October 23, 2014 / by emptywheel

 

Connecting the Dots on the CIA Torture Report

I want to pull several details of the HuffPo’s last two pieces on the CIA torture report together (kudos to HuffPo for stealing Ali Watkins from McClatchy).

Tuesday’s story presents conflicting claims about whether the CIA impersonated SSCI staffers to access the part of the server dedicated to their work.

One side — explicitly relying on the CIA Inspector General’s own report — say the CIA impersonated staffers, and possibly worse.

According to sources familiar with the CIA inspector general report that details the alleged abuses by agency officials, CIA agents impersonated Senate staffers in order to gain access to Senate communications and drafts of the Intelligence Committee investigation. These sources requested anonymity because the details of the agency’s inspector general report remain classified.

“If people knew the details of what they actually did to hack into the Senate computers to go search for the torture document, jaws would drop. It’s straight out of a movie,” said one Senate source familiar with the document.

The quote from the other side issued a non-denial denial (though perhaps there was a more direct denial not quoted): CIA did not use Administrator access (which is not what the other source claimed).

A person familiar with the events surrounding the dispute between the CIA and Intelligence Committee said the suggestion that the agency posed as staff to access drafts of the study is untrue.

“CIA simply attempted to determine if its side of the firewall could have been accessed through the Google search tool. CIA did not use administrator access to examine [Intelligence Committee] work product,” the source said.

Now consider today’s story, which describes the inconclusive result of the Senate Sergeant-at-Arms report. Here, the dispute is portrayed as a disagreement over whether the CIA has the original access logs, or only copies of them.

Computer records may have provided evidence on how the CIA document made its way into the Intelligence Committee’s hands. Those records, Senate sources said, were erased by the CIA.

The claim is technically true. The computer audit logs that recorded activity on the CIA computers used for the committee’s report were overridden from the machines’ local drives at regular intervals throughout the five-year study, HuffPost has learned. The records, however, continued to be stored elsewhere, and were provided to the Sergeant-at-Arms office for its inquiry. The CIA said that the Senate office received the computer audit records earlier this year.

“CIA cooperated fully with the Senate Sergeant-at-Arms review and provided all the relevant information that the [Sergeant-at-Arms] requested,” said CIA spokesman Dean Boyd. “In fact, audit data was specifically provided to the [Sergeant-at-Arms] in July 2014. Furthermore, CIA continues to maintain copies of this audit data to this day. Claims alleging otherwise are patently false.”

[snip]

A source familiar with the Senate inquiry has since said that the CIA submitted copies of records to the Sergeant-at-Arms, rather than the records themselves, which the investigators considered unreliable.

The Sergeant-at-Arms “can’t verify any of what CIA is saying,” said the source, who was briefed on the investigation.

In other words, the Sergeant-at-Arms got records that they can’t actually use to verify what happened on the servers. They would have gotten those logs after this issue had already blown up.

I’m reminded of the White House emails, where the content of the emails appears to have been doctored right as Patrick Fitzgerald was subpoenaing specific accounts.

If the CIA had doctored the access logs they stored, they would have been able to eliminate any trace of CIA using SSCI credentials to access the server.

So where does the claim that CIA impersonated the SSCI staffers come from? And what as the inaccurate information based on which the CIA IG referred Senate staffers for investigation?

The CIA had asked the Department of Justice to pursue criminal charges against the Senate staff for removing the document, which the Justice Department declined in June to investigate. The CIA’s inspector general has since determined that the criminal referral was based on “inaccurate information.” The inspector general also publicly accused CIA staff of misleading the offices’ investigators during its inquiry.

That doesn’t necessarily mean that the Inspector General was working with dodgy access logs. CIA has any number of ways to lie — it’s what we pay them to do. By 2010, after all, the CIA had already altered or destroyed all this evidence of their torture:

Since there are so many incidences of destroyed or disappearing torture evidence, I thought it time to start cataloging them, to keep them all straight.

  • Before May 2003: 15 of 92 torture tapes erased or damaged
  • Early 2003: Gitmo commander Mike Dunlavey’s paper trail documenting the torture discussions surrounding Mohammed al-Qahtani “lost”
  • Before August 2004: John Yoo and Patrick Philbin’s torture memo emails deleted
  • June 2005: most copies of Philip Zelikow’s dissent to the May 2005 CAT memo destroyed
  • November 8-9, 2005: 92 torture tapes destroyed
  • July 2007 (probably): 10 documents from OLC SCIF disappear
  • December 19, 2007: Fire breaks out in Cheney’s office

(I put in the Cheney fire because it happened right after DOJ started investigating the torture tape destruction.)

Add to that the 920 documents (potentially pertaining to White House involvement) stolen back from the server after they had originally been made available.

After a series of meetings, I learned that on two occasions, CIA personnel electronically removed committee access to CIA documents after providing them to the committee. This included roughly 870 documents or pages of documents that were removed in February 2010, and secondly roughly another 50 were removed in mid-May 2010.

Again, we don’t know that the CIA altered the access logs.

But if they didn’t, it would almost constitute an exception to their rule of destroying evidence.

Update: As a reminder, here were the conclusions in the CIA IG Report summary that was publicly released.

Agency Access to Files on the SSCI RDINet: Five Agency employees, two attorneys and three information technology (IT) staff members, improperly accessed or caused access to the SSCI Majority staff shared drives on the RDINet.

Agency Crimes Report on Alleged Misconduct by SSCI Staff: The Agency filed a crimes report with the DOJ, as required by Executive Order 12333 and the 1995 Crimes Reporting Memorandum between the DOJ and the Intelligence Community, reporting that SSCI staff members may have improperly accessed Agency information on the RDINet. However, the factual basis for the referral was not supported, as the author of the referral had been provided inaccurate information on which the letter was based. After review, the DOJ declined to open a criminal investigation of the matter alleged in the crimes report.

Office of Security Review of SSCI Staff Activity: Subsequent to directive by the D/CIA to halt the Agency review of SSCI staff access to the RDINet, and unaware of the D/CIA’s direction, the Office of Security conducted a limited investigation of SSCI activities on the RDINet. That effort included a keyword search of all and a review of some of the emails of SSCI Majority staff members on the RDINet system.

Lack of Candor: The three IT staff members demonstrated a lack of candor about their activities during interviews by the OIG.

Update: Katherine Hawkins reminds me that Manadel al-Jamadi’s blood-stained hood disappeared.

Copyright © 2014 emptywheel. All rights reserved.
Originally Posted @ https://www.emptywheel.net/2014/10/23/connecting-the-dots-on-the-cia-torture-report/