terrorism. One of the campaign's primary goals was to reduce drug use among youths. However, recent General Accounting Office and White House studies have concluded that drug usage rates aren't declining. A drug office official blames the Clinton administration for failing to craft a coherent anti-drug campaign in the late 1990s.
Funding is another issue. From fiscal 2002 to fiscal 2003, the federal drug control budget dropped by 2 percent. The Coast Guard received $610 million for drug control in fiscal 2002, and is requesting $669 million for fiscal 2004. But walking the decks of the Bear, it seems clear that not enough anti-drug money is making its way to sea.
OUTMATCHED
The ship's combat command center is the best seat in the house during a go-fast chase, other than a saddle on the OTH. At the peak of a chase, about a dozen sailors gather around radars and satellite telephones, which keep them in touch with command headquarters in Florida. The loudest sound in the room is the hum of the air conditioner, which struggles to keep the quarters cool.
The room's array of blinking radar screens and elaborate maps makes it look like a modern military nerve center. But in reality, the technology the Bear uses to track go-fasts is so antiquated that, outside the Coast Guard, the only place it's likely to be found is in a maritime museum.
The Bear's primary radar system, which shows the position and identity of ships in the patrol zone, only refreshes data a few times an hour. If the Bear is deployed with more sophisticated Navy vessels, as it was during NATO-led operations in the Balkans in 1999, those ships don't receive regular updates on the cutter's position. The crew must verbally relay that information to other ships' commanders, so they won't mistake the Bear for an enemy ship and fire on it.
At times, the Bear is the only Coast Guard cutter in its Caribbean patrol area. The ship sails in small, square-shaped sectors, waiting for Coast Guard intelligence experts to relay tips about smugglers seen leaving Colombia. Navy surveillance airplanes often spot the go-fasts from the air and relay their location to the Coast Guard. But under U.S. law, the military can't participate in the actual interdiction. The Coast Guard has no long-range, sensor-laden planes of its own. "Without [the Navy] . . . we're just never going to find these guys," Diaz says.
At night, the hunt is harder. Before 2003, Coast Guard helicopters, which take off and land from the cutters, weren't even allowed to fly after dark. That policy has changed, and now, pilots wearing night-vision goggles can help sniff out go-fasts. But the work is confounding. "It's like trying to spot a fly on a wall looking through a straw," Diaz says.
Once the Bear's crew learns that a suspected smuggling boat is in the area, the best tool for tracking it down is the simplest: geometry. Mike Moyers, the operations officer, compares calculating the ship's position and the go-fast's likely heading to deer hunting. "He's here," Moyers says, drawing a boat-like shape on a pad of paper. "We're here." He draws a series of lines called "threat vectors," the most likely tacks the go-fast will take. "There are only so many places he can go." Still, Moyers, who hangs a calendar illustrated with big game photographs in his stateroom, would appreciate some modern technology to augment his predator instincts.
When the ship spots its prey, Coast Guard regulations strictly limit the crew's ability to use force, mainly to keep chases from escalating into shootouts. OTH crews or helicopter pilots must make several attempts to communicate with smugglers on go-fasts, by using international hand gestures to indicate they should stop or even holding up signs, before they can shoot at the boats' engines.
Before this year, helicopter crews couldn't fire unless an OTH was present to provide cover in case the smugglers shot back. Coast Guard officials hoped helicopters could intimidate go-fasts into stopping.
But smugglers figured out the Coast Guard policy, and when they saw helicopters with no OTH backup, they often communicated to the pilots with another well-known hand gesture - the extended middle finger. The smugglers have learned many of the Coast Guard's hunting techniques. When they see a Navy plane overhead, they often stop and throw a blue tarp over the boat, making it virtually invisible from the air.
Coast Guard sailors have tried other means to stop the go-fasts, including shooting the smugglers with paint pellets and pummeling them with "malodorous devices" - stink bombs. But the smugglers just adapted. They started wearing hard plastic masks and thick clothing to guard against the projectiles.
The smugglers know their greatest strength is their superior equipment. They drive their nimble go-fasts in tight corkscrew maneuvers around the less agile OTH boats, to confuse and dizzy crews. If two OTH boats are in pursuit, the smugglers use the spiraling dance to try to make them collide.
The Coast Guard has taken steps to even the odds. In addition to letting helicopters engage smugglers at night, now they can take shots without backup from an OTH. Realizing that an OTH can't keep pace with a go-fast, Coast Guard officials plan to make the helicopter crews the primary shooters in the future. The aircraft provide a stable nest for Coast Guard marksmen, and can outrun the fastest boats on the water.
Policies have been easier to change than working conditions. The Bear's officers had no money in the ship's budget to replace the malfunctioning headset that caused Fertig to take matters into his own hands. Moyers finagled a deal for new helmets from a general Coast Guard fund, but only got enough for half the OTH crew. The new helmets cost $1,000 a piece, and, unlike their predecessors, they're waterproof. The helmets Fertig and his crew had been using were designed for Army tank drivers. Saltwater corroded and severed their wires.
In addition to better helmets, the crew wants better boats. OTH engines break down frequently because of the hours-long strain of chases. Far too often, smugglers get away simply because they have better equipment.
When the stars finally align - the Bear finds a go-fast, the OTH catches it, the rules for use of force are met, and nothing breaks - a single bullet can bring the go-fast to a halt. Then, the OTH crewmen storm the boat, guns drawn, and handcuff its crew. The fact that neither side understands each other's language matters little, says Lt. j.g. Chuck Banks, one of the OTH crew. "Everybody speaks 9 millimeter."
OVER THE HORIZON
The raucousness of go-fast chases is belied by day-to-day life on the Bear. At times, the ship feels like a floating summer camp. The sailors pass time lifting weights, watching movies, smoking countless cigarettes or dueling on the Sony PlayStation purchased with money from the ship's morale fund.
Frittering away the hours can keep the crew from thinking about the future, but not for long. Many of the officers will be transferred to new assignments after they return to Portsmouth. A Coast Guard billet only lasts a few years. Some will be reassigned as far away as Alaska.
Fertig wonders if he's had enough go-fast chases for a while. He wants to get an assignment in port and spend more time with his wife. He wants to work on his house and his boat. But it won't be easy to leave the Bear.
D.J., the ensign who drove the ship out of Portsmouth, had planned to request a command position on a 110-foot boat, but now he's decided he wants to be a diver, like his father who served in an Army Special Operations unit. D.J. would dive to repair buoys or as part of a scientific expedition, but the job sounds exciting enough.
His superiors tell him it's a bad career move, that as a Coast Guard Academy graduate he should go for a command billet. But D.J. won't listen. He grew up on a 1,000-acre dairy farm in Oregon, and if things don't work out with the Coast Guard, he could always go back, he says.
Keeping options open might as well be the Coast Guard's new motto these days. In February, the agency officially transferred from the Transportation Department to the new Homeland Security Department. John Philip Sousa marches and a military color guard marked the occasion at a "change of watch" ceremony in Washington.
Yet, on the Bear, it seems the transition will change little more than the letterhead. Few sailors are sure what homeland security really means. After the Sept. 11 attacks, the ship patrolled the waters off Savannah, Ga., and Charleston, S.C. It was monotonous work, and the crew wondered whom, or what, they were supposed to guard against. Coast Guard leaders say the drug war must be widened to encompass the war on terrorism. Go-fasts could easily replace their usual cargo with a weapon of mass destruction, says Rear Adm. Jeffrey Hathaway, the Coast Guard's top counterdrug official.
For now, though, the Bear's role in homeland security remains unclear. And the reality of scarce resources and higher priorities is sinking in.
On the second day of the patrol, some of the officers huddle with Diaz in Moyers' stateroom and discuss whether to test fire the massive 75-mm gun mounted on the ship's bow. They don't want the crew to get rusty, and they want to be sure the gun is in working order. But some officers question whether there's enough ammunition to spare. Most of it has been loaded on ships heading for the Persian Gulf. It's unclear whether a requisition for more will be granted.
Banks speaks up, earnest concern on his face. They have to test the gun, he says plainly. "If it's broken, and we get the homeland security call . . . then we're out of the game." Everyone is silent. The officers look at their shoes, and then look past each other. The elders among them have learned to play things by ear. For the moment, they decide not to decide. They'll worry about firing the gun later.
FULL STEAM
The Coast Guard's senior leaders best understand the agency's untenable circumstances. In 2002, they launched a long-term project called Deepwater to replace the aging fleet and the dilapidated OTH boats and to outfit new and existing vessels with modern technology and equipment. The project is scheduled to last 20 years. In March, at Congress' request, the Coast Guard assessed whether Deepwater could be completed in 10 years and whether truncating the schedules would enhance homeland security. No one was surprised when the agency's leaders said yes.
Accelerating Deepwater would cost an additional $4 billion over the next five years, but it would save $4 billion over the course of the project, the Coast Guard said in its report. "Providing newer assets [ships, aircraft and technology] sooner will reverse adverse trends in deteriorating material . . . dangerous conditions and spiraling maintenance costs," the report said. Coast Guard officials also said the agency could not meet "today's challenges" because of a "lack of a Coast Guard-wide capability to intercept . . . 'go-fast' boats." And they emphasized that cutters don't have "real-time [electronic] connectivity to other units."
But despite the conclusions, congressional appropriators aren't likely to approve a plan to accelerate Deepwater, which is budgeted at $500 million a year for 20 years. If the timeline were shortened, $1.89 billion would have to be pumped into the project for fiscal 2005. From then on, it would receive $1.2 billion a year through fiscal 2010. That's more than one-fifth of the Coast Guard's 2004 budget request.
Fertig and his shipmates aren't holding their breath for improvements on the Bear anytime soon. But Fertig doesn't seem to care. On a cloudy January morning off the coast of Jacksonville, Fla., he just wants to go for a ride.
Barely a week into what may be Fertig's final trip on the Bear, he and his crew climb into the OTH for the first time in months. The skies are menacing. The water is chilly, and it pours onto the deck. The microphones on the headset are shorting out. And Fertig's eyes are brighter than they have been in days. Sliding onto his seat, slipping one foot into the deck strap, he orders his driver to go. With a roar, the boat lurches forward. Fertig is again wearing an ear-to-ear grin, and he says quietly, to no one in particular, "This is what it's all about."
Labels: Homeland Security, Terrorism
Full Article
The Worm that Turned
Saturday, February 15, 2003
The federal government's fight against one cyber villain changed its response to online attacks.
Wednesday, June 20, 2001
6:30 a.m.
FBI Headquarters,
Washington
After 23 years as a CIA analyst, having briefed the president and his team on every conceivable threat to national security, Bob Gerber was scared. More scared than he'd been in a long time.
Holed up in his cramped, 11th floor office on a stark, colorless hallway at FBI headquarters in Washington, Gerber's stomach turned as he took his first look at a new enemy.
Gerber was a hunter, one of the government's best. These days, he was hunting worms, malicious computer programs let loose into the wild of the Internet by some of computerdom's most brilliant hackers. Two months earlier Gerber, 56, had left his job at the CIA, where he helped write the president's daily intelligence briefing, to head the analysis and warning division at the FBI's National Infrastructure Protection Center. There, he and his crew of more than 60 tracked worms, viruses and other computer evils, as well as the hackers who create them. Both threatened daily to shut down the engines of modern life - electrical power grids, the banking system, water treatment facilities, the World Wide Web.
Worms were the most vicious new beasts to stalk the Internet. But Gerber had never seen a worm quite like the one he confronted that sweltering Wednesday morning in June.
It was named Leaves after "w32.leave. worm," the poisonous file it implanted in unsuspecting computers. Like all worms, Leaves bored through cyberspace, probing Internet connections for holes in personal computers or Web servers. It slithered inside the machines and spewed venomous strings of data that threw its victims into electronic shock.
Leaves was hardly the first worm to infest the Internet. In fact, the pests became so common in 2001, that security cognoscenti dubbed it the "Year of the Worm." Worms wrought all sorts of damage. They forced computers to delete critical files or erase entire programs. They also allowed hackers to steal personal information from computers' memories. Once they infested their victims, worms made clones, then used their hosts as launching pads for more worms, whose numbers grew exponentially.
In 2000, Gerber and his team began battling a new species of even more virulent super worms. Rather than devour computers' innards, these worms hijacked their victims' controls, rendering them powerless zombies. With a gang of zombies at his command, the creator of a superworm could mob a Web site or computer system, flooding it with bogus electronic transmissions until it drowned in the data torrent.
In the spring of 2000, Gerber's colleagues took on a 15-year-old hacker who called himself Mafiaboy. The teenager turned his zombies loose on World Wide Web giants Amazon.com, eBay and Yahoo!, launching what is called a distributed denial of service attack that shut down business at the sites for five hours. It cost shareholders and the companies billions and shocked the Web world.
But compared with the Leaves worm, Mafiaboy's creation was a larva. Gerber's best analysts had worked late into the night trying to make sense of a sample of Leaves captured by worm watchers at the SANS Institute, a computer research center in Bethesda, Md. They let Leaves infect a computer, and then they watched how it behaved. What Gerber saw fascinated and appalled him.
Leaves was a zombie maker on steroids. It searched out computers already wounded by another Internet scourge called a Trojan, which installs back doors in the machines. Leaves used a Trojan called SubSeven as its entrance. Once transformed, the zombies awaited orders. To communicate with them, Leaves' creator ordered his zombies to rendezvous online through Internet Relay Chat channels. He also told them to visit certain Web sites and download encrypted information to receive instructions on what to do next. No one knew who was controlling the zombies, from where or why.
Reading the guest registries of chat rooms, Gerber discovered that an army of 1,000 Leaves zombies already was on the march. Mafiaboy, by contrast, had a few hundred conscripts and sometimes used only a dozen to attack a Web site.
What's more, Leaves contained an electronic gene enabling its creator to control every zombie at once from any Internet connection in the world.
Gerber never had seen a worm so sophisticated or terrifying.
But to exterminate it, Gerber needed more samples to dissect and more time. Pulling out the lines of computer code that told the worm how to behave might help him shut it down. Or, if he could identify the worm maker's ultimate goal, Gerber might be able to head him off.
The FBI group usually worked alone or with a few select federal officials and private sector consultants. But even Gerber's top-flight team was daunted by Leaves. It was time to call in help. Only a public-private posse of America's best hacker trackers could gut this worm.
By pulling such a group together for the first time and then letting it operate largely unsupervised, Gerber created a new model for federal computer crime fighting.
June 29
FBI Strategic Information
and Operations Center,
Washington
Gerber called the most seasoned and cunning code crackers, worm gurus and cyber soldiers from government and industry to meet at FBI headquarters. On a Friday afternoon, 10 days after Leaves was discovered, the posse gathered in the FBI's crisis headquarters, the Strategic Information Operations Center.
It was the most concentrated arsenal of computer crime-fighting talent the government ever had gathered. They came from leading security companies Symantec and Network Associates, the FBI, the White House and the Defense Department.
But there was a hitch. The private experts were uneasy. Could they trust the G-men? Uncle Sam was a bumbling bureaucrat. His security was notoriously lax. Hackers had been penetrating military and intelligence agency computers for years. What could federal officials possibly know about fighting an enemy as elegant as Leaves?
The two sides eyed each other warily as Gerber laid out what he knew. The evidence seemed to show that Leaves' creator was preparing a massive denial of service attack. Everyone would have to work together to stop it. Mistrust would keep them apart. It took Marcus Sachs, a cyber soldier from a Pentagon unit trained to attack foreign networks, to bridge the suspicion gap.
Sachs dazzled the room with his observations and theories about Leaves. With casual command of hacker lingo and the history of worms and their attacks, he demonstrated both the expertise of the government corps and the urgency of defeating this unique and dangerous foe.
The ice melted. Slowly, a simple sheet of paper passed around the room. First one, and then the next, wrote down his name, e-mail address and phone number. The Leaves posse came to life and it readied for a fight.
Days later
Los Angeles
Jimmy Kuo left the meeting to conduct an electronic autopsy.
Kuo, a research fellow at the security firm Network Associates, took samples of the worm home to Los Angeles. Many in the Leaves posse returned home to operate on their own turf, not from a single base in Washington. "In this line of work, it doesn't matter where you are, as long as you have a laptop computer and a phone," Kuo says.
The Leaves code was a jumbled mess. It was encrypted and compressed - data had been squeezed together to save space. Mr. Leaves, as some in the posse had begun calling the worm's creator, knew his creation would be captured. He ensured the worm wouldn't easily give up its secrets. Kuo ripped apart layers of code with powerful programs to reveal the deeper truths Leaves was hiding.
Other members of the posse were ripping Leaves, too, untying its knotted innards. One wrote a program to mimic the Trojan that Leaves used as a back door. The posse laid the trap across the Internet.
Sharing their discoveries by phone and e-mail, the code crackers found eight variants, or mutations, of the worm. Mr. Leaves was tweaking his weapon, finding new ways to deliver it. And he was moving faster than the posse.
While Kuo ripped in Los Angeles, a posse member watched for abnormal Internet traffic from SANS in Bethesda. Still others huddled at the FBI. The group worked smoothly because nobody was in charge, Sachs says. "Egos didn't get in the way of progress." They worked fast, but as days passed, their analysis yielded fewer new results. They learned much about the worm's attributes, but little about its purpose.
Mr. Leaves had directed the zombies to synchronize their clocks with the Naval Observatory clock on the Web. The army was prepared to attack in unison. No doubt, Mr. Leaves soon would begin his onslaught.
Unless someone could find him first.
Early July
FBI headquarters,
National Infrastructure Protection Center
computer investigation unit
FBI Special Agent Michelle Jupina wanted two things: to find Mr. Leaves and to lock him up. The bureau sought Leaves' creator on criminal charges of unlawfully entering a computer. Jupina was at the first posse meeting in June, but she kept a low profile. Assigned to the infrastructure protection center, Jupina, 36, was well-versed in cyber jargon. She understood how hackers thought and maneuvered.
The posse saw Leaves as a marvel of engineering. But to Jupina, the worm and its maker were just garbage to clean up. Short, quiet and hidden under a mane of frosty blonde hair, Jupina didn't seem capable of bursting through a hacker's door and yanking him off his keyboard. She was so unobtrusive that a posse member recalls he didn't even know she was a cop until she got up from her seat one day and "I saw a cannon strapped to her side."
But as the posse ripped Leaves apart, Jupina was a constant eavesdropper, digging for evidence in the pile of Leaves' secrets the posse unearthed. Even as new revelations slowed, Jupina and the agents under her command feverishly followed leads. Steadily, they shut down the Web sites Leaves' zombies used to receive instructions. They planted tracking devices to pick up the hacker's footprints.
Second week of July
FBI Strategic
Information
Operations Center
Weeks passed. The zombies remained quiet.
Gerber had issued a public warning about Leaves on June 23. The private sector posse members had warned their customers. News that Leaves was on the loose circulated through the computer security trade press. But still no attack.
Ripping continued. The zombie army grew. By July, at least 20,000 computers were encamped in chat rooms or patiently waiting for their orders. "That scared the hell out of us," Gerber says.
Mr. Leaves was getting wily. Whenever the team shut down one Leaves chat room the worm automatically created a new one. Mr. Leaves tried new methods, too. On July 9, one of the companies in the posse found an e-mail claiming to be a security bulletin from Microsoft Corp. The bulletin warned of a new virus, and told users to download a file to protect their computers. In the file was Leaves.
The bogus warning was badly written and eerily self-congratulatory:
"Yesterday the Internet has seen one of the first of it's downfalls. A virus has been released. One with the complexity to destroy data like none seen before."
Today, hackers often mask their worms as official security warnings, but this was the first use of the tactic. Like many outlaws, Mr. Leaves inspired a certain grudging admiration within the posse chasing him. "I had a feeling I was dealing with an artisan," Gerber says.
Or possibly a common crook.
Perplexed by the lack of attack, someone in the posse posed a new theory: Perhaps instead of damage, Mr. Leaves sought money.
The posse knew that some companies paid Web surfers to click on advertisements on their sites in order to inflate estimates of the success of the ads. With 20,000 zombies to click for him, Mr. Leaves could make a killing. Some of the sites the zombies visited contained these ads. If the FBI could find an account where Mr. Leaves put the funds, trace it to a physical address and tie it to him, the case might be solved.
Convinced Leaves had to have been created for a denial of service attack, the posse scorned this theory. Pulling off one of the biggest attacks ever was the only glory befitting such a brilliant worm.
But something didn't make sense. Mr. Leaves was taking an awful risk by not attacking. Every time he logged on to communicate with his zombies, the FBI had another chance to trace him. Why expose himself? Why not just preprogram the zombies to act on their own? The scam began to seem more believable.
But before the posse could prove its theory, an attack began. It wasn't the work of Leaves.
On July 17, a new worm appeared - Code Red. It was named after Mountain Dew Code Red soda, the only thing that kept two private sector analysts awake as they tracked it day and night.
Leaves propagated like a rare illness, targeting only victims with weakened immunity. But Code Red spread like smallpox. The worm exploited a ubiquitous hole in one of the most popular brands of Microsoft Web servers. In a few hours, Code Red had eaten into more than 100,000 servers worldwide. The swarm of worms leaping from machine to machine caused an electronic traffic jam, slowing all Internet traffic. In the aftermath of the attack, companies would spend billions of dollars plugging the holes that let Code Red enter.
Able as it was, the posse didn't have the strength to fight both Code Red and Leaves at once. The choice was clear: Code Red took precedence.
The Leaves posse had built a new model for chasing Internet outlaws. They honed it battling Code Red. But fighting the new menace left Leaves on the back burner. All they could do was hope that Leaves was no more than an Internet heist or pray that Jupina and her crew could track down and nab Mr. Leaves before he, too, unleashed his zombie brigades.
For weeks, Jupina and her technicians had laid traps and tracers across the Internet. She wanted the hacker's Internet protocol address, the digits that identify anyone who sends information online. Hackers cover their tracks by erasing those addresses from the servers they use. But Mr. Leaves had slipped.
In a cache of addresses Jupina had pulled off a server in Oklahoma at the end of June, she found one used by Mr. Leaves. It was a hot lead.
But chasing the address could take Jupina around the world. And she could nab Mr. Leaves only if he lived in a country that considered hacking a crime. If he did, the company that provided his Internet service would have to cough up his home address and Jupina would have her man. Luckily, after some tracking, Jupina hit gold: Mr. Leaves' address originated in the United Kingdom, home to some of the toughest computer crime statutes in the world.
Jupina rang the Scotland Yard computer crime unit. Within days they traced the Internet address and attached it to a name and a place. The hacker was a 24-year-old man living in one of the seedier sections of London. Scotland Yard set up a stakeout at his digs.
July 23
FBI headquarters and
South London, England
Back at FBI headquarters, Jupina kept watch on a computer monitoring the Oklahoma Web server. When Mr. Leaves logged on again, Jupina would know. Jupina waited with Scotland Yard's phone number at the ready. Officers in South London sat tight outside the hacker's residence.
Nothing.
And then, there he was.
Jupina watched as the hacker connected to the Oklahoma server. She gave the word to Scotland Yard: Go. The officers arrested the creator of one of the most ingenious worms ever known.
Epilogue
The Leaves posse proved itself during the Code Red attack. Code Red made headline news. The FBI, the White House and security companies launched a coordinated campaign to track it, warn the public and take steps to protect vulnerable systems. Crippling of the White House Web site was narrowly avoided; Pentagon Internet connections were temporarily shut off. Damage was significant - estimates are in the billions of dollars - but it would have been worse had the response not been as fast and well organized. No perpetrator has been identified.
Mr. Leaves caused no major damage before the posse rounded him up. And the same team remains on guard against new worms or other cyber threats. When one appears, the posse comes alive. E-mails fly, home telephones ring as the members swing into action, sharing what they know, tracking, dissecting, devising traps and passing evidence to the FBI.
In November 2002, shortly before leaving the FBI and returning to the CIA, Bob Gerber sat in a new office at FBI headquarters. Next to a bookcase full of hacker treatises, with a can of Mountain Dew Code Red displayed prominently on a shelf, Gerber pondered Mr. Leaves' motive. The FBI never found evidence the hacker had stolen money using the worm. Gerber and Jupina had brought the case all the way to a collar, yet they might never know Mr. Leaves' ultimate goal. "As far as I know, no one ever asked Mr. Leaves why he did what he did," Gerber says.
And no one ever may get the chance. In November 2001, the man who confessed to British authorities that he'd created the Leaves worm received a "formal caution," a legal warning usually reserved for juvenile crimes and minor drug offenses.
The lead officer on the case insists the agency has information about the hacker's motives that the FBI hasn't heard. But Scotland Yard refuses to divulge what it knows. Citing British law, officials refuse even to reveal the hacker's name.
Tens of thousands of computers containing now-dormant Leaves worms await instructions from their master. Should they ever again awaken, a posse will be waiting.
Published in Government Executive
Saturday, February 15, 2003
The federal government's fight against one cyber villain changed its response to online attacks.
Wednesday, June 20, 2001
6:30 a.m.
FBI Headquarters,
Washington
After 23 years as a CIA analyst, having briefed the president and his team on every conceivable threat to national security, Bob Gerber was scared. More scared than he'd been in a long time.
Holed up in his cramped, 11th floor office on a stark, colorless hallway at FBI headquarters in Washington, Gerber's stomach turned as he took his first look at a new enemy.
Gerber was a hunter, one of the government's best. These days, he was hunting worms, malicious computer programs let loose into the wild of the Internet by some of computerdom's most brilliant hackers. Two months earlier Gerber, 56, had left his job at the CIA, where he helped write the president's daily intelligence briefing, to head the analysis and warning division at the FBI's National Infrastructure Protection Center. There, he and his crew of more than 60 tracked worms, viruses and other computer evils, as well as the hackers who create them. Both threatened daily to shut down the engines of modern life - electrical power grids, the banking system, water treatment facilities, the World Wide Web.
Worms were the most vicious new beasts to stalk the Internet. But Gerber had never seen a worm quite like the one he confronted that sweltering Wednesday morning in June.
It was named Leaves after "w32.leave. worm," the poisonous file it implanted in unsuspecting computers. Like all worms, Leaves bored through cyberspace, probing Internet connections for holes in personal computers or Web servers. It slithered inside the machines and spewed venomous strings of data that threw its victims into electronic shock.
Leaves was hardly the first worm to infest the Internet. In fact, the pests became so common in 2001, that security cognoscenti dubbed it the "Year of the Worm." Worms wrought all sorts of damage. They forced computers to delete critical files or erase entire programs. They also allowed hackers to steal personal information from computers' memories. Once they infested their victims, worms made clones, then used their hosts as launching pads for more worms, whose numbers grew exponentially.
In 2000, Gerber and his team began battling a new species of even more virulent super worms. Rather than devour computers' innards, these worms hijacked their victims' controls, rendering them powerless zombies. With a gang of zombies at his command, the creator of a superworm could mob a Web site or computer system, flooding it with bogus electronic transmissions until it drowned in the data torrent.
In the spring of 2000, Gerber's colleagues took on a 15-year-old hacker who called himself Mafiaboy. The teenager turned his zombies loose on World Wide Web giants Amazon.com, eBay and Yahoo!, launching what is called a distributed denial of service attack that shut down business at the sites for five hours. It cost shareholders and the companies billions and shocked the Web world.
But compared with the Leaves worm, Mafiaboy's creation was a larva. Gerber's best analysts had worked late into the night trying to make sense of a sample of Leaves captured by worm watchers at the SANS Institute, a computer research center in Bethesda, Md. They let Leaves infect a computer, and then they watched how it behaved. What Gerber saw fascinated and appalled him.
Leaves was a zombie maker on steroids. It searched out computers already wounded by another Internet scourge called a Trojan, which installs back doors in the machines. Leaves used a Trojan called SubSeven as its entrance. Once transformed, the zombies awaited orders. To communicate with them, Leaves' creator ordered his zombies to rendezvous online through Internet Relay Chat channels. He also told them to visit certain Web sites and download encrypted information to receive instructions on what to do next. No one knew who was controlling the zombies, from where or why.
Reading the guest registries of chat rooms, Gerber discovered that an army of 1,000 Leaves zombies already was on the march. Mafiaboy, by contrast, had a few hundred conscripts and sometimes used only a dozen to attack a Web site.
What's more, Leaves contained an electronic gene enabling its creator to control every zombie at once from any Internet connection in the world.
Gerber never had seen a worm so sophisticated or terrifying.
But to exterminate it, Gerber needed more samples to dissect and more time. Pulling out the lines of computer code that told the worm how to behave might help him shut it down. Or, if he could identify the worm maker's ultimate goal, Gerber might be able to head him off.
The FBI group usually worked alone or with a few select federal officials and private sector consultants. But even Gerber's top-flight team was daunted by Leaves. It was time to call in help. Only a public-private posse of America's best hacker trackers could gut this worm.
By pulling such a group together for the first time and then letting it operate largely unsupervised, Gerber created a new model for federal computer crime fighting.
June 29
FBI Strategic Information
and Operations Center,
Washington
Gerber called the most seasoned and cunning code crackers, worm gurus and cyber soldiers from government and industry to meet at FBI headquarters. On a Friday afternoon, 10 days after Leaves was discovered, the posse gathered in the FBI's crisis headquarters, the Strategic Information Operations Center.
It was the most concentrated arsenal of computer crime-fighting talent the government ever had gathered. They came from leading security companies Symantec and Network Associates, the FBI, the White House and the Defense Department.
But there was a hitch. The private experts were uneasy. Could they trust the G-men? Uncle Sam was a bumbling bureaucrat. His security was notoriously lax. Hackers had been penetrating military and intelligence agency computers for years. What could federal officials possibly know about fighting an enemy as elegant as Leaves?
The two sides eyed each other warily as Gerber laid out what he knew. The evidence seemed to show that Leaves' creator was preparing a massive denial of service attack. Everyone would have to work together to stop it. Mistrust would keep them apart. It took Marcus Sachs, a cyber soldier from a Pentagon unit trained to attack foreign networks, to bridge the suspicion gap.
Sachs dazzled the room with his observations and theories about Leaves. With casual command of hacker lingo and the history of worms and their attacks, he demonstrated both the expertise of the government corps and the urgency of defeating this unique and dangerous foe.
The ice melted. Slowly, a simple sheet of paper passed around the room. First one, and then the next, wrote down his name, e-mail address and phone number. The Leaves posse came to life and it readied for a fight.
Days later
Los Angeles
Jimmy Kuo left the meeting to conduct an electronic autopsy.
Kuo, a research fellow at the security firm Network Associates, took samples of the worm home to Los Angeles. Many in the Leaves posse returned home to operate on their own turf, not from a single base in Washington. "In this line of work, it doesn't matter where you are, as long as you have a laptop computer and a phone," Kuo says.
The Leaves code was a jumbled mess. It was encrypted and compressed - data had been squeezed together to save space. Mr. Leaves, as some in the posse had begun calling the worm's creator, knew his creation would be captured. He ensured the worm wouldn't easily give up its secrets. Kuo ripped apart layers of code with powerful programs to reveal the deeper truths Leaves was hiding.
Other members of the posse were ripping Leaves, too, untying its knotted innards. One wrote a program to mimic the Trojan that Leaves used as a back door. The posse laid the trap across the Internet.
Sharing their discoveries by phone and e-mail, the code crackers found eight variants, or mutations, of the worm. Mr. Leaves was tweaking his weapon, finding new ways to deliver it. And he was moving faster than the posse.
While Kuo ripped in Los Angeles, a posse member watched for abnormal Internet traffic from SANS in Bethesda. Still others huddled at the FBI. The group worked smoothly because nobody was in charge, Sachs says. "Egos didn't get in the way of progress." They worked fast, but as days passed, their analysis yielded fewer new results. They learned much about the worm's attributes, but little about its purpose.
Mr. Leaves had directed the zombies to synchronize their clocks with the Naval Observatory clock on the Web. The army was prepared to attack in unison. No doubt, Mr. Leaves soon would begin his onslaught.
Unless someone could find him first.
Early July
FBI headquarters,
National Infrastructure Protection Center
computer investigation unit
FBI Special Agent Michelle Jupina wanted two things: to find Mr. Leaves and to lock him up. The bureau sought Leaves' creator on criminal charges of unlawfully entering a computer. Jupina was at the first posse meeting in June, but she kept a low profile. Assigned to the infrastructure protection center, Jupina, 36, was well-versed in cyber jargon. She understood how hackers thought and maneuvered.
The posse saw Leaves as a marvel of engineering. But to Jupina, the worm and its maker were just garbage to clean up. Short, quiet and hidden under a mane of frosty blonde hair, Jupina didn't seem capable of bursting through a hacker's door and yanking him off his keyboard. She was so unobtrusive that a posse member recalls he didn't even know she was a cop until she got up from her seat one day and "I saw a cannon strapped to her side."
But as the posse ripped Leaves apart, Jupina was a constant eavesdropper, digging for evidence in the pile of Leaves' secrets the posse unearthed. Even as new revelations slowed, Jupina and the agents under her command feverishly followed leads. Steadily, they shut down the Web sites Leaves' zombies used to receive instructions. They planted tracking devices to pick up the hacker's footprints.
Second week of July
FBI Strategic
Information
Operations Center
Weeks passed. The zombies remained quiet.
Gerber had issued a public warning about Leaves on June 23. The private sector posse members had warned their customers. News that Leaves was on the loose circulated through the computer security trade press. But still no attack.
Ripping continued. The zombie army grew. By July, at least 20,000 computers were encamped in chat rooms or patiently waiting for their orders. "That scared the hell out of us," Gerber says.
Mr. Leaves was getting wily. Whenever the team shut down one Leaves chat room the worm automatically created a new one. Mr. Leaves tried new methods, too. On July 9, one of the companies in the posse found an e-mail claiming to be a security bulletin from Microsoft Corp. The bulletin warned of a new virus, and told users to download a file to protect their computers. In the file was Leaves.
The bogus warning was badly written and eerily self-congratulatory:
"Yesterday the Internet has seen one of the first of it's downfalls. A virus has been released. One with the complexity to destroy data like none seen before."
Today, hackers often mask their worms as official security warnings, but this was the first use of the tactic. Like many outlaws, Mr. Leaves inspired a certain grudging admiration within the posse chasing him. "I had a feeling I was dealing with an artisan," Gerber says.
Or possibly a common crook.
Perplexed by the lack of attack, someone in the posse posed a new theory: Perhaps instead of damage, Mr. Leaves sought money.
The posse knew that some companies paid Web surfers to click on advertisements on their sites in order to inflate estimates of the success of the ads. With 20,000 zombies to click for him, Mr. Leaves could make a killing. Some of the sites the zombies visited contained these ads. If the FBI could find an account where Mr. Leaves put the funds, trace it to a physical address and tie it to him, the case might be solved.
Convinced Leaves had to have been created for a denial of service attack, the posse scorned this theory. Pulling off one of the biggest attacks ever was the only glory befitting such a brilliant worm.
But something didn't make sense. Mr. Leaves was taking an awful risk by not attacking. Every time he logged on to communicate with his zombies, the FBI had another chance to trace him. Why expose himself? Why not just preprogram the zombies to act on their own? The scam began to seem more believable.
But before the posse could prove its theory, an attack began. It wasn't the work of Leaves.
On July 17, a new worm appeared - Code Red. It was named after Mountain Dew Code Red soda, the only thing that kept two private sector analysts awake as they tracked it day and night.
Leaves propagated like a rare illness, targeting only victims with weakened immunity. But Code Red spread like smallpox. The worm exploited a ubiquitous hole in one of the most popular brands of Microsoft Web servers. In a few hours, Code Red had eaten into more than 100,000 servers worldwide. The swarm of worms leaping from machine to machine caused an electronic traffic jam, slowing all Internet traffic. In the aftermath of the attack, companies would spend billions of dollars plugging the holes that let Code Red enter.
Able as it was, the posse didn't have the strength to fight both Code Red and Leaves at once. The choice was clear: Code Red took precedence.
The Leaves posse had built a new model for chasing Internet outlaws. They honed it battling Code Red. But fighting the new menace left Leaves on the back burner. All they could do was hope that Leaves was no more than an Internet heist or pray that Jupina and her crew could track down and nab Mr. Leaves before he, too, unleashed his zombie brigades.
For weeks, Jupina and her technicians had laid traps and tracers across the Internet. She wanted the hacker's Internet protocol address, the digits that identify anyone who sends information online. Hackers cover their tracks by erasing those addresses from the servers they use. But Mr. Leaves had slipped.
In a cache of addresses Jupina had pulled off a server in Oklahoma at the end of June, she found one used by Mr. Leaves. It was a hot lead.
But chasing the address could take Jupina around the world. And she could nab Mr. Leaves only if he lived in a country that considered hacking a crime. If he did, the company that provided his Internet service would have to cough up his home address and Jupina would have her man. Luckily, after some tracking, Jupina hit gold: Mr. Leaves' address originated in the United Kingdom, home to some of the toughest computer crime statutes in the world.
Jupina rang the Scotland Yard computer crime unit. Within days they traced the Internet address and attached it to a name and a place. The hacker was a 24-year-old man living in one of the seedier sections of London. Scotland Yard set up a stakeout at his digs.
July 23
FBI headquarters and
South London, England
Back at FBI headquarters, Jupina kept watch on a computer monitoring the Oklahoma Web server. When Mr. Leaves logged on again, Jupina would know. Jupina waited with Scotland Yard's phone number at the ready. Officers in South London sat tight outside the hacker's residence.
Nothing.
And then, there he was.
Jupina watched as the hacker connected to the Oklahoma server. She gave the word to Scotland Yard: Go. The officers arrested the creator of one of the most ingenious worms ever known.
Epilogue
The Leaves posse proved itself during the Code Red attack. Code Red made headline news. The FBI, the White House and security companies launched a coordinated campaign to track it, warn the public and take steps to protect vulnerable systems. Crippling of the White House Web site was narrowly avoided; Pentagon Internet connections were temporarily shut off. Damage was significant - estimates are in the billions of dollars - but it would have been worse had the response not been as fast and well organized. No perpetrator has been identified.
Mr. Leaves caused no major damage before the posse rounded him up. And the same team remains on guard against new worms or other cyber threats. When one appears, the posse comes alive. E-mails fly, home telephones ring as the members swing into action, sharing what they know, tracking, dissecting, devising traps and passing evidence to the FBI.
In November 2002, shortly before leaving the FBI and returning to the CIA, Bob Gerber sat in a new office at FBI headquarters. Next to a bookcase full of hacker treatises, with a can of Mountain Dew Code Red displayed prominently on a shelf, Gerber pondered Mr. Leaves' motive. The FBI never found evidence the hacker had stolen money using the worm. Gerber and Jupina had brought the case all the way to a collar, yet they might never know Mr. Leaves' ultimate goal. "As far as I know, no one ever asked Mr. Leaves why he did what he did," Gerber says.
And no one ever may get the chance. In November 2001, the man who confessed to British authorities that he'd created the Leaves worm received a "formal caution," a legal warning usually reserved for juvenile crimes and minor drug offenses.
The lead officer on the case insists the agency has information about the hacker's motives that the FBI hasn't heard. But Scotland Yard refuses to divulge what it knows. Citing British law, officials refuse even to reveal the hacker's name.
Tens of thousands of computers containing now-dormant Leaves worms await instructions from their master. Should they ever again awaken, a posse will be waiting.
Published in Government Executive
Labels: Cyber War, Intelligence, Technology, Terrorism
Full Article