34 years ago Ronald Reagan issued the Executive Order that still governs most of our country’s intelligence activities, EO 12333.
As part of it, the EO required any agency using information concerning US persons to have a set of procedures laying out how it obtains, handles, and disseminates information (see the language of 2.3 below).
Only — as the Privacy and Civil Liberties Oversight Board started pointing out in August 2013 — some agencies have never complied. In February, PCLOB revealed the 4 agencies that are still flouting Reagan’s rules, along with what they have been using:
The Department of Homeland Security’s notoriously shoddy Office of Intelligence and Analysis: Pending issuance of final procedures, I&A is operating pursuant to Interim Intelligence Oversight Procedures, issued jointly by the Under Secretary for Intelligence and Analysis and the Associate General Counsel for Intelligence (April 3, 2008).
United States Coast Guard (USCG)- Intelligence and counterintelligence elements: Pending issuance of final procedures, operating pursuant to Commandant Instruction – COMDINST 3820.12, Coast Guard Intelligence Activities (August 28, 2003).
Department of Treasury Office of Intelligence and Analysis (OIA): Pending issuance of final procedures. While draft guidelines are being reviewed in the interagency approval process, the Office of Intelligence and Analysis conducts intelligence operations pursuant to EO 12333 and statutory responsibilities of the IC element, as advised by supporting legal counsel.
Drug Enforcement Administration, Office of National Security Intelligence (ONSI): Pending issuance of final procedures, operates pursuant to guidance of the Office of Chief Counsel, other guidance, and: Attorney General approved “Guidelines for Disclosure of Grand Jury and Electronic, Wire, and Oral Interception Information Identifying United States Persons” (September 23, 2002); Attorney General approved “Guidelines Regarding Disclosure to the Director of Central Intelligence and Homeland Security Officials of Foreign Intelligence Acquired in the Course of a Criminal Investigation” (September 23, 2002).
Last year’s House Intelligence Committee version of NSA reform (the one I called RuppRoge) would have included language requiring agencies to finish these procedures — mandated 34 years ago — within 6 months. And now, over a year later, Dianne Feinstein’s latest attempt at reform echoed that language.
Which strongly suggests these agencies are still deadbeats.
As I said in February, I’m most concerned about DEA (because DEA is out of control) and, especially, Treasury (because Treasury’s intelligence activities are a black box with little court review). Treasury is making judgements that can blacklist someone financially, but it has thus far refused to institute procedures to protect Americans’ privacy while it does so.
And no one seems to be rushing to require them to do so.
2.3 Collection of Information. Agencies within the Intelligence Community are authorized to collect, retain or disseminate information concerning United States persons only in accordance with procedures established by the head of the agency concerned and approved by the Attorney General, consistent with the authorities provided by Part 1 of this Order. Those procedures shall permit collection, retention and dissemination of the following types of information:
(a) Information that is publicly available or collected with the consent of the person concerned;
(b) Information constituting foreign intelligence or counterintelligence, including such information concerning corporations or other commercial organizations. Collection within the United States of foreign intelligence not otherwise obtainable shall be undertaken by the FBI or, when significant foreign intelligence is sought, by other authorized agencies of the Intelligence Community, provided that no foreign intelligence collection by such agencies may be undertaken for the purpose of acquiring information concerning the domestic activities of United States persons;
(c) Information obtained in the course of a lawful foreign intelligence, counterintelligence, international narcotics or international terrorism investigation;
(d) Information needed to protect the safety of any persons or organizations, including those who are targets, victims or hostages of international terrorist organizations;
(e) Information needed to protect foreign intelligence or counterintelligence sources or methods from unauthorized disclosure. Collection within the United States shall be undertaken by the FBI except that other agencies of the Intelligence Community may also collect such information concerning present or former employees, present or former intelligence agency contractors or their present or former employees, or applicants for any such employment or contracting;
(f) Information concerning persons who are reasonably believed to be potential sources or contacts for the purpose of determining their suitability or credibility;
(g) Information arising out of a lawful personnel, physical or communications security investigation;
(h) Information acquired by overhead reconnaissance not directed at specific United States persons;
(i) Incidentally obtained information that may indicate involvement in activities that may violate federal, state, local or foreign laws; and
(j) Information necessary for administrative purposes.
In addition, agencies within the Intelligence Community may disseminate information, other than information derived from signals intelligence, to each appropriate agency within the Intelligence Community for purposes of allowing the recipient agency to determine whether the information is relevant to its responsibilities and can be retained by it.
Given that Bill Harlow co-wrote George Tenet and Jose Rodriguez’ autobiographical novels, it’s fairly clear he continues to propagandize for the CIA years after he left the Agency as Public Affairs officer. Still, his past autobiographical novels were perhaps more convincing than the roll out of Mike Morell’s autobiographical novel, The Great War of Our Time, which Harlow also co-wrote. That’s pretty remarkable given that Morell had more retained credibility than either of the other two. This propaganda tour actually seems to be eroding Morell’s credibility.
Part of the problem is interviews like this, where Morell says both that we should be “all in” with Saudi Arabia (an asinine judgement, in my opinion, perhaps betraying CIA’s close ties to the Saudis) and that we should support secular Bashar al-Assad, which is totally inconsistent with his first stance.
And he makes those two claims in an interview where he also claims that numbers on collateral damage tied to drone strikes are “propaganda.”
“The other thing I’ll say is that this is the most precise weapon in the U.S. arsenal. Collateral damage is not zero — and gosh, I wish it were zero, but it’s not — but it’s very close to zero.
“Number three, the numbers that you see about huge numbers of collateral damage just aren’t true. They are put out there as propaganda by people who want this program to go away, and al-Qaida is one of those groups.”
It’s a great display of Morell’s approach to lying.
First, most people don’t claim there are huge numbers of collateral damage. TBIJ — which is both one of the more partisan voices against drone strikes but which also does some of the most meticulous work tracking drone killing over years — shows that civilians amount for around 14% of those killed (a lower number than some more hawkish counts). The number itself is not, as Morell depicts it, “huge.” But it is, nevertheless, a relatively large amount, one what brings with it a lot of blowback. And the numbers — which again, are similar to those tracked my multiple independent sources — are much higher than CIA publicly claims.
It is CIA, and not drone killing trackers, engaged in propaganda here.
Yet by refuting something his opponents hadn’t asserted, Morell gets to claim to have debunked it.
Jeff Stein deals with one problem with Morell’s debunking. CIA’s former Deputy Director claims that if we had tipped the Pakistanis (who are dealt with as a monolith in Morell’s story) they would have told Osama bin Laden. Wouldn’t that require knowledge of where he was, and some ongoing interest in protecting him? If so, that actually confirms a key premise of Hersh’s (and other reporters’) stories.
Then there’s Morell’s debunking of the walk-in story.
He claims that we learned of bin Laden’s location not from following the courier and from excellent intelligence analysis, but from a Pakistani intelligence officer who walked into the U.S. Embassy and gave us bin Laden’s whereabouts in exchange for “much of the $25 million reward offered by the U.S.” The truth is that while walk-ins have long been useful in providing intelligence to us world-wide, none of the information that led to finding the location where bin Laden was came from walk-ins.
NBC has already confirmed that there was a walk-in — just that he wasn’t key to identifying OBL’s location.
Editor’s Note: This story has been updated since it was first published. The original version of this story said that a Pakistani asset told the U.S. where bin Laden was hiding. Sources say that while the asset provided information vital to the hunt for bin Laden, he was not the source of his whereabouts.
Morell’s statement is utterly consistent with NBC’s reporting.
Morell claims to debunk Hersh’s claim that CIA obtained DNA from OBL.
bin Laden was very ill, and that early on in his confinement at Abbottabad, the ISI had ordered Amir Aziz, a doctor and a major in the Pakistani army, to move nearby to provide treatment.
The planners turned for help to Kayani and Pasha, who asked Aziz to obtain the specimens. Soon after the raid the press found out that Aziz had been living in a house near the bin Laden compound: local reporters discovered his name in Urdu on a plate on the door. Pakistani officials denied that Aziz had any connection to bin Laden, but the retired official told me that Aziz had been rewarded with a share of the $25 million reward the US had put up because the DNA sample had showed conclusively that it was bin Laden in Abbottabad.
But Morell focuses on obtaining DNA from the compound and from OBL’s children, not from OBL himself.
Mr. Hersh says we obtained DNA samples from people in the bin Laden compound before the assault was launched. Wrong again. We would have liked to have obtained samples from the children in the compound to confirm that they were bin Laden’s children, but we did not. [my emphasis]
And Morell claims Hersh’s claim that SEALs couldn’t have thrown OBL body parts out the helicopter over the Hindu Kush …
The remains, including his head, which had only a few bullet holes in it, were thrown into a body bag and, during the helicopter flight back to Jalalabad, some body parts were tossed out over the Hindu Kush mountains – or so the Seals claimed.
… Because he received a burial at sea.
Finally—and most absurdly perhaps—Mr. Hersh cites his sources as telling him that SEALs threw bin Laden body parts off their helicopter over the Hindu Kush and suggests that the burial at sea from the USS Carl Vinson never happened. Bin Laden’s body received a proper Muslim burial at sea. How do I know? I heard the president give the order, and I saw photographs and video of the burial at sea.
Now, to be fair, this is one claim from Hersh I’m most skeptical of (though I realize now the SEALs might have thrown some body parts out the helicopter to leave DNA evidence that OBL was killed there, which was the purported cover story). But Morell’s debunking is no such thing, because it is perfectly possible a shrouded corpse could be buried at sea even if it were missing some body parts. (I’ll also note that JSOC hid what I believe to be trophy photos after this story started breaking, which suggests the SEALs did something with the corpse that would cause problems if it were publicized, though I always assumed they just hammed it up.)
In other words, as Morell does for his drone propaganda, he usually doesn’t debunk what Hersh wrote, but instead something else.
Which is a suggestion that he’s engaged in another cover story.
Three years ago, CAIR-MI sued the Department of Homeland Security and FBI because Muslims crossing the US-Canadian border keep getting asked questions about their religion. The suit has proceeded with CAIR getting discovery that largely remains secret.
But in a cross-motion filed last week, the government got really squirrelly relating to some information on how it deals with border questioning. It’s worried about three things: two FBI training documents and the redacted parts of a Sample Questionnaire ICE uses at the border.
At least one of the FBI training documents provides guidance on how the Bureau investigates certain things (likely Sensitive investigative subjects), including religion. The second is a training program attended by an Agent who had asked sensitive questions to one of the plaintiffs.
As set forth in Defendants’ Privilege Log of FBI Documents, FBI #2 is an “FBI operational training providing guidance on certain categories of investigations, one portion of which included questions related to religion.” See Pl. Mot. Exh. E. The Log further explains that the document “contains law enforcement sensitive information, the disclosure of which would impede or impair the effectiveness of an investigation and/or an investigative technique, method or procedure; and national security information.” The Log described FBI #4 as “Training attended by CBP Officer Janos during his affiliation with the FBI Task Force (described in response to Interrogatory 9),” and explained that it is a law enforcement sensitive document, the disclosure of which could harm the effectiveness of an investigation or an investigative technique, and “contains personally identifying information about individuals not party to this action.”
The government says that if the judge rules the first training program relevant to this suit, they may claim state secrets over it.
Therefore, if the Court determines thatthe national security information included in this document is both relevant toPlaintiffs’ equal protection claim and not protected from disclosure by the lawenforcement privilege, then Defendants request at least 60 days to considerwhether that information is subject to an assertion of the state secrets privilege,
Since 2008, when DOJ made it okay to use religion as one factor in investigations, there have been questions about how it might play into those investigations. But apparently, DOJ would rather invoke state secrets than tell us.
Then there’s the other thing the government doesn’t want to reveal: its list of questions it asks (under what circumstances, it won’t say) at the border. Some of those got released in a redacted list to the plaintiffs, released last week as part of a declaration explaining why the questions that get asked of selected people crossing the border can’t be released altogether.
But along with asking questions about who the interviewee’s faith leader is (these questions lay at the heart of the suit), they also ask about martyrdom (though one question remains redacted).
It’s hard to imagine how such questions would ever elicit a useful response — unless the desired response is just to make people nervous. Someone ideological enough to have lost associates as suicide bombers would respond affirmatively rather than hiding their own associations?
But particularly given DHS’ excuse that because, as written, this questionnaire’s religious questions are religion neutral, the questions on martyrdom are absurd. Not because just Jihadists foster the claim of suicide bombing (though I think even that claim could be true), but also because so many completely innocent Muslims have been killed in recent years for living in the wrong place at the wrong time. Do those people count as martyrs? Or is this another attempt to instill an odd multileveled evaluation of deaths, in which the only dead Muslims are those extremists who’ve deliberately killed themselves, and not the million who create the animus?
Or does DHS just plan on deporting someone years from now because someone didn’t identify a relative killed in an asymmetric war as a “martyr,” the word DHS itself picked?
It’s clear DHS is asking religious questions (though it’s not clear whether CAIR will have the ability to show that, because only Muslims get pulled into secondary, the questions end up getting posed only to Muslims). But with this odd martyrdom question, it’s also hard to see how these are effective questions.
At some time around 9:30 PM ET at the INSA Leadership Dinner, John Brennan suggested that maybe the CIA Director — that is, maybe he — should have a 10 year term.
D/CIA John Brennan says it might make sense to have the CIA director and DNI serve similar terms to the FBI director’s 10-year term.
At 4:30 AM Saudi time (so 9:30 PM ET), Saudi King Salman announced a major royal shake-up. Rather than his brother Muqrin bin Abdulaziz being Deputy and heir to the throne, American favorite and very close Brennan buddy Mohammed bin Nayef will be heir.
Saudi King Salman is announcing a major royal shake-up at 4:30 am. Muqrin is out, M. Bin Nayaf is the new heir, his own son deputy heir.
That’s a rather interesting power move by two closely affiliated types (though I assume that the CIA Director can’t do these things by fiat … yet).
Update: Adding, King Salman’s insomnia induced Kingdom restructuring also apparently made Ambassador to the US (the guy whom Manssor Arbabsiar was purportedly trying to kill) Adel al-Jubeir Foreign Minister.
The House Oversight Committee is having a hearing on the problems law enforcement agencies have with sexual harassment and misconduct, as reported by DOJ’s Inspector General. DEA Administrator Michele Leonhart will be offering amusing testimony about how the DEA has given its Agents clear instructions that they’re really the best evah™ but they need to stop breaking the law.
But because I’m an IG nerd, I’m as interested in what has become a monthly event during DOJ Inspector General Michael Horowitz’ tenure, when he provides details of FBI and DEA’s latest stonewalling of oversight. Here’s today’s version:
Further, we cannot be completely confident that the FBI and the DEA provided us with all information relevant to this review. When the OIG finally received from the FBI and DEA the requested information without extensive redactions, we found that it still was incomplete. For example, we determined that the FBI removed a substantial number of cases from the result of their search and provided additional cases to the OIG only after we identified some discrepancies. These cases were within the scope of our review and should have been provided as requested. Likewise, the DEA also provided us additional cases only after we identified some discrepancies. In addition, after we completed our review and a draft of the report, we learned that the DEA used only a small fraction of the terms we had provided to search its database for the information needed for our review. Rather than delay our report further, we decided to proceed with releasing it given the significance of our findings.
We also determined that the DEA initially withheld from us relevant information regarding an open case involving overseas prostitution. During a round of initial interviews, only one interviewee provided us information on this case. We later learned that several interviewees were directly involved in the investigation and adjudication of this matter, and in follow-up interviews they each told us that they were given the impression by the DEA that they were not to talk to the OIG about this case while the case was still open. In order to ensure the thoroughness of our work, the OIG is entitled to receive all information in the agency’s possession regardless of the status of any particular case.
As I have testified on multiple occasions, in order to conduct effective oversight, an Inspector General must have timely and complete access to documents and materials needed for its audits, reviews, and investigations. This review starkly demonstrates the dangers inherent in allowing the Department and its components to decide on their own what documents they will share with the OIG, and even whether the Inspector General Act requires them to provide us with requested information. The delays experienced in this review impeded our work, delayed our ability to discover the significant issues we ultimately identified, wasted Department and OIG resources during the pendency of the dispute, and affected our confidence in the completeness of our review.
This was not an isolated incident. Rather, we have faced repeated instances over the past several years in which our timely access to records has been impeded, and we have highlighted these issues in our reports on very significant matters such as the Boston Marathon Bombing, the Department’s use of the Material Witness Statute, the FBI’s use of National Security Letters, and ATF’s Operation Fast and Furious.
The Congress recognized the significance of this impairment to the OIG’s independence and ability to conduct effect oversight, and included a provision in the Fiscal Year 2015 Appropriations Act — Section 218 — which prohibits the Justice Department from using appropriated funds to deny, prevent, or impede the OIG’s timely access to records, documents, and other materials in the Department’s possession, unless it is in accordance with an express limitation of Section 6(a) of the IG Act. Despite the Congress’s clear statement of intent, the Department and the FBI continue to proceed exactly as they did before Section 218 was adopted – spending appropriated funds to review records to determine if they should be withheld from the OIG. The effect is as if Section 218 was never adopted. The OIG has sent four letters to Congress to report that the FBI has failed to comply with Section 218 by refusing to provide the OIG, for reasons unrelated to any express limitation in Section 6(a) of the IG Act, with timely access to certain records.
We are approaching the one year anniversary of the Deputy Attorney General’s request in May 2014 to the Office of Legal Counsel for an opinion on these matters, yet that opinion remains outstanding and the OIG has been given no timeline for the issuance of the completed opinion. Although the OIG has been told on occasion over the past year that the opinion is a priority for the Department, the length of time that has now passed suggests otherwise. Instead, the status quo continues, with the FBI repeatedly ignoring the mandate of Section 218 and the Department failing to issue an opinion that would resolve the matter. The result is that the OIG continues to be prevented from getting complete and timely access to records in the Department’s possession. The American public deserves and expects an OIG that is able to conduct rigorous oversight of the Department’s activities. Unfortunately, our ability to conduct that oversight is being undercut every day that goes by without a resolution of this dispute.
At some point, Congress is going to have to decide whether it will use the power of the purse — as they have authorized by statute — to force DEA and FBI to meet the same standards of disclosure that mere citizens would be required if DEA and FBI were investigating them.
Until then, we should just assume FBI and DEA are breaking the law.
Jim Comey wants to sacrifice individual security to ensure the FBI can access cell phones easily.
But in an audit of a forensic lab in Philadelphia, DOJ’s Inspector General found that the FBI is not keeping adequate control of the kiosks that FBI uses to do initial reviews of data on cell phones.
As the report describes, cell phone kiosks serve as a “preview” tool of the contents of the data stored on a phone.
Cell Phone Investigative Kiosks (Kiosks) are available at select FBI field offices and RCFLs. A Kiosk is a preview tool that allows users to quickly and easily view data stored on a cell phone, extract the data to use as evidence, put it into a report, and copy the report to an electronic storage device such as a compact disk. Kiosks are not designed to take the place of full-scale cell phone examinations performed by certified Forensic Examiners; however, the evidence produced by a Kiosk is admissible in a court of law. Kiosk users are required to take a one-time hour-long training course and be familiar with computers. In addition, FBI policy requires Kiosk users to confirm they possess the proper legal authority for the search of data on cell phones or loose media.
The FBI only recently started tracking who had access to these kiosks. And when DOJ IG audited this office’s use of the kiosk, it found that 27% of the people who were accessing it hadn’t filled out the requisite paperwork to ensure only appropriate people used it.
We found that the PHRCFL did not have adequate controls over the access and use of its Kiosks. FBI policy requires Kiosk users to confirm they possess the proper legal authority for the search of data on cell phones or loose media. During our fieldwork, the FBI did not provide any information to show that PHRCFL Kiosk users were required to sign-in, identify the case related to the evidence being examined, or, as required by FBI policy, confirm that they possessed the proper legal authority to search for evidence on the cell phone. In addition, the FBI did not provide us with any information regarding controls in place at the PHRCFL to ensure that users do not use the Kiosks for non-law enforcement matters.
we conducted limited testing of 25 visits during FYs 2012 through 2014 to verify compliance with the procedures in place. When the PHRCFL began using the Acknowledgment Form in May 2012, its visitor’s log contained a field for the purpose of each visitor’s visit. We selected names from the visitor’s log whose stated purpose for the visit was Kiosk usage and compared those names and dates to the corresponding Acknowledgment Forms. For the 17 visits we selected between May 2012 and January 2013, we found that approximately 24 percent of the PHRCFL Kiosk-related visitor log entries did not have corresponding Acknowledgment Forms.
We believe that although the Kiosks are an efficient tool for law enforcement officers to use to examine digital evidence that may not require the extensive examination of a certified Forensic Examiner, Kiosks are vulnerable to potentially serious abuse. For example, without proper controls, it is possible that a Kiosk user could use this tool to view private cell phone information for non-law enforcement purposes. It also is possible for a user to use a Kiosk without proper legal authority, thereby engaging in a Fourth Amendment violation.
Later in the report, the IG noted that none of the centralized databases tracking other uses of the forensic office track use of the kiosk. That, combined with the paperwork failures, would sure permit FBI to do a whole lot of illegal cell phone searching that would not be tracked.
Which might explain why the numbers FBI shows for searching cell phones don’t actually match Director Comey’s stated concerns about iPhone encrypting its phone.
Last week, I called attention to the fact that in printing an op-ed by Olli Heinonen (co-authored by Michael Hayden and Ray Takeyh), the Washington Post failed to disclose Heinonen’s position on the advisory board of the anti-Iran group United Against Nuclear Iran. One week later, the Post still has not corrected its identification of Heinonen. Today, we see that Heinonen’s deceptive anti-Iran campaign continues, where he appears as a key expert quoted in a front page New York Times article by David Sanger and Michael Gordon. Once again, Heinonen is only identified by his previous IAEA and current Harvard roles, ignoring his more relevant current role with UANI.
Ironically, today’s Times story is a follow-up to a story in November in which Sanger committed a glaring error which still has not been noted by the Times. Heinonen’s co-conspirator from the Post op-ed, Ray Takeyh, also makes an appearance in today’s Sanger and Gordon article, suggesting that their propaganda will remain as a package deal for the duration of the P5+1 negotiations.
Note also that last Monday, the defamation case by Victor Restis against UANI was thrown out by a district court after the Department of Justice successfully intervened to have the case quashed under a claim that state secrets would have been divulged. Writing in Bloomberg View, Noah Feldman mused:
What makes matters worse is the lingering possibility, indeed probability, that what the government fears is not a true threat to national security, but a severe case of embarrassment. It’s difficult to escape the conclusion that United Against is a front organization for U.S. intelligence, possibly acting in conjunction with other foreign intelligence services. The allegation that Restis was doing business in Iran seems almost certain to have come from one of these intelligence services. Would acknowledging cooperation between, say, the Central Intelligence Agency and Mossad regarding Iran really upend national security? True, it’s a delicate time in the Iran nuclear negotiations. But no one, least of all the Iranians, doubts that U.S. and Israeli intelligence collaborate.
Though Feldman notes that it seems obvious there is an intelligence conduit between the CIA and/or Mossad and UANI and he even notes that disclosing this now would be awkward for the P5+1 negotiations, he should have gone further to note that this intelligence link, and the subsequent selective leaks, seem aimed to disrupt those negotiations and prevent an agreement.
In that same vein, it should be noted that the Sanger and Gordon article focuses only on barriers to an agreement. In addition to Heinonen and Takeyh, the article also sought out comment from John Boehner. No comment was offered in the article from anyone favoring an agreement or suggesting that Iran has abided by the terms of the interim agreement (although they do note IAEA has reported this cooperation) despite Boehner’s protestation that the Iranians don’t keep their word.
Further, Sanger and Gordon write that Heinonen published a paper on the breakout time needed for Iran to enrich enough uranium to weapons grade to produce a bomb. As a scientist, when I read that someone has published a paper, I assume that means it has appeared in a peer-reviewed journal. Following the link in the Times article for Heinonen’s “paper”, though, brings one to the website for a think tank, where Heinonen’s piece is only referred to as a fact sheet. [And, true to form, the site mentions Heinonen’s former IAEA role but not his current UANI role.]
It is impossible for me to escape the conclusion that Olli Heinonen and Ray Takeyh are part of an organized propaganda campaign aimed at disrupting the P5+1 talks and preventing an agreement. This propaganda is eagerly published by a compliant press, with the New York Times, Washington Post and AP among the most recent examples I have noted.
It is long past time for Heinonen to list his UANI affiliation in all his public pronouncements. His refusal to do so can only be seen as deception on his part and an effort to lend IAEA and Harvard credence to UANI propaganda.
Update: The US has disputed the central claim of the Sanger and Gordon article at the heart of this post. Sanger and Gordon report on that here.
I’m still deep in this 9/11 Follow-up Report FBI, which Jim Comey and now-retired Congressman Frank Wolf had done last year and which released the unsurprising topline conclusion that Jim Comey needs to have more power, released earlier this week.
About the only conclusion in the report that Comey disagreed with — per this Josh Gerstein report — is that it should get out of the business of Countering Violent Extremism.
Comey said he agreed with many of the report’s recommendations, but he challenged the proposal that the FBI leave counter-extremism work to other agencies.
“I respectfully disagree with the review commission,” the director said. “It should not be focused on messages about faith it should not be socially focused, but we have an expertise … I have these people who spend all day long thinking dark thoughts and doing research at Quantico, my Behavioral Analysis Unit. They have an incredibly important role to play in countering violent extremism.”
Here’s what the report had to say about FBI and CVE (note, this is a profoundly ahistorical take on the serial efforts to CVE, but that’s just one of many analytical problems with this report).
The FBI, like DHS, NCTC, and other agencies, has made an admirable effort to counter violent extremism (CVE) as mandated in the White House’s December 2011 strategy, Empowering Local Partners to Prevent Violent Extremism in the United States. In January 2012, the FBI established the Countering Violent Extremism Office (CVEO) under the National Security Branch.322 The CVEO was re-aligned in January 2013 to CTD’s Domestic Terrorism Operations Section, under the National JTTF, to better leverage the collaborative participation of the dozens of participating agencies in FBI’s CVE efforts.323 Yet, even within FBI, there is a misperception by some that CVE efforts are the same as FBI’s community outreach efforts. Many field offices remain unaware of the CVE resources available through the CVEO.324 Because the field offices have to own and integrate the CVE portfolio without the benefit of additional resources from FBI Headquarters, there is understandably inconsistent implementation. The Review Commission, through interviews and meetings, heard doubts expressed by FBI personnel and its partners regarding the FBI’s central role in the CVE program. The implementation had been inconsistent and confusing within the FBI, to outside partners, and to local communities.325 The CVEO’s current limited budget and fundamental law enforcement and intelligence responsibilities do not make it an appropriate vehicle for the social and prevention role in the CVE mission. Such initiatives are best undertaken by other government agencies. The Review Commission recommends that the primary social and prevention responsibilities for the CVE mission should be transferred from the FBI to DHS or distributed among other agencies more directly involved with community interaction.
(U) Recommendation 6: The Review Commission recommends that the primary social and prevention responsibilities for the CVE mission should be transferred from the FBI to DHS or distributed among other agencies more directly involved with community interaction.
For what it’s worth, Muslim communities increasingly agree that the FBI — and the federal government generally — should not be in the business of CVE. But that’s largely because the government approaches it with the same view Comey does: by thinking immediately of his analysts thinking dark thoughts at Quantico. So if some agency that had credibility — if some agency had credibility — at diverting youth (of all faiths) who might otherwise get caught in an FBI sting, I could support it moving someplace else, but I’m skeptical DHS or any other existing federal agency is that agency right now.
While the Review doesn’t say explicitly in this section what it wants the FBI to be doing instead of CVE, elsewhere it emphasizes that it wants the FBI to do more racial profiling (AKA “domain awareness”) and run more informants. Thus, I think it fair to argue that the Ed Meese-led panel thinks the FBI should spy on Muslims, not reach out to them. Occupation-style federal intelligence gathering, not community based.
Which is why I think this approach to Muslim communities should be compared directly with the Review’s approach with corporations. The same report that says FBI should not be in the business of CVE — which done properly is outreach to at-risk communities — says that it should accelerate and increase its funding for its outreach to the private sector.
(U) Recommendation 5: The Review Commission recommends that the FBI enhance and accelerate its outreach to the private sector.
- (U) The FBI should work with Congress to develop legislation that facilitates private companies’ communication and collaboration and work with the US Government in countering cyber threats.
- (U) The FBI should play a prominent role in coordinating with the private sector, which the Review Commission believes will require a full-time position for a qualified special agent in the relevant field offices, as well as existing oversight at Headquarters.
Indeed, in a paragraph explaining why the FBI should add more private sector liaisons (and give them the same credit they’d get if they recruited corporations as narcs, only corporations shouldn’t be called “sources” because it would carry the stigma of being a narc), the Review approvingly describes the FBI liaison officers working with corporations to promote better Internet hygiene.
The Review Commission learned that the FBI liaison positions have traditionally been undervalued but that has begun to change as more experienced special agents take on the role, although this has not yet resulted in adequate numbers of assigned special agents or adequate training for those in the position. One field office noted that it had 400 cleared defense contractors (CDCs) in its AOR—ranging from large well known names to far smaller enterprises—with only one liaison officer handling hundreds of CDCs. This field office emphasized the critical need for more liaison officers to conduct outreach to these companies to promote better internet hygiene, reduce the number of breaches, and promote long-term cooperation with the FBI.319 Another field office noted, however, some sensitivity in these liaison relationships because labeling private sector contacts as sources could create a stigma. The field office argued that liaison contacts should be considered valuable and special agents should receive credit for the quality of liaison relationships the same way they do for CHSs.320
Ed Meese’s panel wants the FBI to do the digital equivalent of teaching corporations to blow their nose and wash their hands after peeing, but it doesn’t think the FBI should spend time reaching out to Muslim communities but should instead spy on them via paid informants.
Maybe there are good reasons for the panel’s disparate recommended treatment of corporations and Muslim communities. If so, the Review doesn’t explain it anywhere (though the approach is solidly in line with the Intelligence Committees’ rush to give corporations immunity to cyber share information with the federal government).
But it does seem worth noting that this panel has advocated the nanny state for one stakeholder and STASI state for another.
As I noted earlier, I’m reading the 9/11 Follow-Up Report just completed for FBI. And while there are some interesting insights in it, in general I think the analysis of the report itself is pretty horrible (which is funny because the report says FBI needs more analysts). I’ll have more specific details on that later, but I wanted to point to what the report says about FBI not adopting “Central Strategic Coordinating Components” or CSCCs, which are basically analysts in each Field Office that are supposed to do “domain awareness” for the Field Office. That means they’re supposed to get to know the neighborhood to anticipate any problems that might come up. (As far as I know, no one has ever thought of doing a domain awareness for Wall Street, in spite of all the new threats that pop up there over and over.)
As the report makes clear, every Field Office is supposed to have someone doing this. But, as documents obtained by ACLU under FOIA have shown, it often amounts to racial profiling, whether that be Muslims or Latinos or something else. And, at least given the NYPD example, where their domain awareness program never found any plot (and didn’t find two plots covered by this FBI report, notably the Najibullah Zazi attack), there’s no evidence I know of that they actually help to prevent crimes.
Yet rather than analyzing whether this concept serves any purpose whatsoever, it instead says, “it’s corporate policy, no one is doing it well, so it needs to improve.” (Note, most of the named people interviewed for the report are not FBI agents, and many come from CIA or another intelligence agency; John Brennan, who almost certainly had a role in setting up NYPD on the Hudson, for example, was interviewed.)
What I find particularly remarkable is what the report found in the field.
According to one anecdote, 20% of analysts (not even Field Agents!) understand the point of this. And even in offices where they do understand, the Field Agents won’t do their part by going and filling in the blanks analysts identify.
Call me crazy. But maybe the people responding to actual crimes believe they learn enough in that process — and are plenty busy enough trying to catch criminals — that they don’t see the point of racially profiling people like NYPD does? Maybe they believe the ongoing threats are where the past ones of have been, and there’s no need to spend their time investigating where there aren’t crimes in case there ever are in the future?
I don’t know. But I think the Field Agents might be onto something.
Update, 3/27: Adding, there seems to be a logic problem with this too. Another big push for the FBI — a more understandable one, but not without risks of its own — is that FBI partner much more closely with local cops. If the local cops are doing their job well, wouldn’t they provide the “domain awareness” FBI needs? This is actually a point a senior FBI manager noted in discussing its relationship with ODNI (see page 92). Admittedly, a lot of cops are occupiers rather than local stewards of safety, but that’s a separate problem.
Update, 3/27: The report returns to domain awareness again, pointing to that as the one thing that can differentiate between a domestic security agency and an intelligence agency.
As the FBI began its transformation into a national security organization, at the heart of that transformation was the concept of domain awareness. Domain awareness reflected the realization that the FBI could not be reactive and wait for cases to develop, it had to proactively seek to understand its environment. From the Review Commission’s perspective, that means that domain analysis, which attempts to capture what is known and identify gaps for further collection, is at the heart of the FBI’s transformation into a domestic intelligence agency, and it needs to be a process informed by everything the USIC has to offer. This includes all information from local sources—law enforcement, colleges and universities, and prisons—to which other parts of the USIC do not have access. Robust domain analysis will allow the FBI to harness its considerable skill at collection and source development in support of identifying new threats in addition to collecting against known threats. A failure to achieve that goal will leave the US with a domestic security service rather than a domestic intelligence agency, and with a vulnerability to homegrown threats that fall outside the purview of our foreign intelligence establishment.316
(U) CSCCs are responsible for the FBI’s domain awareness and analysis. Each field office is required to establish a CSCC. The groups are comprised of small groups of intelligence analysts who are tasked to produce foundational documents such as Domain Intelligence Notes (DINs) and Threat Mitigation Strategies (TMSs). They also expose information gaps and guide special agents’ planned or incidental collection efforts. Effective CSCCs are critical to ensuring that field office efforts are threat-based and intelligence-driven.
(U) But during its field office visits, the Review Commission observed an uneven application of the CSCC concept and that many field offices struggled with effectively operating its CSCC. In the majority of the field offices the Review Commission visited, the CSCCs were not performing their intended functions. 215 Many of the intelligence analysts who were initially assigned to the CSCC had been moved to operational squads to provide tactical support to case agents, leaving the CSCC understaffed and unable to fulfill its primary mission.216 In some field offices, CSCC analysts were so involved in tactical support that their DINs and TMSs languished until the SAC accounted for them in the office’s mid and year-end reviews.217
(U) A centerpiece of the FBI’s intelligence framework is domain analysis, which entails the ability to understand what is happening in a given area of operations using all available sources of data. Accordingly, domain management is the FBI’s systematic process to develop strategic awareness in order to: identify and prioritize threats, vulnerabilities, and intelligence gaps; contribute to the efficient allocation of resources and operational decisions; discover new opportunities for collection; and set tripwires to provide advance warning.218 The Review Commission strongly believes that the field offices must prioritize collection opportunities to identify, develop, and pursue new intelligence leads in concert with their ongoing investigations.
(U) In many field offices we visited there was only one intelligence analyst left on the CSCC to conduct domain analysis for the field office and even then they spent much of their time mapping existing incidents and/or efforts. There was no observable forward looking aspect to the work. From the Review Commission’s observations, even when the DINs and TMSs are produced they are not generally valued at the field office-level as parts of a comprehensive intelligence collection plan (e.g., the plan that establishes the field’s baseline knowledge, identifies intelligence gaps, and informs the field’s strategy to mitigate new threats).219 In one field office we were told that an analyst had produced a comprehensive collection plan but it was ignored by the special agents who would have to implement it.220 We attribute this to a special agent-driven culture that still does not necessarily understand the value of filling intelligence collection requirements and, therefore, renders this overall mission a lower priority than it should be. It can also be attributed to the lack of sufficient leadership to hold field office personnel accountable for intelligence as well as criminal responsibilities.
215 (U) Some offices demonstrated a much higher comprehension of the CSCC concept and value and consequently provided higher levels of resources to facilitate mission success. The Review Commission would like to commend, however, the one field office that acknowledged that it was struggling with creating an effective CSCC and planned to visit another field office that is believed to be doing a better job so as to learn how others are operating a CSCC and perhaps identify best practices to bring back and implement. Memorandum for the Record, July 28, 2014.
216 (U) One intelligence analyst speculated the CSCC concept was widely misunderstood across the FBI because the benefit to special agents is unclear. The intelligence analyst also estimated that approximately 20 percent of analysts understood the meaning and purpose of the CSCC. Memorandum for the Record, September 17, 2014.
217 (U) Memorandum for the Record, August 14, 2014.
218 (U) Federal Bureau of Intelligence, Directorate of Intelligence, Intelligence Program Corporate Policy Directive and Policy Implementation Guide, May 2, 2013: 62.
219 (U) Memorandum for the Record, September 19, 2014.
220 (U) Memorandum for the Record, July 29, 2014.
I’m preparing to do a series of posts on CISA, the bill passed out of SSCI this week that, unlike most of the previous attempts to use cybersecurity to justify domestic spying, may well succeed (I’ve been using OTI’s redline version which shows how SSCI simply renamed things to be able to claim they’re addressing privacy concerns).
But — particularly given Richard Burr’s office’s assurances this bill is great because “business groups like the Financial Services Roundtable and the National Cable & Telecommunications Association have already expressed their support for the bill” — I wanted to raise a question I’ve been pondering.
To what extent have banks won themselves immunity by serving as intelligence partners for the federal government?
I ask for two reasons.
First, when asked why she, along with Main Justice’s Lanny Breuer, authorized the sweetheart deal for recidivist transnational crime organization HSBC, Attorney General nominee Loretta Lynch implied that there was insufficient admissible evidence to try any individuals associated with this recidivism.
I and the dedicated career prosecutors handling the investigation carefully considered whether there was sufficient admissible evidence to prosecute an individual and whether such a prosecution otherwise would have been consistent with the principles of federal prosecution contained in the United States Attorney’s Manual.
That’s surprising given that Carl Levin managed to come up with 300-some pages of evidence. Obviously, there are several explanations for this response: she’s lying, the evidence is inadmissible because HSBC provided it willingly thereby making it unusable for prosecution, or the evidence was collected in ways that makes it inadmissible.
It’s the last one I’ve been thinking about: is it remotely conceivable that all the abundant evidence against banksters their regulators have used to obtain serial handslaps is for some reason inadmissible in a criminal proceeding?
I started thinking about that as a real possibility when PCLOB revealed that Treasury’s Office of Intelligence and Analysis has never once — not in the 30-plus years since Ronnie Reagan told them they had to — come up with minimization procedures to protect US person privacy with data collected under EO 12333. Maybe that didn’t matter so much in 1981, but since 2004, Treasury has had an ever-increasing role in using intelligence (collected from where?) to impose judgments against people with almost no due process. And those judgements are, in turn, used to impose other judgments on Americans with almost no due process.
The thing is, you’d think banks might care that Treasury wasn’t complying with Executive Branch requirements on privacy protection. Not only because they care (ha!) about their customers, whether American or not, but because many of them are, themselves, US persons. US bank US person status should limit how much Treasury diddles with bank-related intelligence, but Treasury doesn’t appear bound by that.
Which leads me to suspect, at least, that there’s something in it for the banks, something that more than makes up for the serial handslaps for sanctions violations.
And one possibility is that because of the way this data is collected and shared, it can’t be used in a trial. Voila! Bank immunity.
All that’s just a wildarsed guess.
But one made all the more pressing given that Treasury is among the Appropriate Federal Entities that will be default intelligence recipients for cyber information under CISA.
(3) APPROPRIATE FEDERAL ENTITIES.—
The term ‘‘appropriate Federal entities’’ means the following:
(A) The Department of Commerce.
(B) The Department of Defense.
(C) The Department of Energy.
(D) The Department of Homeland Security.
(E) The Department of Justice.
(F) The Department of the Treasury.
(G) The Office of the Director of National Intelligence.
To some degree, this is not in the least bit surprising. After all, financial regulators have increasingly made cybersecurity a key regulatory concern of late, so it makes sense for Treasury to be in the loop.
But banksters rarely — never! — add regulatory exposure for themselves without a fight and, as Burr’s office has made clear, the banks love this bill.
One more datapoint, back to HSBC. As I noted when Lanny Breuer and Loretta Lynch announced that handslap, Breuer neglected to mention that HSBC was getting a handslap not just for helping cartels profit off drugs, but also helping terrorists fund their activities (at the time Pete Seda was being held without bail on charges the government insisted amounted to material support for terrorists for handing a check to Chechens using cash that had come indirectly from HSBC). The actual settlement, however, made mention of it by explaining that HSBC had “assisted the Government in investigations of certain individuals suspected of money laundering and terrorist financing.” By dint of that cooperation, in other words, HSBC went from being a material supporter of terrorism to being a deputy financial cop. And Breuer expanded that notion of banks serving as deputized financial cops thereafter.
Are the methods and terms by which we’re collecting all this financial intelligence to use against some bad guys precisely what prevents us from holding the even bigger bad guys — the ones affecting far more of us directly, in the form of the houses we own, the towns we live in, the opportunity costs paid to financial crime — accountable?
And will this system now be replicated under CISA (or has it, already) as banks turn into cyber crime deputized cops?