September 11 and the Imperative of Reform in the U.S. Intelligence Community
Additional Views of Senator Richard C. Shelby
Vice Chairman, Senate Select Committee on Intelligence
by Richard C. Shelby
Senate Intelligence Committee website
December 10, 2002
“In actual practice, the successful end to the Cold War and the lack of
any national intelligence disasters since then seem to militate in favor of
keeping the existing structure until some crisis proves it to be in dire need
of repair. . . . Thus we are likely to live with a decentralized intelligence
system – and the impulse toward centralization – until a crisis re-aligns
the political and bureaucratic players or compels them to cooperate in new ways.”
— Deputy Chief, CIA History Staff
publication dated 2001 1
Our country’s Intelligence Community was born because of the devastating
surprise attack the United States suffered at Japanese hands at Pearl Harbor
on December 7, 1941. In the wake of that disaster, America’s political
leaders concluded “that the surprise attack could have been blunted if
the various commanders and departments had coordinated their actions and shared
their intelligence.” This was the inspiration behind the National Security
Act of 1947, which “attempted to implement the principles of unity of command
and unity of intelligence.”2
Sixty years later, on September 11, 2001, we suffered another devastating surprise attack, this time by international terrorists bent upon slaughtering Americans in the name of their God. This second attack is the subject of the findings and recommendations of the unprecedented Joint Inquiry conducted by the Senate Select Committee on Intelligence (SSCI) and the House Permanent Select Committee on Intelligence (HPSCI). In this document, I offer my own assessments and suggestions, based upon my four and a half years as Chairman of the SSCI and one and a half years as its Vice Chairman. These additional views are intended to complement and expand upon the findings and recommendations of the Joint Inquiry.
Long before the September 11 attacks, I made no secret of my feelings of disappointment in the U.S. Intelligence Community for its performance in a string of smaller-scale intelligence failures during the last decade. Since September 11 I have similarly hid from no one my belief that the Intelligence Community does not have the decisive and innovative leadership it needs to reform itself and to adapt to the formidable challenges of the 21st Century.
In the following pages, I offer my suggestions about where our Intelligence Community should go from here. These views represent the distilled wisdom of my eight years on the SSCI, of innumerable hearings, briefings, and visits to sensitive sites and facilities, and of thousands of man-hours of diligent work by intelligence oversight professionals on the SSCI staff over several years. Most of all, these Additional Views represent the conclusions I have reached as a result of the work of our Joint Inquiry Staff and the many private and public committee hearings we have had into the intelligence failures that led up to September 11.
I hope that the American public servants who inherit responsibility for these matters during the 108th Congress and the second half of President Bush’s first term will carefully consider my arguments herein. Thousands of Americans have already been killed by the enemy in the war declared against us by international terrorists, and though we have enjoyed some signal successes since our counteroffensive began in late September 2001, our Intelligence Community remains poorly prepared for the range of challenges it will confront in the years ahead.
Too much has happened for us to be able to conclude that the American people and our national security interests can be protected simply by throwing more resources at agencies still fundamentally wedded to the pre-September 11 status quo. I salute the brave and resourceful Americans – both in and out of uniform – who are even at this moment taking the fight to the enemy in locations around the world. These patriots, however, deserve better than our government’s recommitment to the bureaucratic recipes that helped leave us less prepared for this crisis than we should have been.
I hope that the Joint Inquiry’s report – and these Additional Views thereto – will help spur the kind of broad-ranging debate in Congress, within the Administration, and among the American public that our present circumstances deserve. The road to real intelligence reform is littered with the carcasses of forgotten studies and ignored reports. We cannot afford to let the results of this unprecedented Joint Inquiry be forgotten as well. The American people will not forgive us if we fail to make the changes necessary to ensure that they are better protected in the future.
Executive Summary
Community Structure and Organization. With respect to the structure and organization of the U.S. Intelligence Community (IC), the story of counterterrorism (CT) intelligence work before September 11 illustrates not only the unwillingness of the Director of Central Intelligence (DCI) fully to exercise the powers he had to direct resources and attention to CT, but also the institutional weakness of the DCI’s office within the Community. Caught ambiguously between its responsibilities for providing national-level intelligence and providing support to the Department of Defense to which most IC agencies owe their primary allegiance, the Community proved relatively unresponsive to the DCI’s at least partly rhetorical 1998 declaration of “war” against Al-Qa’ida. The fragmented nature of the DCI’s authority has exacerbated the centrifugal tendencies of bureaucratic politics and has helped ensure that the IC responds too slowly and too disjointedly to shifting threats. Ten years after the end of the Cold War, the Community still faces inordinate difficulty responding to evolving national security threats.
To help alleviate these problems, the office of the DCI should be given more management and budgetary authority over IC organs and be separated from the job of the CIA Director, as the Joint Inquiry suggests in urging that we consider reinventing the DCI as the “Director of National Intelligence.” Moreover, the DCI (or DNI, as the case may be) should be compelled actually to use these powers in order to effect real IC coordination and management. An Intelligence Community finally capable of being coherently managed as a Community would be able to reform and improve itself in numerous ways that prove frustratingly elusive today – ultimately providing both its national-level civilian and its military customers with better support. Congress should give serious consideration, in its intelligence reform efforts, to developing an approach loosely analogous to that adopted by the Goldwater-Nichols Act in reforming the military command structure in order to overcome entrenched bureaucratic interests and forge a much more effective “joint” whole out of a motley and disputatious collection of parts.
Most importantly, Congress and the Administration should focus upon ensuring an organizational structure that will not only help the IC respond to current threats but will enable our intelligence bureaucracies to change themselves as threats evolve in the future. We must not only learn the lessons of the past but learn how to keep learning lessons as we change and adapt in the future. To this end, the IC should adopt uniform personnel and administrative standards in order to help ensure that its personnel and organizational units remain unique and valuable individual resources but also become administratively fungible assets, capable of being reorganized and redirected efficiently as circumstances demand. It will also be necessary to break the mindset within the IC that holds that only intelligence professionals actually employed by the traditional collection agencies can engage in collection or analysis of those agencies’ signature types of intelligence. The traditional collection agencies’ expertise in “their” areas should be used to enrich the Community’s pool of intelligence know-how rather than as barriers to entry wielded in defense of bureaucratic and financial “turf.” Instead, the collection agencies should be charged with certifying – but not running or controlling – training curricula within other IC agencies that will produce competent specialists in the relevant fields.
Ultimately, Congress and the Administration re-examine the basic structure of the intelligence provisions of the National Security Act of 1947 in light of the circumstances and challenges our country faces today. Returning to these roots might suggest the need to separate our country’s “central” intelligence analytical functions from the resource-hungry collection responsibilities that make agencies into self-interested bureaucratic “players.”
Information-Sharing. Our Joint Inquiry has highlighted fundamental problems with information-sharing within the IC, depriving analysts of the information access they need in order to draw the inferences and develop the conclusions necessary to inform decision-making. The IC’s abject failure to “connect the dots” before September 11, 2001 illustrates the need to wholly re-think the Community’s approach to these issues.
The CIA’s chronic failure, before September 11, to share with other agencies the names of known Al-Qa’ida terrorists who it knew to be in the country allowed at least two such terrorists the opportunity to live, move, and prepare for the attacks without hindrance from the very federal officials whose job it is to find them. Sadly, the CIA seems to have concluded that the maintenance of its information monopoly was more important that stopping terrorists from entering or operating within the United States. Nor did the FBI fare much better, for even when notified in the so-called “Phoenix Memo” of the danger of Al-Qa’ida flight school training, its agents failed to understand or act upon this information in the broader context of information the FBI already possessed about terrorist efforts to target or use U.S. civil aviation. The CIA watchlisting and FBI Phoenix stories illustrate both the potential of sophisticated information-sharing and good information-empowered analysis and the perils of failing to share information promptly and efficiently between (and within) organizations. They demonstrate the need to ensure that intelligence analysis is conducted on a truly “all-source” basis by experts permitted to access all relevant information – no matter where in the IC it happens to reside.
The IC’s methods of information-sharing before September 11 suffered from profound flaws, and in most respects still do. In order to overcome bureaucratic information-hoarding and empower analysts to do the work our national security requires them to do, we need to take decisive steps to reexamine the fundamental intellectual assumptions that have guided the IC’s approach to managing national security information. As one witness told the Joint Inquiry, we may need “to create a new paradigm wherein ‘ownership’ of information belonged with the analysts and not the collectors.” In addition, the imbalance between analysis and collection makes clear that in addition to being empowered to conduct true “all-source” analysis, our analysts will also need to be supplied with powerful new tools if they are to provide analytical value-added to the huge volumes of information the IC brings in every day. Recent development and initiatives in comprehensive databasing and data-mining suggest that solutions to these challenges may be within our reach. The information-analysis organization within the new Department of Homeland Security als has great potential to contribute to effective CT informationsharing and analyst-empowerment within the U.S. Government – and Congress has given it the legal tools it needs to play this crucial catalytic role. Meanwhile, Congress should take decisive steps to help stem our contemporary culture of endemic “leaking” of national security information to the media, so as better to ensure that our analysts remain better informed about terrorists than the terrorists do about them.
Intelligence-Law Enforcement Coordination. The September 11 story also illustrates the tremendous problems of coordination between U.S. law enforcement and intelligence entities that developed out of a long series of misunderstandings, timorous lawyering, and mistaken assumptions. Congress and the Administration have made progress since September 11 in breaking down some of the mythologies that impeded coordination. Thanks to Congress’ passage of the USA PATRIOT Act of 2001 and the Justice Department’s success in appellate litigation to compel the Foreign Intelligence Surveillance Court to implement these changes, for instance, the legally fallacious “Wall” previously assumed to exist between intelligence and law enforcement work has been breached and years of coordination-impeding Justice Department legal reticence has been overcome.
With luck, we will never again see the kind of decision-making exhibited when the CIA refused to share information with FBI criminal investigators about two known Al-Qa’ida terrorists (and soon-to-be suicide hijackers) in the United States, and when the FBI – only days before the September 11 attacks – deliberately restricted many of its agents from participating in the effort to track down these terrorists on the theory that this was work in which criminal investigators should play no role. Hopefully we will also no longer see the kind of fundamental legal misunderstanding displayed by FBI lawyers in the Moussaoui case, in which investigators in Minneapolis were led on a three-week wild goose chase by a faulty analysis of the Foreign Intelligence Surveillance Act (FISA). It will take sustained Congressional oversight in order to ensure compliance with the information-sharing authorities and mandates of the USA PATRIOT Act, but it is imperative that we ensure that such problems do not recur. To help achieve this, Congress should modify the Act’s “sunset” provisions and should approve legislation proposed by Senators Kyl and Schumer to modify FISA’s “foreign power” standard.
Domestic Intelligence. The story of September 11 is also replete with the FBI’s problems of internal counterterrorism and counterintelligence (CI) coordination, information-sharing, and basic institutional competence. The FBI was unaware of what information it possessed relevant to internal terrorist threats, unwilling to devote serious time, attention, or resources to basic intelligence analytical work, and too organizationally fragmented and technologically impoverished to fix these shortfalls even had it understood them and really wished to do so. These problems persisted, moreover, through a major FBI reorganization ostensibly designed to address these problems, which had been well known for years.
The FBI’s problems in these respects suggests that the Bureau’s organizational and institutional culture is terribly flawed, and indeed that the Bureau – as a law enforcement organization – is fundamentally incapable, in its present form, of providing Americans with the security they require against foreign terrorist and intelligence threats. Modern intelligence work increasingly focuses upon shadowy transnational targets, such as international terrorist organizations, that lack easily-identifiable geographic loci, organizational structures, behavioral patterns, or other information “signatures.” Against such targets, intelligence collection and analysis requires an approach to acquiring, managing, and understanding information quite different from that which prevails in the law enforcement community. The United States already has a domestic intelligence agency in the form of the FBI, but this agency is presently unequal to the challenge, and provides neither first-rate CT and CI competence nor the degree of civil liberty protections that would obtain were domestic intelligence collectors deprived of their badges, guns, and arrest powers and devoted wholly to CI and CT tasks.
This pattern of dysfunction compels us to consider radical reform at the FBI. A very strong argument can be made for removing the CI and CT portfolios from the Bureau, placing them in a stand-alone member of the Intelligence Community that would be responsible for domestic intelligence collection and analysis but would have no law enforcement powers or responsibilities. Alternatively, it might be sufficient to separate the CI and CT functions of the FBI into a semi-autonomous organization that reports to the FBI director for purposes of overall coordination and accountability, but which would in every other respect be wholly separate from the “criminal” components of the FBI. A third approach might be to move the FBI’s CI and CT functions to the new Department of Homeland Security, thereby adding a domestic collection element to that organization’s soon-to-be-created Undersecretariat for Information Analysis and Infrastructure Protection. Some kind of radical reform of the FBI is long overdue, and should be a major item on the “intelligence reform” agenda for the 108th Congress. The Bush Administration and the 108th Congress should make it a high priority to resolve these issues, and to put the domestic components of our Intelligence Community on a footing that will enable them to meet the challenges of the 21st century.
Human Intelligence. The status quo of IC approaches to human intelligence (HUMINT) was tested against the Al-Qa’ida threat and found wanting. The CIA’s Directorate of Operations (DO) has been too reluctant to develop non-traditional HUMINT platforms, and has stuck too much and for too long with the comparatively easy work of operating under diplomatic cover from U.S. embassies. This approach is patently unsuited to HUMINT collection against nontraditional threats such as terrorism or proliferation targets, and the CIA must move emphatically to develop an entirely new collection paradigm involving greater use of non-official cover (NOC) officers. Among other things, this will necessitate greater efforts to hire HUMINT collectors from ethnically and culturally diverse backgrounds, though without a fundamental shift in the CIA’s HUMINT paradigm diversity for diversity’s sake will be of little help. The CIA should also spend more time developing its own sources, and less time relying upon the political munificence of foreign liaison services.
Covert Action. The CIA’s decidedly mixed record of success in offensive operations against Al-Qa’ida before September 11 illustrates the need for the President to convey legal authorities with absolute clarity. If we are not to continue to encourage the kind of risk-averse decisionmaking that inevitably follows from command-level indecision, our intelligence operators risking their lives in the field need to know that their own government will make clear to them what their job is and protect them when they do it. Congress should bear this in mind when conducting its legitimate oversight of covert action programs in the future, even as it struggles to cope with the oversight challenges posed by the potential for the Defense Department to take a greater role in such activities.
Accountability. The story of September 11 is one replete with failures: to share information, to coordinate with other agencies; to understand the law, follow existing rules and procedures, and use available legal authorities in order to accomplish vital goals; to devote or redirect sufficient resources and personnel to counterterrorism work; to communicate priorities clearly and effectively to IC components; to take seriously the crucial work of strategic counterterrorism analysis; and most importantly, to rise above parochial bureaucratic interests in the name of protecting the American people from terrorist attack.
The DCI has declared us to be at “war” against Al-Qa’ida since 1998, and as the President has declared, we have really been so since at least September 11. Some have suggested that this means that we should postpone holding anyone accountable within the Intelligence Community until this war is over and the threat recedes. I respectfully disagree.
The threat we face today is in no danger of subsiding any time soon, and the problems our Intelligence Community faces are not ones wisely left unaddressed any longer. Precisely because we face a grave and ongoing threat, we must begin reforming the Community immediately. Otherwise we will be unable to meet this threat. The metaphor of “war” is instructive, for wise generals do not hesitate to hold their subordinates accountable while the battle still rages, disciplining or cashiering those who fail to do their duty. So also do wise Presidents dispose of their faltering generals under fire. Indeed, failures in wartime are traditionally considered less excusable, and are punished more severely, than failures in times of peace.
Nor should we forget that accountability has two sides. It is also a core responsibility of all good leaders to reward those who perform well, and promote them to positions of ever greater responsibility. In urging the Intelligence Community to hold its employees accountable, the IC must therefore both discipline those who fall down on the job and reward those who have excelled.
For these reasons, it is disappointing to me that despite the Joint Inquiry’s explicit mandate to “lay a basis for assessing the accountability of institutions and officials of government” and despite its extensive findings documenting recurring and widespread Community shortcomings in the months and years leading up to September 11, the Joint Inquiry has not seen fit to identify any of the individuals whose decisions left us so unprepared. I urge President Bush to examine the Joint Inquiry’s findings in order to determine the extent to which he has been well served by his “generals” in the Intelligence Community.
Some have argued that we should avoid this issue of accountability lest we encourage the development of yet more risk-aversion within the Community. I do not believe this is the case. The failings leading up to September 11 were not ones of impetuousness, the punishment for which might indeed discourage the risk-taking inherent in and necessary to good intelligence work. The failures of September 11 were generally ones not of reckless commission but rather of nervous omission. They were failures to take the necessary steps to rise above petty parochial interests and concerns in the service of the common good. These are not failings that will be exacerbated by accountability. Quite the contrary. And, more importantly, it is clear that without real accountability, these many problems will simply remain unaddressed – leaving us needlessly vulnerable in the future.
I advocate no crusade to hold low-level employees accountable for the failures of September 11. There clearly were some individual failings, but for the most part our hard-working and dedicated intelligence professionals did very well, given the limited tools and resources they received and the constricting institutional culture and policy guidance they faced. The IC’s rank-and-file deserve no discredit for resource decisions and for creating these policies.
Ultimately, as the findings of the Joint Inquiry make clear – though they stop short of actually saying so – accountability must begin with those whose job it was to steer the IC and its constituent agencies through these shoals, and to ensure that all of them cooperated to the best of their abilities in protecting our national security. Responsibility must lie with the leaders who took so little action for so long, to address problems so well known. In this context, we must not be afraid publicly to name names. The U.S. Intelligence Community would have been far better prepared for September 11 but for the failure of successive agency leaders to work wholeheartedly to overcome the institutional and cultural obstacles to interagency cooperation and coordination that bedeviled counterterrorism efforts before the attacks: DCIs George Tenet and John Deutch, FBI Director Louis Freeh, and NSA Directors Michael Hayden and Kenneth Minnihan, and NSA Deputy Director Barbara McNamara. These individuals are not responsible for the disaster of September 11, of course, for that infamy belongs to Al-Qa’ida’s 19 suicide hijackers and the terrorist infrastructure that supported them. As the leaders of the United States Intelligence Community, however, these officials failed in significant ways to ensure that this country was as prepared as it could have been.
I. Intelligence Community Structure
A. The DCI’s Problematic “War” of 1998
The Director of Central Intelligence (DCI) testified before Congress in February 2001 that he considered Usama bin Laden and Al-Qa’ida to be the most important national security threat faced by the United States.3 In December 1998, in fact – in the wake of the terrorist bombings of the U.S. embassies in Dar es Salaam, Tanzania, and Nairobi, Kenya – he had proclaimed that “[w]e are at war” with Al-Qa’ida.4 The story of this “war,” however, underlines the problematic nature of the U.S. Intelligence Community’s management structure.
As the Joint Inquiry Staff (JIS) has noted in its presentations to the Committees, “[d]espite the DCI’s declaration of war in 1998, there was no massive shift in budget or reassignment of personnel to counterterrorism until after September 11, 2001.”5 Indeed, the amount of money and other resources devoted to counterterrorism (CT) work after the DCI’s “declaration of war” in 1998 barely changed at all. The budget requests sent to Congress relating to the CIA’s Counterterrorism Center (CTC), for instance, rose only marginally – in the low single-digit percentages each year into Fiscal Year 2001 – and at rates of increase essentially unchanged from their slow growth before the “war.” (These requests, incidentally, were met or exceeded by Congress, even to the point that the CIA ended Fiscal Year 2001 with millions of dollars in counterterrorism money left unspent.6)
In his 1998 “declaration of war,” the DCI had declared to his deputies at the CIA that “I want no resources or people spared in this effort, either inside the CIA or the Community.”7 CIA officials also told the HPSCI on March 4, 1999 – in a written response to questions about the CIA’s proposed budget for Fiscal Year 2000 – that “the Agency as a whole is well positioned” to work against Al-Qa’ida targets, and that they were “confident that funding could be redirected internally, if needed, in a crisis.”8
Shortly thereafter, however, a study conducted within the CTC found that it was unable to carry out more ambitious plans against Al-Qa’da for lack of money and personnel,9 and CIA officials reported being “seriously overwhelmed by the volume of information and workload” before September 11, 2001.10 According to former CTC chief Cofer Black, “before September 11, we did not have enough people, money, or sufficiently flexible rules of engagement.”11 The troops fighting the DCI’s “war,” in short, didn’t have the support they needed. (Even when the DCI requested additional counterterrorism money from Congress, it almost invariably did so in the form of supplemental appropriations requests – thus denying Community managers the ability to prepare long-term plans and programs because these increases were not made a part of the Community’s recurring budgeting process.)
Under the National Security Act of 1947, the DCI has considerable budgetary power over the U.S. Intelligence Community. His consent is needed before agency budget requests can be folded into the National Foreign Intelligence Program (NFIP) budget proposal, and he has authority over reprogramming both money and personnel between agencies.12 Simultaneously serving as Director of the CIA, the DCI also has essentially complete authority over that organization, both with respect to budget requests and day-to-day management. If a DCI were willing actually to use the full range of powers available to him, these statutory levers would give him considerable influence over the Community. One of the great unanswered questions of our September 11 inquiry, therefore, is how the DCI could have considered himself to be “at war” against this country’s most important foreign threat without bothering to use the full range of authorities at his disposal in this fight.
Unfortunately, part of the reason for this failure is the current DCI’s longstanding determination – which he expressed quite frankly to some of us at a SSCI off-site meeting – that he does not really consider himself to be DCI. His principal interest and focus in office, he has told us, revolves around his role as head of the CIA, rather than his role as head of the Community as a whole. (The DCI has also publicly supported the creation of an Undersecretary of Defense for Intelligence [USDI], which seems likely only to reduce his influence over the Defense components of the U.S. Intelligence Community.) Part of the reason may also lie in the merely rhetorical nature of the DCI’s 1998 proclamation: since September 11 the DCI has pointed to his “declaration of war” as a token of his pre-September 11 seriousness of purpose against Al-Qa’ida, but it does not appear to have been circulated or known outside a small circle of intimates before that date. And part of the reason that more was not done may also lie at higher levels of political authority. The nature of the “war” contemplated in 1998 certainly pales in comparison to the use of that term after September 11, and officials have suggested in the press that they undertook, as much as was politically possible at the time.13
That said, there can be no gainsaying that even if the DCI had really meant to “declare war” against Al-Qa’ida in 1998, the fragmented structure of the Intelligence Community and his tenuous authority over its component agencies would have greatly handicapped any effort to conduct an effective counterterrorist campaign from the DCI’s office. His existing budget and reprogramming authorities under Section 104 of the National Security Act, for instance, extends by its terms only to the NFIP budget – and not to the Joint Military Intelligence Program (JMIP) and the Tactical Intelligence and Related Accounts (TIARA) budgets.14 For this reason, no serious plan to reform the U.S. Intelligence Community can ignore the problem of Community management and the weaknesses of the office of the DCI as the Community’s nominal head.
B. Reinvigorating the Office of the DCI?
The most obvious problem with respect to the IC’s ability to act as a coherent and effective whole is the fact that more than 80 percent of its budgets and personnel resources are controlled by the Department of Defense (DOD). The DCI may be the titular head of the Intelligence Community, but the National Security Agency (NSA), National Imagery and Mapping Agency (NIMA), National Reconnaissance Office (NRO), Defense Intelligence Agency (DIA), and military service intelligence arms are all DOD organizations and report first and foremost to the Secretary of Defense. (The heads of NSA and DIA, and the service intelligence agencies are active duty military officers, and the NRO Director is an Undersecretary of the Air Force.) Only the CIA itself – and a comparatively tiny “Community Management Staff” (CMS) – is unambiguously under the authority of the DCI.
The domination of the IC by the Department of Defense is perhaps the most fundamental bureaucratic fact of life for anyone who aspires to manage the Community as a whole. As one organizational history of the CIA has noted, “[t]he DCI never became the manager of the Intelligence Community,” and decisions over the years to “us[e] declining resources first and foremost to support military operations effectively blunted the Congressional emphasis upon centralization by limiting the wherewithal that DCIs and agency heads could devote to national and strategic objectives.”15
Nor is this arrangement entirely accidental. This awkward balance of authority between DCI and the Secretary of Defense reflects an inability finally to decide whether agencies such as NSA and NIMA are “really” national intelligence agencies that should report to the DCI or “combat support agencies” that should report to DOD. The U.S. military, of course, is an enormous – and, in wartime, perhaps the most important – consumer of certain sorts of intelligence product, particularly signals intelligence (SIGINT), photographic and other imagery (IMINT), and mapping products. Without immediate access to such support, our armed forces would have difficulty knowing where they are, where the enemy is, and what the enemy is doing. The reason that the military possesses integral service intelligence arms and cryptologic support components, in fact, is precisely because the imperatives of war planning and operational decision-making do not permit these functions to be entirely separated from the military chain of command. This attitude, however, also exists at the national level: DOD officials insist that organizations such as NSA and NIMA are, above all else, “combat support agencies.” Implicitly, this means that in any unresolvable resource-allocation conflict between the Secretary of Defense and the DCI, the Secretary must prevail.
The difficulty lies in the fact that the DOD components of the Intelligence Community are also vital parts of the national intelligence system, and provide crucial intelligence products to national-level consumers, including the President. To the extent that DOD’s domination of IC resources impedes the Community’s ability to provide adequate national-level support – and to the extent that such high-level bureaucratic stand-offs hamper the IC’s ability to reorient itself against dangerous emerging threats, or to reform itself in response to intelligence failures – we face grave challenges.
These problems have led many to suggest the need finally to empower the DCI to act as the true head of the U.S. Intelligence Community. At one pole, such suggestions have included proposals to give the DCI full budgetary and management authority over all IC components – effectively taking them out of DOD and establishing the DCI as something akin to a cabinet-level “Secretary of Intelligence.” (Former National Security Advisor Brent Scowcroft has allegedly recommended something to this effect, but his report has never been released – supposedly due to Defense Department opposition.) At the other pole, some in Congress have suggested merely ending the “dual-hatted” nature of the DCI’s office by separating the roles of DCI and CIA Director.
In my view, these two poles leave us with a Hobson’s choice between the virtually unworkable and the clearly undesirable. Creating a true DCI would entail removing dozens of billions of dollars of annual budgets from the Defense Department, and depriving it of “ownership” over “its” “combat support organizations.” In contemporary Washington bureaucratic politics, this would be a daunting challenge; DOD and its Congressional allies would make such centralization an uphill battle, to say the least.
Indeed, if anything, the trend in the post-September 11 world is against DCI centralization. DOD has asked for, and Congress has now established, a new Undersecretary of Defense for Intelligence (USDI) to oversee and coordinate DOD’s intelligence components, creating what may well be, in effect, a Pentagon DCI – and one, moreover, likely to have at least as much influence over the agencies in question than the DCI himself. DOD’s Joint Intelligence Task Force for Counterterrorism (JITF-CT) already reproduces at least some of the analytical functions of the CIA’s CTC, DIA analysts already supply all-source analysis across a wide range of functional and regional specialties, and press accounts suggest that the Pentagon is increasingly interested in establishing its own parallel covert action capability using Special Operations Forces (SOF) troops.16 DOD is, in short, creating a parallel universe of intelligence organs increasingly independent of the DCI. Particularly under a DCI who prizes his role as CIA Director above his Community responsibilities, the prospects for DCI centralization are grim indeed.
On the other hand, without more, proposals merely to separate the DCI’s office from that of the CIA Director will likely only make the situation worse. At the moment, one of the few sources of bureaucratic power the DCI enjoys is his “ownership” of what is, in theory at least, the nation’s premier intelligence analysis organization – and its only specialist HUMINT collection agency – the CIA. Heading the CIA gives the DCI at least “a seat at the table” in national-level debates: a DCI without the limited but non-trivial bureaucratic clout of the CIA behind him would find himself even more marginalized and ineffective than the office is today.
My experience with the fragmented and disjointed Community management process have led me to conclude that the best answer is probably to give more management and budgetary authority over IC organs to an effective DCI focused upon issues of IC coordination and management – as the Joint Inquiry has suggested by urging that we consider the creation of a “Director of National Intelligence” with powerful new Community-management authority. Because he will need to use these new powers to arbitrate between and set policies for selfinterested bureaucratic “players” within the Intelligence Community rather than be one of them, this augmented DCI (or DNI, as the case may be) should not simultaneously hold the position of CIA Director.
The “combat support” argument is, in my view, overblown. There is nothing to suggest that organizations like NSA and NIMA would deny crucial support to the Defense Department the moment that they were taken out of the DOD chain of command. Any lingering doubts about the effectiveness of the Pentagon’s “combat support” from intelligence agencies could be allayed by improving the effectiveness and resources devoted to the services’ organic intelligence and cryptologic components. (Civilian directors of NSA and NIMA – appointed with DCI and Secretary of Defense concurrance – could serve as Assistant DCIs for SIGINT and IMINT, respectively, serving alongside an Assistant DCI for Military Intelligence, a high-ranking military officer charged with ensuring that the IC is at all times aware of and responsive to military needs.) Best of all, an Intelligence Community finally capable of being coherently managed as a Community would be able to reform and improve itself in numerous ways that prove frustratingly elusive today – ultimately providing both its national-level civilian and its warfighter customers with better support.
Congress took a remarkable step in reforming the basic structure of the military command system in 1986 with the passage of the Goldwater-Nichols legislation.17 This landmark legislation – which reformed the roles of the Chiefs of Staff and created an entirely new system of regional unified commanders – tilted at what were thought to be bureaucratic windmills and ran into fearsome bureaucratic opposition, but it succeeded brilliantly and helped our armed forces find new strength and coherence in war-winning “joint” operations. The success of the Goldwater- Nichols reforms should be a lesson to Intelligence Community reformers today, for it teaches that it is possible sometimes to overcome entrenched bureaucratic interests and forge a much more effective whole out of a motley and disputatious collection of parts.
Unfortunately, Congress, the Administration, and the American public have yet to engage in much of a debate about these issues. Perhaps nothing can shock us into serious debates about the fundamental structure of our Intelligence Community if the horror of September 11 cannot, but I am hopeful that the SSCI and HPSCI will make these issues a centerpiece of their agenda for the 108th Congress. I urge them strongly to do so.
C. An Agile and Responsive IC
As the 108th Congress takes up these reform challenges, I would like to offer some additional suggestions that I believe would help the IC both meet the challenges it faces today and be prepared for those it may face tomorrow. One of the roots of our problems in coping with threats such as that posed by Al-Qa’ida beginning in the 1990s is that the tools with which we have had to fight transnational terrorism were designed for another era. The U.S. Intelligence Community is hard-wired to fight the Cold War, engineered in order to do a superlative job of attacking the intelligence “targets” presented by a totalitarian superpower rival but nowhere near as agile and responsive to vague, shifting transnational threats as we have needed it to be.
The lesson of September 11, therefore, should be not simply that we need to reform ourselves so as to be able to address the terrorist threat but also that we need an Intelligence Community agile enough to evolve as threats evolve, on a continuing basis. Hard-wiring the IC in order to fight terrorists, I should emphasize, is precisely the wrong answer, because such an approach would surely leave us unprepared for the next major threat, whatever it turns out to be. Our task must be to ensure that whatever we do to “fix” the problems that helped leave us unprepared in the autumn of 2001, we make sure that the Intelligence Community can change, adapt, and move in unanticipated directions in the future. Otherwise the IC will face little but a future punctuated by more intelligence failures, more Congressional inquiries, and more Commissions.
This is perhaps the most powerful argument for strengthening the DCI’s ability to lead the Intelligence Community as a community, insofar as it is notoriously difficult to reorient large bureaucracies under the best of circumstances, and virtually impossible to do so simply by persuasion. But there are additional steps that Congress and the Administration should consider in order to make the IC “quicker on its feet” in anticipating and preparing for – and, where that fails, responding to – future threats.
Well short of putting the entire Community under a “Secretary for Intelligence,” one way to greatly augment the ability of the Intelligence Community to adapt flexibly and effectively to future threats would be to increase the degree of uniformity in its personnel management system. A homogenized payment and benefits structure for the Community would not necessarily require putting the agencies themselves under the DCI’s operational command. It would, however, enable the IC to move personnel and reorganize organizational structures on an ad hoc basis much more effectively in response to future developments.
Achieving such organizational flexibility – and the conceptual flexibility that must accompany it – will be essential if the Community is not simply to replace its dangerous and inflexible Cold War hard-wiring with an equally rigid and unadaptable CT paradigm. This is what might be called the “meta-lesson” of our current round of “lessons learned” studies of intelligence failures: we must not only learn the lessons of the past but learn how to keep learning lessons as we change and adapt in the future. Adopting uniform personnel standards would help the Community ensure that its personnel and organizational units remain unique and valuable individual resources but they would also become administratively fungible assets, capable of being reorganized and redirected efficiently as circumstances demand.
The CIA, to its credit, has experimented in recent years with approaches to organizing “virtual stations” – ad hoc issue-focused organizations mimicking the structure of an overseas Directorate of Operations outpost, but simply existing within CIA Headquarters. In the future, the IC as a whole will need to learn from (and improve upon) this concept, by developing ways to “swarm” personnel and resources from various portions of the Community upon issues of particular importance as circumstances demand. At the same time, the IC will have to be willing to move personnel resources out of programs and organizations that no longer fulfil their missions, or whose targets have been superseded in priority lists by more important threats. We must, in short, be willing to build new structures and raze old ones in a continual process of “creative destruction” not unlike competitive corporate approaches used in the private sector.
Concomitant with this, it will also be necessary to break the artificial definitional monopoly within the IC that holds that only intelligence professionals actually employed by the traditional collection agencies can engage in collection or analysis of those agencies’ signature types of intelligence. We should be open to unconventional HUMINT collection opportunities, for instance, and should not deny non-CIA analysts a chance to provide the analytical “valueadded” that can be obtained by making them more aware than they are today of the origins of their information. And we should reject the self-satisfied assumptions of NSA managers that only NSA personnel can be trusted with analyzing “raw” SIGINT data. (Unfortunately, the Administration seems to be heading in precisely the wrong direction in this respect. If recent reports are to be believed, the President intends to ratify the information-monopolistic status quo by issuing an Executive Order to make Homeland Security intelligence analysts dependent upon the traditional IC collection bureaucracies to tell these analysts what information is relevant.18)
The traditional collection agencies do have valuable expertise in “their” areas, but this expertise should be used to enrich the Community’s pool of intelligence expertise rather than simply as barriers to entry wielded in defense of bureaucratic and financial “turf.” Instead, the collection agencies should be charged with certifying – but not running or controlling – training curricula within other IC agencies that will produce competent specialists in the relevant fields. A SIGINT analyst, for instance, should be properly trained to meet the relevant professional standards (e.g., compliance with USSID 18), but there is no reason why he must receive his paycheck from NSA in order to make important contributions to the Community. Agencies such as CIA and NSA with special expertise in a particular “INT” should become jealous advocates and guardians of high professional standards within the Community as a whole, but they should no longer be permitted to use their expertise to maintain parochial information monopolies.
Fundamentally, Congress and the Administration should be willing, over the coming months, carefully to examine the basic structure of the intelligence provisions of the National Security Act of 1947 in light of the circumstances and challenges our country faces today. At a time in which the State Department and the military services provided the only thing resembling national-level information collection and analytical expertise in the entire U.S. Government, the Act set up a “central” intelligence agency to be an objective source of information and to stand above the bureaucratic political infighting of the day. It was to be what Colonel William (“Wild Bill”) Donovan had called for in October 1946: “a centralized, impartial, independent agency that is qualified to meet the atomic age.”19 In 2002, however, the CIA no longer quite fulfils that function, now existing as one of many bureaucratic fiefdoms within a sprawling – and Defense dominated – Intelligence Community.
One possibility to which Congress and the Administration should give very careful consideration is whether we should return to the conceptual inspiration behind the intelligencerelated provisions of the National Security Act of 1947: the need for a “central” national level knowledge-compiling entity standing above and independent from the disputatious bureaucracies. Returning to these roots might suggest the need to separate our country’s “central” intelligence analytical functions from the resource-hungry collection responsibilities that make agencies into self-interested bureaucratic “players” – that is, to separate human intelligence (HUMINT) collection into a specialized service that would, along with other collection agencies, feed information into a national-level purely analytical organization built around the core of the CIA’s Directorate of Intelligence. (The resulting pure-analysis organization would arguably be the sole institution that could appropriately be run directly by a new Director of National Intelligence, who would serve as the overall head of the IC and as the President’s principal intelligence advisor.) Whether or not we determine that this is the right answer, however – and howsoever we determine that any such agency would interact with a more empowered DCI – our opportunity seriously to consider such changes is now.
II. Information-Sharing
Perhaps the most fundamental problem illustrated by the findings of the Joint Inquiry Staff (JIS) in connection with the intelligence failures leading up to September 11 relates to the problem of persuading U.S. Intelligence Community agencies to share information efficiently and effectively. This problem is inextricably tied up with the longstanding problem of ensuring quality intelligence analysis within the Community, for without access to a broad range of information upon which to draw inferences and base conclusions, even the best individual analysts necessarily find themselves gravely handicapped. There exists a fundamental tension in intelligence work between the need for security and the need for sharing information. Increasing the number of persons having access to a particular item of information inevitably leads to at least some increase in the likelihood of its compromise, either accidentally or deliberately (e.g., in a “leak” to the press or to a foreign power through espionage). Agencies which possess sensitive information, therefore, tend to prefer to restrict others’ access to “their” information. (This is particularly true in an Intelligence Community institutional culture in which knowledge literally is power – in which the bureaucratic importance of an agency depends upon the supposedly “unique” contributions to national security it can make by monopolizing control of “its” data-stream.)
On the other hand, perfectly secure information is perfectly useless information. Since the purpose of intelligence-gathering is to inform decision-making, restricting access inevitably degrades the value of having intelligence collectors in the first place. For good analysis to be possible, expert analysts must be able to perform what is called “all-source intelligence fusion” – drawing upon the available breadth of information in order to tease patterns of “signal” out of the mass of irrelevant and distracting “noise” that comprehensive collection invariably brings in. If good analysis is to form the basis for intelligent policy, moreover, information must be passed along to the policy community in order to inform their actions.
This tension between security and sharing has been part of the fabric of intelligence policy for years, perhaps manifesting itself most clearly in U.S.-British debates during the Second World War over when (or whether) to share high-grade communications intelligence with operational commanders who needed such information in order to win the war against Nazi Germany.20 Today, similar debates continue as it becomes clear that the sort of sophisticated pattern-analysis and semi- or fully-automated “data-mining” capabilities that will be necessary for intelligence analysis to keep up with complex transnational threats such as those presented by Usama bin Laden’s Al-Qa’ida organization are not compatible with traditional notions of inter-Intelligence Community secrecy and restrictions upon access based upon an outsider’s “need to know” as determined by the agency information-holders themselves.
A. The Intelligence Community’s Failure to “Connect the Dots”
Prior to 9/11
The most fundamental problem identified by the JIS is our Intelligence Community’s inability to “connect the dots” available to it before September 11, 2001 about terrorists’ interest in attacking symbolic American targets. Despite a climax of concern during the summer of 2001 about imminent attacks by Al-Qa’ida upon U.S. targets, the Intelligence Community (IC) failed to understand the various bits and pieces of information it possessed – about terrorists’ interest in using aircraft as weapons,21 about their efforts to train pilots at U.S. flight schools,22 about the presence in the U.S. of Al-Qa’ida terrorists Khalid al-Mihdhar and Nawaf al-Hazmi, and about Zacarias’ Moussaoui’s training at a U.S. flight school – as being in some fashion related to each other.
As the JIS concluded, the IC failed to “connect[] these individual warning flags to each other, to the ‘drumbeat’ of threat reporting that had just occurred, or to the urgency of the ‘war’ efforts against Usama bin Laden.”23 Having failed to make that connection, the IC was caught flat-footed when the attack finally came. Accordingly, no effort to “fix” the problems highlighted by September 11 should be taken seriously unless it attempts to address the pervasive problems of information-sharing that afflict our Intelligence Community.
(1) Terrorist Names
One of the serious problems identified by our Joint Inquiry is the pervasive refusal of the CIA, in the months and years before September 11, to share information about suspected terrorists with the very U.S. Government officials whose responsibility it is to keep them out of the United States: the State Department consular officials who issue visas and the INS officials who man immigration posts at every American port of entry.
As the JIS outlined in its testimony before one of our joint SSCI/HPSCI hearings, the so called TIPOFF system provides the basic “watchlist” function by which consular and INS officials check visa applicants or U.S. arrivals against lists of suspected terrorists and other undesirables. With respect to suspected terrorists, the TIPOFF database is populated principally through the submission of names from the CIA. Crucially, however, without CIA input, these officials cannot do their job – and even terrorists known to the CIA will be able freely to acquire visas and be granted entry if the CIA has neglected to share their names with TIPOFF.
Alarmingly, this is apparently precisely what happened for years, because CIA was unwilling to share more than a small fraction of its information about suspected terrorists with State and INS. Based upon clear internal guidance issued on December 11, 1999, the CIA was required to pass to the TIPOFF program the names of all persons it suspected of being terrorists.24 Before September 11, however, the Agency did not consistently do this. Instead, it often provided the names of suspected terrorists to TIPOFF if the CIA already had information indicating that the terrorist planned to travel to the United States.25 Because of the practical impossibility of knowing the personal travel plans, in advance, of every suspected terrorist in the world, this inevitably meant that the CIA withheld hundreds or perhaps thousands of names from the TIPOFF database – names of persons who were thus free to obtain U.S. visas and walk through INS booths without notice. Indeed, even though it signed an explicit Memorandum of Understanding (MOU) in January 2001 with the FBI, NSA, and State Department on watchlist procedures, State Department officials have complained to the JIS that the CIA still did not share many of its terrorism-related Critical Intelligence Report (CIRs) with the TIPOFF program in the months leading up to the September 11 attacks.26
What’s more, the CIA apparently did not take its watchlisting responsibilities very seriously even when it did see fit to pass some names to TIPOFF. According to the JIS, the CIA provided its employees no training in this regard.27 Indeed, one CIA official from the Counterterrorism Center’s special cell devoted to tracking Al-Qa’ida told the JIS that he didn’t feel that his organization needed to worry about whether anyone watchlisted Al-Qa’ida terrorists.28 The CIA, therefore, apparently neither trained nor encouraged its employees to follow its own rules on watchlisting – embodied in the December 1999 guidance – and they clearly did not do so.29
Nor, despite repeated inquiries about watchlisting standards, did the CIA apparently ever disclose the existence of this guidance to the JIS. As the JIS has recounted, “[w]e were told that there was, at the time, no formal system in place at the CTC for watchlisting suspected terrorists.”30 This, however, was not true. As noted above, the CIA’s December 1999 guidance specifically provided watchlisting standards – which were often ignored. By failing to provide this information to the JIS, the CIA thus managed to keep the fact that it violated its own rules out of the formal report of the Joint Inquiry.
The magnitude of the CIA’s watchlisting failures and the potential impact of this information-hoarding upon our country’s preparedness for terrorist attack may be seen in the contrast between the CIA’s pre-September 11 performance in this respect and its performance after the attacks. Within a month after September 11, the CIA provided more than 1,500 CIRs to TIPOFF that had it had previously withheld. The State Department reported a 455 percent increase in the number of names CIA provided during the months after the attacks – with the total provided rising from 1,761 during the three months before September 11 to 4,251 in the three months afterwards.31 But for the shock of September 11, these thousands of potential terrorists would presumably still be free to obtain visas and enter the United States without anyone asking any questions, thanks to the CIA’s apparent belief that only it can be trusted with its information. As it turns out, two of the September 11 hijackers did precisely this.
(2) The al-Mihdhar and al-Hazmi Story
What such watchlisting problems can mean in practice is illustrated by the failures of the CIA and FBI in dealing with Al-Qa’ida-affiliated terrorists Khalid al-Mihdhar and Nawaf al-Hazmi. Their story is ably recounted by in the body of the JIS report, but its highlights are worth repeating here. Al-Mihdhar and al-Hazmi attended a terrorist meeting in Kuala Lumpur, Malaysia, in early January 2000.32 This meeting was known to – and surveiled by – the CIA, which already knew that al-Mihdhar possessed a multiple-entry visa permitting him to travel to the United States. The National Security Agency (NSA) also independently possessed information linking al-Hazmi to Al-Qa’ida. Neither the CIA nor NSA, however, saw fit to provide their names to the TIPOFF database.33 There is apparently some confusion over whether the CIA told the FBI anything about al-Mihdhar and al-Hazmi. CIA e-mail traffic reviewed by the JIS, however, suggests that the CIA did brief the FBI in general terms. The CIA, however, still did not bother to tell the FBI that al-Mihdhar had a multiple-entry visa that would allow him to enter the United States.34
In early March 2000, the CIA learned that al-Hazmi had arrived in Los Angeles on January 15. Despite having just learned of the presence in this country of an Al-Qa’ida terrorist, the CIA told no one about this. The internal cable transmitting this information, in fact, contained the notation: “Action Required: None, FYI.”35 This information came at the height of the U.S. Intelligence Community’s alarm over Al-Qa’ida’s “Millennium Plot,” and al-Hazmi’s arrival had occurred at about the same time the CIA knew that Al-Qa’ida terrorist Ahmed Ressam was also supposed to have arrived in Los Angeles to conduct terrorism operations.36 Still, however, the CIA refused to notify anyone of al-Hazmi’s presence in the country.
By this point, both al-Mihdhar and al-Hazmi – both terrorists known to the CIA – were living in San Diego under their true names. They signed these names on their rental agreement, both used their real names in taking flight school training in May 2000, and al-Mihdhar even used his real name in obtaining a motor vehicle identification card from the State of California.37 In July 2000, al-Hazmi even applied to the INS for an extension of his visa, sending in this application using both his real name and his current address in San Diego (where he would remain until that December).38 INS, of course, had no reason to be concerned, since the CIA had withheld the two terrorists’ names from TIPOFF. Nor did the FBI have any reason to look for them – e.g., by conducting a basic Internet search for their names or by querying its informants in Southern California – since the last it had heard from CIA was that these two terrorists were overseas.
The CIA’s failure to watchlist al-Mihdhar and al-Hazmi became even more alarming and inexplicable in January 2001, when the CIA discovered that the Malaysia meeting had also been attended by a suspect in the USS Cole bombing. This presumably made the two terrorists even more interesting to the CIA – and their known presence in the U.S. even more dangerous, by confirming their linkages to Al-Qa’ida operational cells – but the CIA still did not bother to inform TIPOFF. This failure was particularly damaging because al-Mihdhar was overseas at the time: putting his name on the watchlist would have enabled INS agents to stop him at the border.39
Even when given the opportunity to tell the FBI – in face to face meetings – about the presence of these two terrorists in the United States, the CIA refused. At a meeting in June 2001 with FBI officials from the New York Field Office who were working on the USS Cole case, a CIA official refused to tell them that al-Mihdhar and al-Hazmi had come to the United States.40
Meanwhile, Khalid al-Mihdhar was in Jeddah, Saudi Arabia, and applied for a new U.S. visa in June 2001. The State Department officials who took this application appear to have followed procedures and checked his name against their CLASS database, which incorporates TIPOFF watchlist information. Because CIA continued to refuse to put the name of this Al-Qa’ida terrorist into TIPOFF, however, no CLASS “hits” occurred, and al-Mihdhar was given a visa and returned to the United States unmolested in July.41
The CIA only decided to watchlist al-Hazmi and al-Mihdhar in late August 2001, by which point they were already in the United States and in the final stages of preparing for the September 11 attacks.42 By this point, tragically, it was too late for the FBI – hamstrung by its own investigative regulations – to stop them. Although the FBI scrambled in late August and early September to locate the two terrorists in the United States,43 it denied itself the services of any of its own agents assigned to criminal work and refused even to conduct a basic Internet search that would have revealed al-Hazmi and al-Mihdhar living under their true names in San Diego. (According to testimony from an FBI agent in New York who conducted just such an Internet search after the September 11 attacks, finding al-Mihdhar’s address “within hours.”44) It also denied itself any assistance that could have been obtained from Treasury officials in tracking down al-Mihdhar and al-Hazmi through their credit card or banking transactions. As it turned out, however, on September 11, 2001, the two men boarded American Airlines Flight 77, and helped fly it into the Pentagon.
(3) The “Phoenix Memo”
The affair of the FBI Electronic Communication (EC) sent by the Phoenix field office to FBI Headquarters in order to warn officials about potential dangers from Al-Qa’ida-affiliated individuals training at U.S. flight schools, also illustrates the tremendous difficulty our Intelligence Community has had with sharing information and “connecting the dots” – particularly where the FBI is concerned.
The FBI special agent in Phoenix who sent the EC to headquarters on July 10, 2001, addressed his memorandum to the Usama bin Laden Unit (UBLU) and the Radical Fundamentalist Unit (RFU) within the Bureau’s counterterrorist organization. Headquarters personnel, however, decided that no follow-up was needed, and no managers actually took part in this decision or even saw the memorandum before the September 11 attacks.45 The CIA was made aware of the Phoenix special agent’s concerns about flight schools, but it offered no feedback46 despite the information the CIA possessed about terrorists’ interest in using aircraft as weapons. Nor did the new FBI officials who saw the Phoenix EC at headquarters ever connect these concerns with the body of information already in the FBI’s possession about terrorists’ interest in obtaining training at U.S. flight schools.47 The full contents of the “Phoenix Memo” have yet to be made public, but it is astonishing that so little was made of it, especially since it drew readers’ attention to certain information already in the FBI’s possession suggesting a very specific reason to be alarmed about one particular foreign student at an aviation university in the United States.48
(4) Missed Opportunities
Altogether, the al-Mihdhar/al-Hazmi and “Phoenix EC” stories suggest both the potential of sophisticated information-sharing and good information-empowered analysis and the dangers of failing properly to “connect the dots.” It is impossible to know, of course, whether the September 11 plot could have been disrupted – or at least significantly delayed – had the FBI and CIA acted properly in sharing and understanding information available to them. The evidence, however, suggests a number of pregnant “what ifs”:
If the CIA had been willing to share its information about al-Mihdhar and al-Hazmi
with consular and INS officials through the TIPOFF program, one or both of them
might have been apprehended upon entering or reentering the United States after
their Malaysia meeting.
If the CIA had informed the FBI when it first knew that al-Mihdhar and al-Hazmi
were in the United States – and the FBI had permitted itself to do common-sense
things like use the Internet – these two terrorists might have been located
at their home in San Diego (or in flight school in the area) long before the
September 11 attacks. Surveillance of them might have led the FBI to other hijackers,
or to operational cell leaders, or their deportation might have disrupted the
plot.
If the FBI had been able to “connect the dots” between the Phoenix EC and the body of information already in the FBI’s possession about terrorist interest in U.S. flight schools – and information held by the Intelligence Community about terrorists’ interest in using aircraft as weapons – it might have been better able to investigate Zacarias Moussaoui and obtain information on some of the other September 11 hijackers from information in Mouassaoui’s computer and in his personal effects.
If the FBI had understood the full significance of the Phoenix EC in light of this other information, they might have begun to conduct the follow-up work recommended by the Phoenix special agent. In May 2001, the FBI had already briefly considered opening an investigation upon one of the individuals named in the EC, but this was dropped when it was discovered he was out of the country at the time. Had the Phoenix EC spurred serious follow-up by FBI Headquarters, however, this individual’s name might have been added to the TIPOFF watchlist – leading investigators right to him upon his subsequent return to the United States. Restarting the aborted investigation of this individual would likely also have led the FBI to his radical fundamentalist flight school classmate in Arizona, September 11 hijacker Hani Hanjour.49
The September 11 story, therefore, should be an object lesson in the perils of failing to share information promptly and efficiently between (and within) organizations, and in the need to ensure that intelligence analysis is conducted on a truly “all-source” basis by experts permitted to access all relevant information – no matter where in the Intelligence Community it happens to reside.
B. Pervasive Problems of Information-Sharing
That effective information-sharing and truly all-source analysis should have been such a scarce commodity in counterterrorism work during the months and years leading up to September 11 – years during which the Director of Central Intelligence supposedly believed the U.S. Intelligence Community to be “at war” with Al-Qa’ida and made fighting it his highest priority – is a testament to the recurring problems of agency parochialism and information-hoarding. Even Community-wide attempts to “fix” the problem of information-sharing, such as the DCI’s ongoing development of the computerized Intelligence Community-Wide System for Information Sharing (ICSIS), simply replicate the problem. ICSIS will be built around a series of agency-specific electronic “shared spaces” accessible to users of the system, but populated only with such information as each agency sees fit to permit others to see.50 ICSIS will, in other words, presumably speed access to what agencies are willing to share, but it will do nothing to address broader issues of their unwillingness to permit experts from other intelligence agencies any window upon the data-streams the monopolization of which is the source of each host agency’s bureaucratic power.51
Such information-hoarding thus goes deeper than simply being “policy,” often reaching the level of simple reflex. For instance, the FBI for years monopolized the processing of information obtained from surveillance under the Foreign Intelligence Surveillance Act (FISA) – even though it fell hopelessly behind in processing FISA “raw data” and accumulated vast backlogs of untranslated tapes that were of no use to anyone. Thus also does the NSA insist that only its employees can be trusted with handling “raw” signals intelligence (SIGINT) data under the standards prescribed by U.S. Signals Intelligence Directive (USSID) 18. And the CIA’s Directorate of Operations usually refuses even to let CIA analysts see its own operational cable traffic.
Reading the DCI’s authority to protect intelligence “sources and methods” as barring the disclosure of source information not simply to the public or to U.S. adversaries but also to anyone else in the U.S. Intelligence Community, the CIA has proven unwilling to permit others a window upon the context that source information can occasionally provide. CIA information-hoarding is hardly a problem unique to the al-Mihdhar and al-Hazmi story. The CIA also refused requests by U.S. Navy intelligence officers to turn over highly relevant information about the source of an intelligence warning that might have prompted the Navy to direct the USS Cole away from Yemen in October 2000.
As the Senate and House Intelligence Committees have seen repeatedly, the Intelligence Community shares information poorly and reluctantly, at best. Especially since September 11, Community representatives have assured us on innumerable occasions that their coordination and information-sharing problems have been fixed: it has become their mantra that such cooperation is now “seamless” and “unprecedented.” Even today, however, these sharing arrangements consist principally of the assignment of agency personnel for reciprocal details at counterpart agencies (e.g., FBI personnel at the CIA, and CIA personnel at the FBI). (Nor is the CIA’s CTC much of a “joint” center in the military sense, since the overwhelming majority of its personnel are CIA employees. It was, and remains, a CIA organization.)
Such cross-detailing, as we have long known and as testimony before our Joint Inquiry hearings has made doubly clear, is at best “an imperfect response” to the information-sharing problem.
“The almost unanimous opinion among the detailing agencies is that host
agencies still restrict access to information and limit the databases that can
be queried by detailees from other agencies on grounds of personnel or information
security, and intelligence policies.”52
Such detailees commonly bring special experience and contextual knowledge to their assignments that host-agency personnel may lack, but they are seldom fully trusted by their host agencies and are seldom, if ever, permitted to know as much as “real” agency employees. Moreover, even when detailees are given comparatively good access to host-agency information, they are almost invariably prohibited from passing it back to their home organizations. This, for instance, is the fate of non-FBI officials assigned to the FBI-run Joint Terrorism Tracking Task Forces (JTTFs).53 It is also that of DIA analysts cross-assigned to other IC agencies.54 As Rear Admiral Lowell Jacoby recounted in testimony submitted to the Joint Inquiry, cross-assigned personnel are routinely denied “unfettered and unconditional access to all relevant . . . information” and are often not permitted to transmit to their home agencies what they are permitted to see.55
Today, the “seamless” and “unprecedented” information-sharing within our Intelligence Community remains built around personal contacts and such cross-details. According to FBI Counterterrorism chief Dale Watson, the FBI’s arrangements with the CIA and with other U.S. Government agencies revolve principally around the “exchange of working level personnel and senior managers at the headquarters level.”56 This may represent considerable progress compared with what prevailed before September 11, but it is woefully inadequate to our intelligence needs in the 21st century.
The Future of Information-Sharing
(1) The Imperative of “Deep” Analyst Data-Access
The greatest contributions that intelligence analysis can make against vague, shifting, and inherently ambiguous transnational threats such as international terrorism lie in analysts’ capacity to conduct “all-source fusion” of information – performing the classic task of assembling fragmentary information into actual or inferential “mosaics” and teasing useful “signals” out of the “noise” brought in by our wide-ranging means of intelligence collection. Problems of information-hoarding and dysfunctional sharing methodologies, however, restrict analysts’ ability to apply their talent, training, and experience against intelligence targets in a truly all-source fashion. If they are to be expected to have success against such modern targets in the future, we will need to do a great deal to improve their ability to survey and draw patterns out of the masses of data that exist in discrete and carefully-guarded bundles throughout the Intelligence Community.
Intelligence collectors – whose status and bureaucratic influence depends to no small extent upon the monopolization of “their” information-stream – often fail to recognize the importance of providing analysts with “deep” access to data. The whole point of intelligence analysis against transnational targets is to draw patterns out of a mass of seemingly unrelated information, and it is crucial that the analysis of such patterns not be restricted only to personnel from a single agency. As Acting DIA Director Lowell Jacoby observed in his written testimony before the Joint Inquiry, “information considered irrelevant noise by one set of analysts may provide critical clues or reveal significant relationships when subjected to analytic scrutiny by another.”57
This suggests that the fundamental intellectual assumptions that have guided our Intelligence Community’s approach to managing national security information for half a century may be in some respects crucially flawed, in that it may not be true that information-holders – the traditional arbiters of who can see “their” data – are the entities best placed to determine whether outsiders have any “need to know” data in their possession. Analysts who seek access to information, it turns out, may well be the participants best equipped to determine what their particular expertise and contextual understanding can bring to the analysis of certain types of data.
In this vein, the Military Intelligence Board has explicitly suggested that
deep informationsharing will require a re-examination of traditional concepts
of “need to know” – although, not surprisingly, traditional collection
agencies such as the CIA still contest this conclusion.58 Rear Admiral Jacoby
made the point firmly to our Joint Inquiry, writing that it should be the task
of intelligence reformers to create a new paradigm wherein ‘ownership’
of information belonged with the analysts and not the collectors. In my opinion,
one of the most prolonged and troubling trends in the Intelligence Community
is the degree to which analysts – while being expected to incorporate the
full range of source information into their assessments – have been systematically
separated from the raw material of their trade.”59
Sadly – and dangerously – the result of this systematic separation is that “groundbreaking, innovative, true all-source analysis” has become “the exception, not the rule” in today’s Intelligence Community.60
The imperative of “deep” analyst data-access is intertwined with another dynamic. For some time, our ability to analyze information has been falling increasingly behind the enormous volumes of information collected by our intelligence agencies. This imbalance between analysis and collection has been the subject of numerous SSCI hearings. It has important implications for the future of information-sharing within the Intelligence Community because it suggests that in addition to being empowered to conduct true “all-source” analysis, our analysts will also need to be supplied with powerful new tools if they are to work their analytical magic upon such large information volumes.
As Rear Admiral Jacoby has suggested, the challenge for intelligence reform is thus twofold: we must persuade information-holders to give analysts “deeper” and less conditional access to data than they have ever before enjoyed, and we must equip analysts with the tools needed to “mine” these data-streams for useful information.
“[W]e need to find a way to immediately and emphatically put the ‘all’
back into all-source analysis. . . . If we expect analysts to perform at the
level and speed expected in a counterterrorism mission environment characterized
by pop-up threats, fleeting targets, and heavily veiled communication, they
require immediate, on-demand access to data from all sources and the ability
to mine, manipulate, integrate, and display all relevant information.”61
As noted previously, making information accessible necessarily exists in some tension with keeping it secure – and some balance must always be sought between usability and security. I have come to the conclusion that our Intelligence Community, dominated by traditional collection agencies such as CIA and NSA that enjoy special status precisely because of the monopolization of “their” data-streams (e.g., HUMINT and SIGINT), has drawn this line in ways incompatible with our intelligence needs in the 21st century. I thus believe, with RADM Jacoby, that we must bring about a radical change in the access collection agencies give to all-source analysts, including all-source analysts from outside their own ranks.
Such analyst empowerment must be accomplished in ways that do not leave our secrets unduly vulnerable to compromise. It is thus the challenge of reform not only to persuade recalcitrant information-hoarders into making their databases available to sophisticated analytical exploitation but also to ensure that the resulting information architectures are secure. There is no reason why appropriately cleared analysts should not be trusted with such information: they are no less patriotic, no less committed to protecting national security, and no less professional in their fields than the collection bureaucrats who would presume to deny them access. That said, of course, there is every reason to develop comprehensive security protocols and accountability systems to reduce the risk of espionage or accidental compromise that is to some degree inherent in any expansion of the universe of persons given access.
Fortunately, recent efforts to move forward in empowering analysts to conduct true allsource analysis provide reasons for confidence that a workable solution is possible. As the SSCI’s Technical Advisory Group (TAG) – a nonpartisan group principally composed of expert private sector technologists and managers with the highest possible security clearances – has forcefully recommended, we must move forward into the realm of comprehensive databasing and data-mining now, and the technology we need is either in existence already or well on its way to development. As this technology advances, the TAG has suggested, agency resistance to such developments in the name of “security” is looking increasingly like a mere excuse:
“The technology of multi-level-security databases and computer systems
is highly developed, and all that stands between the present moment and the
operation of such a database in the National interest is political will.”62
(2) Faltering Steps Forward
In efforts to meet the analytical challenge of transnational terrorism, both the Department of Defense (DOD) and the Department of Justice (DOJ) have undertaken new experiments in allsource fusion aimed at the targets. At DOD, the Defense Intelligence Agency set up an organization it calls Joint Intelligence Task Force-Counterterrorism (JITF-CT). Established in the wake of the bombing of the USS Cole by Al-Qa’ida members in October 2000, and augmented by new assignments of personnel and resources after the September 11 attacks, JITF-CT aspires to provide its analysts with deep data access sufficient to permit real all-source fusion. According to RADM Jacoby, DIA’s aim in establishing JITF-CT was to create a “stand-alone limited access data repository accredited to host the entire range of terrorism related information, regardless of source” – including not just “highly compartmented intelligence,” but also “law enforcement information related to ongoing investigations or prosecutions, and security incident reporting sometimes catalogues as criminal, rather than terrorism activity.” JITF-CT seeks to “apply state-of-the-practice technological tools and expertise that enhance opportunities for ‘analytic discovery.’”63
The Attorney General established his own Foreign Terrorist Tracking Task Force (FTTTF) after September 11 in order to help develop “deep”-access data-mining techniques and apply these new methodologies to the formidable challenge of catching terrorists operating within the United States. FTTTF is co-located with the Pentagon’s Joint Counterintelligence Assessment Group (JCAG, a.k.a. the Counterintelligence Field Activity, or CIFA), which provides technical support.64 As with JITF-CT, FTTTF/JCAG aspires to bring about great innovations in analyst access to and data-mining of disparate “all-source” data-streams.
The experience of these innovative analytical cells, however, is simultaneously encouraging and dispiriting. It is encouraging in that it shows a commendable interest in interagency information-sharing on something approaching – or at least aspiring to – a truly all-source basis, and enabled by state-of-the-art analytical tools. Nonetheless, it is also dispiriting in that the available evidence suggests that these organizations are experiencing some notable “pushback” by the traditional information-holders within the Intelligence Community. According to RADM Jacoby, for instance, JITF-CT and DIA are still being denied information by “those intelligence and law enforcement organizations that are the ‘owners’ or ‘arbiters’ of unshared information.”
“This is no small problem” as Jacoby emphasizes, for although the
“un-shared information falls largely into the categories of background
and contextual data, sourcing, seemingly benign activities, and the like . .
. it is within these categories that the critical ‘connecting dot’
may well be found.”65
The CIA has its own “all-source” fusion cell devoted to terrorist targets, in the form of the DCI’s Counterterrorism Center (CTC). The CTC has performed this function for some years, and not without some success. Even CTC has had difficulty penetrating the veil of agency information-hoarding. Although as an operational arm of the CIA staffed principally by Directorate of Operations personnel, the CTC is denied far less information in CIA operational cables than organizations such as JITF-CT, it still encounters information-sharing problems in dealing with other organizations. In particular, timely and effective access to law enforcement information has been a traditional weakness at CTC, and the NSA has refused to permit the Center access to “raw” SIGINT data. Moreover, another weakness of CTC as an analytical fusion cell is precisely its operational focus: CTC plays a vital role in spearheading our country’s campaign to disrupt and dismember terrorist cells overseas, but this necessarily means that it devotes less time to purely analytical work on terrorism than would otherwise be the case. Indeed, not unlike FBI analysts diverted to “operational” support to ongoing investigations (see below), CTC analysts apparently spend a great proportion of their time providing analytical support to CTC’s ongoing operations.
More than a year after September 11, there is still “no single agency or database or computer network that integrates all counter terrorism information nationwide.”66 And there is no center devoted entirely to counterterrorist analysis on a truly all-dource basis. As former Representative Lee Hamilton emphasized in testimony before our Joint Inquiry, this is a significant unmet need within the Intelligence Community.
“We need a center in the government for all intelligence – foreign
and domestic – to come together. There is currently no place in the government
where we put together data from all of our domestic and foreign sources –
the CIA, FBI, Department of Defense, Department of State, NSA, and other agencies.”67
(3) Technological and Bureaucratic Empowerment
(a) “Total Information Awareness”
To help address the need for technological change to support the kind of analyst empowerment that our Intelligence Community needs, Dr. Robert Norris of the National Defense University and RADM Jacoby of DIA argued that the IC should take its cue from the private sector and move toward a common data format standard. Such a standard, they suggested, would allow data-interoperability – as opposed to system interoperability, which is much more challenging and is perhaps unattainable 68 – across the Community, or even across the federal government as a whole. MP>
“Interoperability at the data level is an absolutely necessary attribute
of a transformed intelligence environment because it enables horizontal integration
of information from all sources – not just intelligence – and at all
levels of classification.”69
In this regard, RADM Jacoby suggested that the Community follow the commercial
world in embracing eXtensible Markup Language (XML) was a way to ensure such
data-interoperability.70
Interestingly, an ongoing project by the Information Awareness Office (IAO) of the Defense Advanced Research Projects Agency (DARPA) suggests that while such datainteroperability would be enormously useful, it may not be an absolute prerequisite for meaningful “deep access” data-mining within the Intelligence Community, the U.S. Government, or beyond. The SSCI has been following with great interest IAO’s work on what it calls its “Total Information Awareness” (TIA) project, for this project holds out the prospect of providing the technological tools to achieve radical analyst empowerment vis-á-vis the IC’s entrenched information-holders.
TIA aspires to create the tools that would permit analysts to data-mine an indefinitely expandable universe of databases. These tools would not be database-specific, but would rather be engineered in such a way as to allow databases to be added to the analytical mix as rapidly as interface software could be programmed to recognize the data formats used in each new database and to translate queries and apply specific “business rules” into a form usable therein. Through this system, TIA hopes to enable an analyst to make search requests – either on a name-by-name basis or in order to apply sophisticated pattern-recognition software – to each among a “cloud” of remotely-distributed databases. Each analyst user would possess a complex set of individual “credentials” which would be embedded in each query and “travel” with that query through the database universe. These credentials would include information such as the user’s access permissions and the specific legal and policy authorities under which each query has been conducted; they would tell the system what sorts of responses that user is permitted to get.71 Even when the user did not have authority to see certain types of information, the system would be able to tell the analyst whether any data responsive to his query existed in any particular database, allowing him to submit a request for access to higher authority.72 Information responsive to user queries would then be passed back through the system to an automated data repository, where it would be stored for analytical exploitation.73
The TIA approach thus has much to recommend it as a potential solution to the imperative of deep data-access and analyst empowerment within a 21st-century Intelligence Community. If pursued with care and determination, it has the potential to break down the parochial agency information “stovepipes” and permit nearly pure all-source analysis for the first time – yet without unmanageable security difficulties. If done right, moreover, TIA would be infinitely scalable: expandable to as many databases as our lawyers and policymakers deem to be appropriate.74
TIA promises to be an enormously useful tool that can be applied to whatever data we feel comfortable permitting it to access. How broadly it will ultimately be used is a matter for policymakers to decide if and when the program bears fruit. It is worth emphasizing, however, that TIA would provide unprecedented value-added even if applied exclusively within the current Intelligence Community – as a means of finally providing analysts deep but controlled and accountable access to the databases of collection and analytical agencies alike. It would also be useful if applied to broader U.S. Government information holdings, subject to laws restricting the use of tax return information, census data, and other information. Ultimately, we might choose to permit TIA to work against some of the civilian “transactional space” in commercially-available databases which are already publicly and legally available today to marketers, credit card companies, criminals, and terrorists alike. The point for civil libertarians to remember is that policymakers can choose to restrict TIA’s application however they see fit: it will be applied only against the data-streams that our policymakers and our laws permit.
I mention TIA here at some length because it represents, in my view, precisely the kind of innovative, “out of the box” thinking of which I have long been speaking – and which Americans have a right to expect from their Intelligence Community in the wake of a devastating surprise attack that left 3,000 of their countrymen dead. It is unfortunate that thinking of this sort is most obvious in the Defense Department rather than among Intelligence Community leaders, and more unfortunate still that projects like TIA are likely to encounter significant resistance from the entrenched information-holders at the core of the traditional IC. Nevertheless, projects like this represent a bright spot in the Community’s baleful recent history of counterterrorist informationsharing.
(b) Homeland Security Intelligence Fusion
Another bright spot is the potential for a fresh start that is presented by the new Department of Homeland Security. The Homeland Security bill signed by President Bush on November 25, 2002 contains provisions which I wrote specifically in order to help address these information-sharing problems within the Intelligence Community and between other federal agencies. Specifically, this new law makes it the responsibility of the Undersecretary for Information Analysis and Infrastructure Protection at the Department of Homeland Security to
“establish and utilize . . . a secure communications and information technology
infrastructure, including data-mining and other advanced analytical tools, in
order to access, receive, and analyze data and information in furtherance of
the responsibilities under this section . . . .”75
This language is complemented by the strong information-access provisions I also wrote into the bill. These provisions provide appropriately-cleared Homeland Security analysts with authority affirmatively to access (i.e., not simply to be given):
“all information, including reports, assessments, analyses, and unevaluated
intelligence related to threats of terrorism against the United States . . .
that may be collected, possessed, or prepared by any agency of the Federal Government.”76
Read together, as they were intended to be, these provisions provide statutory authorization for a radical new approach to counterterrorist information-sharing in which analysts are for the first time given the ability to conduct real “all-source” analysis and to “connect the dots” in order to protect our nation from terrorists.
It was my hope with this legislation to begin to move our Intelligence Community, to paraphrase former DIA Director Thomas Wilson, beyond the realm of information “sharing” entirely, inasmuch as “sharing” connotes information ownership by the party that decides to share it, an idea that is antithetical to truly empowering analysts to connect all the right “dots.”77
My views on this subject have been powerfully reinforced by the findings of the Joint Inquiry, which has recommended that Congress work diligently to ensure the success of the Homeland Security information analysis office – including ensuring that it gets “full and timely access to all counterterrorism-related intelligence information,” including all the “‘raw’ supporting data” it needs. While it certainly remains in President Bush’s power to stop his new Homeland Security organization short of leading the way toward this new paradigm, it is my hope – and it was the inspiration behind my contributions to Title II of the Homeland Security bill and the recommendations of the Joint Inquiry – that he will use this historic opportunity to bring the U.S. Intelligence Community into the 21st century. I dearly hope that, recent press reports to the contrary,78 the Administration will not squander the opportunity to make true all-source fusion finally work to protect Americans from terrorism.
(4) The Other Side of the Coin: Protecting National Security Information
In the context of information sharing, a quick word should also be said about the need to protect national security information from unauthorized disclosure. Those of us with regular access to highly classified information cannot help but be appalled by the frequency with which the publication within the Intelligence Community of enormously sensitive reports is quickly followed by sensationalistic press accounts of that very same information. The President, the Secretary of Defense, and other officials have all stated emphatically the dangers posed by the endemic culture of media “leaks” in modern Washington. As Attorney General Ashcroft has noted, “there is no doubt and ample evidence that unauthorized disclosures of classified information cause enormous and irreparable harm to the nation’s diplomatic, military, and intelligence capabilities.”79 As we have learned during the course of this Joint Inquiry, our Intelligence Community’s ability personally to track Usama bin Laden himself was lost in 1998 on account of a senior official’s boasting to the media about a certain type of collection capability. We simply cannot hope to fight the war on terrorism with sustained success if we continue to see our intelligence activities and capabilities featured in the press as part of what Senator Pat Roberts has described as “the leak of the week.”
Unfortunately, however, our current laws against disclosing classified information are far too weak, and investigations of leaks usually far too difficult, for prosecutors to have had any success in pursuing them. Indeed, in the last half-century, I am aware of only one non-espionage case in which someone was prosecuted for an unauthorized disclosure. The SSCI and HPSCI tried to address this issue in 2000 by placing a section in our Fiscal Year 2001 intelligence authorization bill that would have made it a felony for someone with authorized access to classified information knowingly to disclose it to someone not authorized to receive it.80 President Clinton, however, vetoed the bill.
Now that the war on terrorism has refocused us upon the potentially appalling consequences of our culture of leaks, the 108th Congress should take up and enact this legislation anew – and President Bush should sign it. Such anti-leaks legislation will become more important than ever as we move into the 21st century world of true “all-source” fusion and automated datamining within the Intelligence Community. We should also bear continually in mind the admonition contained in the Joint Inquiry’s recommendation to consider the degree to which “excessive classification” has impeded the IC’s ability to handle the information-management responsibilities we ask of it. We must both punish leaks of information and ensure that the only information subject to classification is that which truly needs to be.
III. Intelligence-Law Enforcement Coordination
Another of the discouraging lessons of September 11 is the extent to which the United States’ law enforcement agencies (LEAs) and its Intelligence Community (IC) still have not managed to work effectively with each other. Progress has been made in this regard since the terrorist attacks, thanks in large part to Congress’ prompt passage of the USA PATRIOT Act of 2001 (Public Law 107-56). This remains an area, however, in which much improvement is needed – as well as sustained Congressional oversight to ensure that these agencies really do make cooperation part of their institutional culture over the long run.
A. FISA and Its Discontents
Much of the blame for the dysfunctional nature of pre-September 11 LEA/IC coordination can be traced to a series of misconceptions and mythologies that grew up in connection with the implementation of domestic intelligence surveillance (and physical searches) under the Foreign Intelligence Surveillance Act (FISA).81 Rigid and restrictive readings of FISA in the early and mid-1990s acquired with time the apparent legitimacy of long-presumed acceptance, and created a sterile and ultimately fallacious conventional wisdom that effectively – but unnecessarily – prevented meaningful LEA/IC coordination.
(1) Development of the “No Coordination” Myth
Much of the pre-September 11 problems with FISA can be traced to confusions associated with participants’ understandings of the so-called “purpose test” embodied in the statute. Under FISA as it existed before 2001, a surveillance or search order could only be obtained if, among other things, the government was able to certify – and a federal judge on the FISA court agreed – that “the purpose” of the undertaking was to collect foreign intelligence information.
Taking their cue from non-FISA caselaw setting forth the constitutional rules for warrantless intelligence surveillance, most courts interpreting FISA – and essentially all intra-Executive Branch officials who dealt with these matters – read FISA’s “the purpose” language as imposing the requirement that the “primary” purpose of the requested surveillance or search be the collection of foreign intelligence. Warrantless surveillance cases such as Truong82 arising out of activities undertaken before the passage of the FISA statute, had helped create what became known as the “primary purpose” test. Technically, the seminal “primary purpose” cases did not apply to surveillance conducted under FISA, a statute enacted by Congress in order to establish a special, court-overseen system of domestic intelligence surveillance and thus to replace the pre- FISA constitutional standard with a specified statutory one. Nevertheless, it did not take long for courts and commentators alike to interpret FISA as incorporating the pre-FISA “primary purpose” test.
As the FISA Court of Review ably explained in a recent landmark decision (and the first case ever heard by that appellate body established by the FISA statute in 1978), FISA itself imposes few, if any, restrictions upon intelligence/law enforcement coordination. Indeed, according to the Court of Review, the very idea that there exists a “dichotomy” between “criminal” and “intelligence” purposes was merely an unwarranted assumption that subsequent participants in the FISA process imagined into the law.83 Nevertheless, in short order it had become the conventional wisdom of U.S. intelligence oversight law that FISA incorporated the “primary purpose” test – and thus that there must at some point be a limit to the permissible degree of “criminal investigative” involvement in electronic surveillance or physical searches84 under FISA.
More importantly – and, as it turns out, far more perniciously – this half-imagined “purpose test” itself came to be interpreted extremely rigidly, in ways that in time came to be seen effectively to preclude any meaningful coordination between criminal investigators and intelligence personnel even in terrorism and espionage cases. As first discussed publicly in connection with a report on the Wen-Ho Lee affairs by the Chairman of the Senate Governmental Affairs Committee in 1999,85 and as subsequently detailed both in a General Accounting Office (GAO) study86 and the declassified findings of a special Justice Department review – the Attorney General’s Review Team (AGRT) headed by Assistant U.S. Attorney Randy Bellows, which produced the so-called “Bellows Report”87 – DOJ attorneys adopted a hyper-restrictive, and legally unnecessary, approach to FISA applications. This approach, as was apparently intended, maximized the likelihood of FISA order requests being approved by the Foreign Intelligence Surveillance Court (FISC) and certainly minimized FISA “intrusions” upon American privacy.88 It came at the cost, however, of prohibiting a great deal of useful and quite lawful informationsharing and coordination between intelligence and criminal investigators.
As best I have been able to piece these things together today – and in its recent decision on these matters, the FISA Court of Review (COR) disclaimed any real certainty about when these problems first arose89 – the most damaging manifestations of this phenomenon came about after 1995, in the wake of the espionage prosecution of senior CIA officer (and Soviet mole) Aldrich Ames. Criminal and intelligence investigators in that case allegedly cooperated closely, so closely that lawyers within Attorney General Janet Reno’s Justice Department apparently became convinced that they might “lose” the Ames case if defense counsel asked the trial judge to suppress evidence obtained by intelligence surveillance on the grounds that this collection had “really” been for criminal purposes.
As it turned out, Ames’ guilty plea brought the case to a conclusion before this issue could be joined. Unsettled by the episode, Clinton Administration lawyers apparently concluded that they would in the future essentially prohibit coordination between criminal and intelligence investigators. The Attorney General issued special guidelines in July 1995 setting forth standards for information-sharing and coordination between FBI agents working on FISA cases or other intelligence investigations and attorneys in DOJ’s Criminal Division. These guidelines did permit some cooperation, specifying standards for when the Criminal Division was to be notified of information.90
As detailed by GAO, however, these guidelines were never really enforced within DOJ. With these guidelines standing, in effect, in abeyance, DOJ attorneys – especially those within the Office of Intelligence Policy and Review (OIPR), which serves as the Department’s “gatekeeper” on FISA matters – were free to interpret FISA as banning essentially any contact between FISA investigators and the Criminal Division. As GAO and a special internal DOJ report have recounted, coordination on intelligence cases dropped off significantly after the guidelines were issued, and what contact was undertaken commonly occurred so late in the process as to be substantively useless.91 According to some participants, meetings between FBI intelligence investigators and Criminal Division attorneys became “unproductive,” and even “weird” and “surreal.” The new restrictions imposed by OIPR prevented the FBI from obtaining “meaningful advice from the Criminal Division during an FCI [foreign counterintelligence] investigation,” and impeded “the FBI’s ability to do its job.”92 In short order, OIPR attorneys turned the “primary purpose test” into a de facto “‘exclusive’ purpose” test.93 No FISA request was permitted to go forward if there was any meaningful coordination between criminal and intelligence investigative organs, and similar “no-coordination” standards were applied to all FCI and counterintelligence investigations. Denied any meaningful ability to coordinate actions between the LEA and IC spheres, the FBI developed a Byzantine system of parallel investigative tracks for working terrorism issues: “dirty” teams of intelligence investigators and “clean” teams of purely criminalfocused agents would work the same terrorist cases at the same time, “[y]et they rarely talk[ed] to each other.”94 This organizational allergy even to the most common-sense forms of counterterrorist cooperation become infamous after September 11: a “Wall” had been built between intelligence and law enforcement.
(2) Manifestations in the September 11 Intelligence Failure
Spurred by Congressional attention given to OIPR’s excessively restrictive approach to FISA during the Wen-Ho Lee affair – and by the scathing critique of that office offered in the Bellows Report – DOJ began to realize in the final months of the Clinton Administration that it had created a significant national security problem for itself. On January 21, 2000, Attorney General Reno promulgated some new “interim measures,” but she failed to adopt new guidelines before leaving office. Revised formal guidance, however, was not forthcoming until set forth in August 2001 by Deputy Attorney General Larry Thompson.95 This clarified the rules for coordination between law enforcement and intelligence organs, emphasizing that notification of the Criminal Division is mandatory when information is developed that “reasonably indicate[s] that a significant federal crime has been, is being, or may be committed.”96
These new rules, however, did not make major changes in the 1995 guidelines, and were clearly insufficient to change the institutional culture that had developed within the FBI and the Justice Department around what was now the virtually unchallenged conventional wisdom of the “no coordination” myth. Investigators working before September 11 to get to the bottom of alarming terrorist cases such as those of Khalid al-Mihdhar, Nawaf al-Hazmi, and Zacarias Moussaoui repeatedly ran into the “Wall” and its institutional side-effects: an investigative culture positively allergic to LEA/IC information-sharing and coordination, and remarkably ignorant about how much such cooperation was actually allowed.
FBI special agents in the New York Field office working on the Bureau’s investigation of the bombing of the Navy destroyer USS Cole by Al-Qa’ida, for instance, met with CIA officials in June 2001 in an effort to obtain information. At this point, the CIA knew both that al-Mihdhar and al-Hazmi were linked to a prime suspect in the Cole attack and that they were both in the United States, but it refused to give the FBI this information. Former CIA CTC chief Cofer Black later testified before Congress that the CIA’s refusal to tell the FBI about these two terrorists loose in the United States had been entirely consistent with “rules against contaminating criminal investigators with intelligence information.”97 As one of the FBI agents involved in this episode put it,
“‘[t]he Wall’, and implied, interpreted, created or assumed
restrictions regarding it, prevented myself [sic] and other FBI agents working
a criminal case out of the New York Field Office to obtain information from
[the] Intelligence Community, regarding Khalid al-Mihdhar and Nawaf al-Hazmi
in a meeting on June 11, 2001.”98
Nor was this all. After the FBI was belatedly notified by the CIA in August 2001 that known Al-Qa’ida terrorists al-Mihdhar and al-Hazmi were in the United States, the Bureau began trying to track them down. Despite the urgency of this task, however, FBI Headquarters prohibited FBI criminal investigators in New York from participating in the search for these terrorists and refused even to tell them what little was known about the two men at the time. As one of the New York agents was informed in an e-mail from Washington, D.C., “that information will be passed over the wall” only if “information is developed indicating the existence of a substantial federal crime.”99 Perceiving there to be an unbridgeable gap between law enforcement and intelligence work, the FBI thus refused even to talk to itself in order to prevent mayhem by known Al-Qa’ida terrorists in the United States. Meanwhile, al-Mihdhar and al-Hazmi were in the final stages of their preparations for the September 11 attacks.
As noted by the JIS, these information sharing problems clearly “reflect misunderstandings that have developed over the last several years about using information derived from intelligence gathering activities in criminal investigations.”100 DOJ’s “policies and practices regarding the use of intelligence information in FBI criminal investigations” helped make it enormously harder for the government to find al-Mihdhar and al-Hazmi in the last weeks before September 11101 – even though they were both living and traveling under their true names at the time, and a simple Internet search requested by one of the New York FBI agents after the World Trade Center attacks yielded their address in San Diego “within hours.”102 The tragedy of this is that it was so needless: the law actually did not bar all cooperation across the “Wall” between law enforcement and intelligence. It was simply assumed to do so because years of timorous lawyering in the Justice Department and Intelligence Community reticence had created an institutional culture hostile to coordination. As FBI official Michael Rolince put it, procedures for informationsharing became so baroque and restrictive that sharing was essentially prohibited: “In terrorism cases, this became so complex and convoluted that in some FBI field offices agents perceived ‘walls’ where none actually existed.”103
Coordination problems also arose in the Moussaoui case, in which FBI agents in the Minneapolis Field Office were desperate to search Moussaoui’s personal effects for clues about his activity. Even though Moussaoui was in government custody, however, FBI agents were prohibited from looking through his computer and papers without court permission. FBI Headquarters actually prohibited intelligence investigators in Minneapolis from notifying the Criminal Division at the Justice Department about the Moussaoui situation, and prohibited agents from pursuing a criminal search warrant against him.104
FBI Headquarters apparently barred the pursuit of a criminal warrant on the theory that any professed interest in criminal prosecution would jeopardize any chances of a FISA – a reasonable assumption given OIPR’s longstanding approach to such matters.105 When the FBI agents actually contacted Headquarters about obtaining such a FISA order, however, they were given inexcusably confused and inaccurate information from attorneys at the FBI’s National Security Law Unit (NSLU). FBI attorneys at Headquarters told Minneapolis that in order to get a FISA, they had to produce evidence showing that Moussaoui was affiliated with one or more groups on the State Department’s official list of “terrorist” organizations. This legal advice was patently false and has no basis either in the FISA statute or in DOJ policy or guidelines. Nevertheless, this bad advice led the Minneapolis agents on a legal wild goose chase for nearly three weeks, as they tried to find enough information connecting Chechen terrorist organizations – with whom Moussaoui had some ties, but who were not on the list – to Al-Qa’ida.106
(3) Developments Since September 11
Since the September 11 attacks, both Congress and the Justice Department have taken important steps to revise the law and policies restricting law enforcement/intelligence coordination. The myth that FISA prohibited essentially all coordination between intelligence and law enforcement agents, while untrue even under pre-September 11 law, was addressed by Congress’ passage of the USA PATRIOT Act of 2001 (Public Law 107-56), which took aim directly at the “primary purpose” test long assumed to be part of FISA case law. Whereas FISA for years had provided that “the purpose” of FISA surveillance had to be intelligence collection, after President Bush’s signature of the USA PATRIOT Act, FISA said merely that orders are to be granted where this is “a significant purpose.”107 Thereafter, no inference of a “primary” purpose test should have been permitted, much less an “exclusive purpose” standard. After October 26, 2001, the FISA statute permitted surveillance and physical searches even for undertakings that were primarily criminal – provided only that intelligence collection was not an insignificant reason for the undertaking.
It took over a year, however, for the USA PATRIOT Act changes to penetrate the U.S. Government’s entrenched “no coordination” bureaucratic culture. In November 2001, immediately after Congress had enacted the “significant purpose” change to FISA, the Foreign Intelligence Surveillance Court broke with previous precedent and for the first time required DOJ and the FBI to follow the Attorney General’s July 1995 guidelines on law enforcementintelligence coordination.108 Although court approval was necessary under the FISA statute for the establishment of FISA “minimization rules” for handling information on U.S. citizens or lawful permanent residents, the FISC had never before seen fit to enforce specific general rules on coordination between intelligence and law enforcement organs. The July 1995 guidelines had been the creation of the Attorney General’s policy discretion, and the FISC had never required them to be followed during the long years of the late 1990s when they were being ignored by DOJ attorneys seemingly hostile to the very idea of such coordination. Yet the moment that Congress changed the law in order to make clear that it intended there to be no “Wall,” the FISC stepped in to impose the very legal standards repudiated by the USA PATRIOT Act.
With its November 2001 ruling imposing the July1995 guidelines upon the post- September 11 Justice Department, the FISC necessarily established the precedent that any changes to the coordination guidelines required court approval. Things got still more strange after the Attorney General duly submitted draft guidelines in March 2002, seeking the FISC’s approval to implement the changes written into law by the USA PATRIOT Act. These new proposals embodied the “significant purpose” changes, and permitted extensive informationsharing and coordination between intelligence and law enforcement elements within the Department and the FBI – to the point that “all DOJ component are free to offer advice and make recommendations, both strategic and tactical, about the conduct and goals of the investigations.”109
The FISC, however, rejected the Attorney General’s proposed changes, declaring in a May 17, 2002 opinion that they went too far. Wholly ignoring the USA PATRIOT Act’s changes to the FISA “purpose test,” this opinion explicitly endorsed what the FISC itself described as “the Wall” between law enforcement and intelligence – finding support for this not in the crucial “purpose test” modified by Congress but in the statute’s substantively unrelated provisions on “minimization rules” to govern the handling of information specifically about U.S. persons.110
It was not until November 2002 that the FISA Court of Review – the never-before-used appellate body created by the statute – issued an opinion overruling the FISC’s decision. Thanks to the Court of Review holding, the law thus stands today where Congress intended it to stand on October 26, 2001: there is no restriction upon coordination between law enforcement and intelligence organs in connection with FISA surveillance or physical searches, and such activity can lawfully be undertaken even if primarily done with prosecutorial intent, provided that a “significant” intelligence purpose remains.111 Given its erratic and reflexive behavior after September 11, how faithfully the FISC actually applies this standard to individual FISA requests remains to be seen.112 Provided that the FBI can persuade its NSLU attorneys to learn FISA law better – and provided that Attorney General Ashcroft succeeds in replacing the “Wall” culture with new attitudes devoted to effective coordination – there is reason for optimism that coordination-related problems of the sort seen in the al-Mihdhar, al-Hazmi, and Moussaoui cases will not recur.
(4) Intelligence-Law Enforcement Information-Sharing
In addition to problems stemming from presumed legal obstacles to passing crucial information from the Intelligence Community to law enforcement, the events of September 11 highlighted the problems of passing information in the other direction: from law enforcement to the Intelligence Community. Throughout the 1990s, for instance, the Justice Department, the FBI, and the offices of various U.S. Attorneys around the country accumulated a great deal of information about Al-Qa’ida and other terrorist networks operating within the United States. This information was derived from law enforcement investigations into such events as the 1990 assassination of Rabbi Meier Kahane, the 1993 World Trade Center bombing, the abortive plot to blow up various harbors and tunnels in New York City, the 1996 Khobar Towers attack, the 1998 U.S. embassy bombings, Al-Qa’ida’s “Millennium Plot,” and the attack on the USS Cole in October 2000. Most of this information, however, remained locked away in law enforcement evidence rooms, unknown to and unstudied by counterterrorism (CT) analysts within the Intelligence Community.
That this information possessed potentially huge relevance to the Intelligence Community’s CT work is beyond