If the NSA “Won” the War in Iraq, Why Are We Still Losing It?
To Shane Harris’ misfortune, his book, @War, out today, came out on the same day that General Daniel Bolger’s book, Why We Lost, came out.
That means Harris’ first excerpt, initially titled “How the NSA Sorta Won the Last Iraq War,” came out just days before Bolger’s op-ed today, mourning another Veteran’s Day to contemplate the 80 men he lost. Bolger wants us to stop telling the lie that the surge won the Iraq War.
Here’s a legend that’s going around these days. In 2003, the United States invaded Iraq and toppled a dictator. We botched the follow-through, and a vicious insurgency erupted. Four years later, we surged in fresh troops, adopted improved counterinsurgency tactics and won the war. And then dithering American politicians squandered the gains. It’s a compelling story. But it’s just that — a story.
The surge in Iraq did not “win” anything. It bought time. It allowed us to kill some more bad guys and feel better about ourselves. But in the end, shackled to a corrupt, sectarian government in Baghdad and hobbled by our fellow Americans’ unwillingness to commit to a fight lasting decades, the surge just forestalled today’s stalemate. Like a handful of aspirin gobbled by a fevered patient, the surge cooled the symptoms. But the underlying disease didn’t go away. The remnants of Al Qaeda in Iraq and the Sunni insurgents we battled for more than eight years simply re-emerged this year as the Islamic State, also known as ISIS.
Harris’s story, which explains how network analysis and then hacking of Iraqi insurgents — including Al Qaeda in Iraq — helped us to win the surge, relies on that legend.
TAO hackers zeroed in on the leaders of the al Qaeda group. Centering their operations in Baghdad, they scooped up e-mail messages that the terrorists had left in draft form in their personal accounts, where they could be picked up by fellow fighters without having to be sent over the Internet. This was a common trick terrorists used to avoid detection. TAO had been on to it for years.
For TAO, hacking into the communications network of the senior al Qaeda leaders in Iraq helped break the terrorist group’s hold on the neighborhoods around Baghdad. By one account, it aided U.S. troops in capturing or killing at least ten of those senior leaders from the battlefield.
[snip]
For the first time in the now four-year-old Iraq War, the United States could point to a strategy that was actually working. The overall success of the surge, which finally allowed U.S. forces to leave Iraq, has been attributed to three major factors by historians and the commanders and soldiers who served there. First, the additional troops on the ground helped to secure the most violent neighborhoods, kill or capture insurgents, and protect Iraq’s civilians. The cities became less violent, and the people felt safer and more inclined to help the U.S. occupation. Second, insurgent groups who were outraged by al Qaeda’s brutal, heavyhanded tactics and the imposition of religious law turned against the terrorists, or were paid by U.S. forces to switch their allegiances and fight with the Americans. This so-called Sunni Awakening included 80,000 fighters, whose leaders publicly denounced al Qaeda and credited the U.S. military with trying to improve the lives of Iraqi citizens.
But the third and arguably the most pivotal element of the surge was the series of intelligence operations undertaken by the NSA and soldiers such as Stasio. Former intelligence analysts, military officers, and senior Bush administration officials say that the cyber operations opened the door to a new way of obtaining intelligence, and then integrating it into combat operations on the ground. The information about enemy movements and plans that U.S. spies swiped from computers and phones gave troops a road map to find the fighters, sometimes leading right to their doorsteps. This was the most sophisticated global tracking system ever devised, and it worked with lethal efficiency.
Gen. David Petraeus, the commander of all coalition forces in Iraq, credited this new cyber warfare “with being a prime reason for the significant progress made by U.S. troops” in the surge, which lasted into the summer of 2008, “directly enabling the removal of almost 4,000 insurgents from the battlefield.” The tide of the war in Iraq finally turned in the United States’ favor.
I didn’t get a review copy of Harris’ book, so I’ll have to let you know whether he grapples with the fact that this victory lap instead led us to where we are now, escalating the war in Iraq again, with ISIL even more powerful for having combined Saddam’s officers with terrorist methods. I’ll also have to let you know why Harris claims this started in 2007, when we know NSA was even wiretapping Iraqi targets in the US as early as 2004, a program that got shut down in the hospital confrontation.
Harris would have done well to consider Bolger’s call for an assessment of this failure.
That said, those who served deserve an accounting from the generals. What happened? How? And, especially, why? It has to be a public assessment, nonpartisan and not left to the military. (We tend to grade ourselves on the curve.) Something along the lines of the 9/11 Commission is in order. We owe that to our veterans and our fellow citizens.
Such an accounting couldn’t be more timely. Today we are hearing some, including those in uniform, argue for a robust ground offensive against the Islamic State in Iraq. Air attacks aren’t enough, we’re told. Our Kurdish and Iraqi Army allies are weak and incompetent. Only another surge can win the fight against this dire threat. Really? If insanity is defined as doing the same thing over and over and expecting different results, I think we’re there.
That is, if this network analysis and hacking is so superb, then why didn’t it work? Did we not understand the networks that our spectacular tech exposed? Or did we do the wrong thing with it, try to kill it rather than try to win it over? Not to mention, did we account for the necessarily temporary value of all these techniques, given that targets will figure out that their cell phones, the RFID tags, their laptops, or whatever new targeting means we devise are serving as a beacon.
And there’s one more lesson in Harris’ excerpt, one I doubt he admits.
Earlier in the except, he explains in giddy language how the NSA’s hackers broke an insurgent method of leaving draft unsent emails.
Centering their operations in Baghdad, they scooped up e-mail messages that the terrorists had left in draft form in their personal accounts, where they could be picked up by fellow fighters without having to be sent over the Internet. This was a common trick terrorists used to avoid detection. TAO had been on to it for years.
Even while he provides David Petraeus opportunity to do a victory lap for the surge that in fact did not win the war, he doesn’t mention that Petraeus adopted this insurgent technique to communicate with his mistress, Paula Broadwell. Harris also doesn’t mention that the FBI, like the NSA before it, easily broke the technique.
More important still, Harris doesn’t mention that FBI found reason to do so. These techniques — described with such glee — were turned back on even the man declaring victory over them. They didn’t win the war in either Iraq or Afghanistan, but they sure made it easy for President Obama to take out Petraeus when he became inconvenient.
I have no sympathy for Petraeus, don’t get me wrong. But he is an object lesson in how these techniques have not brought victory to the US. And it’s time to start admitting that fact, and asking why not.
Update: In a post I could have written (though probably not as well), Stephen Walt engages in a counterfactual asking if we didn’t have the dragnet we might be doing better at fighting terrorism. Go read the whole thing, but here’s part of it:
Second, if we didn’t have all these expensive high-tech capabilities, we might spend a lot more time thinking about how to discredit and delegitimize the terrorists’ message, instead of repeatedly doing things that help them make their case and recruit new followers. Every time the United States goes and pummels another Muslim country — or sends a drone to conduct a “signature strike” — it reinforces the jihadis’ claim that the West has an insatiable desire to dominate the Arab and Islamic world and no respect for Muslim life. It doesn’t matter if U.S. leaders have the best of intentions, if they genuinely want to help these societies, or if they are responding to a legitimate threat; the crude message that drones, cruise missiles, and targeted killings send is rather different.
If we didn’t have all these cool high-tech hammers, in short, we’d have to stop treating places like Afghanistan, Pakistan, Iraq, and Syria as if they were nails that just needed another pounding, and we might work harder at marginalizing our enemies within their own societies. To do that, we would have to be building more effective partnerships with authoritative sources of legitimacy within these societies, including religious leaders. Our failure to do more to discredit these movements is perhaps the single biggest shortcoming of the entire war on terror, and until that failure is recognized and corrected, the war will never end.
I’ve long had a problem with the word “insurgents” which is used many times in this story. The US attacks and invades a country, overthrows a government, and the resistance fighters which arise are then called — “insurgents” which by definition are (or should be) fighters against an established government.
.
In France, in WWII, they were called Freedom Fighters.
.
Is this simply poor semantics? No, I don’t think so, because it acts to cover up the legitimacy and motivation of the people acting against the illegal, illegitimate US military action.
.
Abandoning this wrongful “insurgency” scenario allows us more clearly to see the true situation, where the US aggression has in fact been defeated by the citizens of the invaded country, people who objected to the US military presence and its results. There never was an “insurgency” in fact. And so there never was a “counterinsurgency” either. It’s simply Orwellian doublethink, meant to deceive us about the illegitimacy of US military actions.
All good points. I was trying to avoid the word “terrorist” for the same reason. But you’re absolutely right that “insurgent” is also wrong.
Thanks for pointing it out–will keep it in mind.
Thanks.
.
And my concern does not diminish my sense of awe that you can write intelligently on ‘most any subject on god’s green earth.
The Iraq surge was a failure.
.
The main effort was to be Iraqi. Bush:
“Now, let me explain the main elements of this effort. The Iraqi government will appoint a military commander and two deputy commanders for their capital. The Iraqi government will deploy Iraqi army and national police brigades across Baghdad’s nine districts. . .for it to succeed, our commanders say the Iraqis will need our help.”
Actually the US military had to lead the effort.
.
The purpose of the surge was reconciliation of the various Iraqi sects. Bush:
A successful strategy for Iraq goes beyond military operations. Ordinary Iraqi citizens must see that military operations are accompanied by visible improvements in their neighborhoods and communities. . .And to allow more Iraqis to re-enter their nation’s political life, the government will reform de-Baathification laws and establish a fair process for considering amendments to Iraq’s constitution.
There was no reconciliation.
There are many who still don’t get it, like Max Boot in Commentary today in “The Hard Truths Obama Needs to Hear” calling for another surge in Iraq:
This is the myth that US aggression, and more of it, creates better political situations. As in Vietnam, Libya, Syria, Afghanistan….and Iraq, I suppose.
So the email draft dodging method would be: compose and save a draft which someone else would later log into the same account and read the draft? Unless someone is checking into the very same computer and the email in question isn’t a cloud based/draft saving location I don’t understand how it wouldn’t travel over the internetz? Much more, how any computer capable of connecting to the internet would be considered safe.
The excerpt from Walt’s piece is very interesting
“..To do that, we would have to be building more effective partnerships with authoritative sources of legitimacy within these societies, including religious leaders. Our failure to do more to discredit these movements is perhaps the single biggest shortcoming of the entire war on terror, and until that failure is recognized and corrected, the war will never end.”
The problems are various, hubris and plain old stupidity are among them. But the real reason that the US eschews the strategies Walt suggests is that it cannot enter into alliances within, for example, Iraqi society without offending allies such as Saudi Arabia and Israel. War is the only strategy that either will accept, both being scared half to death by ideas of compromise and the fearful prospect of peace and politics.
War, of course, is also favoured by the Military Industrial Complex, and dissent from the governments of countries such as the UK, Germany or France is not tolerated.
So war is inevitable until defeat .
quote”War, of course, is also favoured by the Military Industrial Complex, and dissent from the governments of countries such as the UK, Germany or France is not tolerated.
So war is inevitable until defeat .”unquote
Defeat??? Hahahahahahaha! There’s no such word in the DOD’s or the Oligarchy handbook of Continuous war. I mean.. if Vietnam wasn’t the poster child of “defeat’ I don’t know what is. Yet here we are. Living proof the Dumbest Country on the Planet will continue to supply a Trillion dollars per year of their grandchildrens grandchildren’s future labor by virtue of the 16th amendment because they haven’t got one fucking neuron between their ears that consist of quantum particle cognitive dissonance, let alone the courage to extrapolate they are about to lose the one right they have to change it.
stephen walt is very right – in the most important way.
our “analysts” in the 12 yrs war are gun-totting, eavesdropping knuckles to whom talkng, getting to know, diplomacy are missing skills. “just tap a few more phone lines and read the transcripts from hundreds or thousands of miles away. assign some jsoc-trained throat-slitters to kill a few dozens (or hundreds) of “top leaders”. that will do the trick. the sons of bitches aren’t used to fighting, don’t really like fighting; they’ll give up soon.
it’s the kevlars vs the ragheads – again. how can the evesdropping, big gun tottin’, billy-the-kid americans lose this one?
“@War” talks about some of the electronic tactical warfare that went on during the Iraq conflict — tracking the insurgents through cell phones and other communications — but Shane Harris’ book talks about the worldwide electronic conflict and the rise of what he calls “The Military-Internet Complex.” One of his big conclusions is that NSA may have damaged our cyber-security defenses generally in its pursuit of intel-gathering, as if, say, they sold door locks with a built-in flaw that anybody might exploit.
Both @War and Why We Lost are worth reading.
Marcy,
You’ve mentioned that the minimization procedures required under 12333 are significantly more lax than those required under 215 or 702. Can you direct me to a comparison between these requirements, so that I could see the specific differences?
Thanks!!
I don’t know of one.
The differences are greatest with metadata. The phone dragnet requires authorization to share chaining data outside of cleared analysts, it requires a sign-off that it is being shared for counterterrorism purposes, and Americans need a first amendment review before they’re chained on (as the target) at all. None of that is true under EO 12333, though there is some specific training under SPMCA that permits analysts to chain through USPs.
On the FISA/12333 side, the same principles apply to both: USP data has to be masked until someone says they need it unmasked, USPs can’t be targeted without some hoops, and retention of both is 5 years (note, all those rules are far more lenient for the data FBI gets directly). On the 12333 there’s a bit more permissiveness to sharing, though both get shared with foreign partners and the like.