As I noted earlier, I’m reading the 9/11 Follow-Up Report just completed for FBI. And while there are some interesting insights in it, in general I think the analysis of the report itself is pretty horrible (which is funny because the report says FBI needs more analysts). I’ll have more specific details on that later, but I wanted to point to what the report says about FBI not adopting “Central Strategic Coordinating Components” or CSCCs, which are basically analysts in each Field Office that are supposed to do “domain awareness” for the Field Office. That means they’re supposed to get to know the neighborhood to anticipate any problems that might come up. (As far as I know, no one has ever thought of doing a domain awareness for Wall Street, in spite of all the new threats that pop up there over and over.)
As the report makes clear, every Field Office is supposed to have someone doing this. But, as documents obtained by ACLU under FOIA, it often amounts to racial profiling, whether that be Muslims or Latinos or something else. And, at least given the NYPD example, where their domain awareness program never found any plot (and didn’t find two plots covered by this FBI report, notably the Najibullah Zazi attack), there’s no evidence I know of that they actually help to prevent crimes.
Yet rather than analyzing whether this concept serves any purpose whatsoever, it instead says, “it’s corporate policy, no one is doing it well, so it needs to improve.” (Note, most of the named people interviewed for the report are not FBI agents, and many come from CIA or another intelligence agency; John Brennan, who almost certainly had a role in setting up NYPD on the Hudson, for example, was interviewed.)
What I find particularly remarkable is what the report found in the field.
According to one anecdote, 20% of analysts (not even Field Agents!) understand the point of this. And even in offices where they do understand, the Field Agents won’t do their part by going and filling in the blanks analysts identify.
Call me crazy. But maybe the people responding to actual crimes believe they learn enough in that process — and are plenty busy enough trying to catch criminals — that they don’t see the point of racially profiling people like NYPD does? Maybe they believe the ongoing threats are where the past ones of have been, and there’s no need to spend their time investigating where there aren’t crimes in case there ever are in the future?
I don’t know. But I think the Field Agents might be onto something.
(U) CSCCs are responsible for the FBI’s domain awareness and analysis. Each field office is required to establish a CSCC. The groups are comprised of small groups of intelligence analysts who are tasked to produce foundational documents such as Domain Intelligence Notes (DINs) and Threat Mitigation Strategies (TMSs). They also expose information gaps and guide special agents’ planned or incidental collection efforts. Effective CSCCs are critical to ensuring that field office efforts are threat-based and intelligence-driven.
(U) But during its field office visits, the Review Commission observed an uneven application of the CSCC concept and that many field offices struggled with effectively operating its CSCC. In the majority of the field offices the Review Commission visited, the CSCCs were not performing their intended functions. 215 Many of the intelligence analysts who were initially assigned to the CSCC had been moved to operational squads to provide tactical support to case agents, leaving the CSCC understaffed and unable to fulfill its primary mission.216 In some field offices, CSCC analysts were so involved in tactical support that their DINs and TMSs languished until the SAC accounted for them in the office’s mid and year-end reviews.217
(U) A centerpiece of the FBI’s intelligence framework is domain analysis, which entails the ability to understand what is happening in a given area of operations using all available sources of data. Accordingly, domain management is the FBI’s systematic process to develop strategic awareness in order to: identify and prioritize threats, vulnerabilities, and intelligence gaps; contribute to the efficient allocation of resources and operational decisions; discover new opportunities for collection; and set tripwires to provide advance warning.218 The Review Commission strongly believes that the field offices must prioritize collection opportunities to identify, develop, and pursue new intelligence leads in concert with their ongoing investigations.
(U) In many field offices we visited there was only one intelligence analyst left on the CSCC to conduct domain analysis for the field office and even then they spent much of their time mapping existing incidents and/or efforts. There was no observable forward looking aspect to the work. From the Review Commission’s observations, even when the DINs and TMSs are produced they are not generally valued at the field office-level as parts of a comprehensive intelligence collection plan (e.g., the plan that establishes the field’s baseline knowledge, identifies intelligence gaps, and informs the field’s strategy to mitigate new threats).219 In one field office we were told that an analyst had produced a comprehensive collection plan but it was ignored by the special agents who would have to implement it.220 We attribute this to a special agent-driven culture that still does not necessarily understand the value of filling intelligence collection requirements and, therefore, renders this overall mission a lower priority than it should be. It can also be attributed to the lack of sufficient leadership to hold field office personnel accountable for intelligence as well as criminal responsibilities.
215 (U) Some offices demonstrated a much higher comprehension of the CSCC concept and value and consequently provided higher levels of resources to facilitate mission success. The Review Commission would like to commend, however, the one field office that acknowledged that it was struggling with creating an effective CSCC and planned to visit another field office that is believed to be doing a better job so as to learn how others are operating a CSCC and perhaps identify best practices to bring back and implement. Memorandum for the Record, July 28, 2014.
216 (U) One intelligence analyst speculated the CSCC concept was widely misunderstood across the FBI because the benefit to special agents is unclear. The intelligence analyst also estimated that approximately 20 percent of analysts understood the meaning and purpose of the CSCC. Memorandum for the Record, September 17, 2014.
217 (U) Memorandum for the Record, August 14, 2014.
218 (U) Federal Bureau of Intelligence, Directorate of Intelligence, Intelligence Program Corporate Policy Directive and Policy Implementation Guide, May 2, 2013: 62.
219 (U) Memorandum for the Record, September 19, 2014.
220 (U) Memorandum for the Record, July 29, 2014.
Glenn Greenwald reports that, when he asked German Vice Chancellor Sigmar Gabriel why he doesn’t offer asylum to Edward Snowden, Gabriel revealed the US had threatened to cut Germany off from intelligence sharing if they did.
German Vice Chancellor Sigmar Gabriel (above) said this week in Homburg that the U.S. Government threatened to cease sharing intelligence with Germany if Berlin offered asylum to NSA whistleblower Edward Snowden or otherwise arranged for him to travel to that country. “They told us they would stop notifying us of plots and other intelligence matters,” Gabriel said.
The Vice Chancellor delivered a speech in which he praised the journalists who worked on the Snowden archive, and then lamented the fact that Snowden was forced to seek refuge in “Vladimir Putin’s autocratic Russia” because no other nation was willing and able to protect him from threats of imprisonment by the U.S. Government (I was present at the event to receive an award). That prompted an audience member to interrupt his speech and yell out: “why don’t you bring him to Germany, then?”
Afterward, however, when I pressed the Vice Chancellor (who is also head of the Social Democratic Party, as well as the country’s Economy and Energy Minister) as to why the German government could not and would not offer Snowden asylum – which, under international law, negates the asylee’s status as a fugitive – he told me that the U.S. Government had aggressively threatened the Germans that if they did so, they would be “cut off” from all intelligence sharing. That would mean, if the threat were carried out, that the Americans would literally allow the German population to remain vulnerable to a brewing attack discovered by the Americans by withholding that information from their government.
Which is odd, because CIA Director John Brennan just implied — in a speech that was largely about information sharing — that the US continues to engage with Russia on terrorism issues, even though it hosts Snowden.
QUESTION: James Sitrick, Baker & McKenzie. You spent a considerable amount of your opening remarks talking about the importance of liaison relationships. Charlie alluded to this in one of his references to you, on the adage—the old adage has it that the enemy of your enemy is your friend. Are we in any way quietly, diplomatically, indirectly, liaisoning with Mr. Soleimani and his group and his people in Iraq?
BRENNAN: I am not engaging with Mr. Qasem Soleimani, who is the head of the Quds Force of Iran. So no, I am not.
I am engaged, though, with a lot of different partners, some of close, allied countries as well as some that would be considered adversaries, engaged with the Russians on issues related to terrorism.
We did a great job working with the Russians on Sochi. They were very supportive on Boston Marathon. We’re also looking at the threat that ISIL poses both to the United States as well as to Russia.
So I try to take advantage of all the different partners that are out there, because there is a strong alignment on some issues—on proliferation as well as on terrorism and others as well.
Admittedly, the timing on Snowden’s asylum in Russia is pretty remarkable, coming as it did after Sochi and two months after the Marathon attack, launched by brothers with ties to Chechnya. In fact, in Dzhokhar’s trial, we just learned that Tamerlan sent $900 back to Chechnya in the weeks before the attack. Thus, at the time Putin granted Snowden his first year of asylum, the US needed Russian cooperation more urgently than Russia needed America’s (and Putin was carefully managing that relationship).
Still, by tying cooperation with Russia to ISIL, Brennan implied it is ongoing (not least because the government was not as engaged against ISIL as it might have been until a year after Snowden arrived in Russia).
At least if we’re to believe Gabriel, the US threatened to cut off a close ally if it hosted Snowden, but it continues to share intelligence with one of our major adversaries on matters of common interest.
In his appearance as the Council on Foreign Relations today, a woman with Human Rights Watch listed (starting at 56:30) a number of abuses our “partners” in the fight against ISIL engage in, including,
She then asked, “How do you think Iraqi Sunni civilians should distinguish between the good guys and the bad guys in this circumstance”?
After clearing his throat, Brennan responded,
It’s tough sorting out good guys and bad guys in a lot of these areas. It is. And human rights abuses, whether they take place on the part of I-S-I-L or of militias or individuals who are working as part of formal security services, needs to be exposed, needs to be stopped. In an area like Iraq and Syria, there has been some horrific, horrific human rights abuses and this is something that I think we need to be able to address. And when we see it, we do bring it to the attention of authorities. And we will not work with entities that are engaged in such activities.
Brennan changed a question that twice explicitly included Saudi Arabia to one that included only Syria and Iraq. Which he would have to do — because the US is not about to stop working with “entities” like Saudi Arabia, even if they do behead as many people as ISIL.
Rather than asking John Brennan challenging questions about the reform of CIA at Brennan’s Council on Foreign Relations event Friday, Charlie Rose instead asked John Brennan what he saw as the challenge to CIA’s analytical function over the next 15 years (around 39:50).
Here’s how Brennan responded:
The world is becoming more and more challenging. Nation-states are under increasing challenge and threat. More and more, we see individuals in different corners of the world who are identifying with sub-national groups and organizations. And so just the authority of nation-states and governments I think is being looked at in a different way than it did just 20 years ago. And so this is one of the things that we really have to be able to understand and anticipate and work with foreign governments because if you’re going to have basically the dissolution of the nation-state structure that we’ve had for centuries, it’s really going to be even a more chaotic world.
I don’t actually disagree with Brennan. I’ve been saying we’re headed for NeoFeudalism for over a decade.
That said, the policies of the US government are really fostering this change. Drones — as well as increased reliance on paramilitary forces — are one thing that contributes to this. So do trade agreements, especially the ones the US is trying to force on Asia and Europe right now. US demands that its corporations help the US spy in other countries is another factor.
Yet, nevertheless, the government is pursuing these policies even while recognizing that the dissolution of the nation-state system will bring much more chaos.
Brennan describes it like a bug, but US policy suggests it’s a feature.
Update: Take this prediction in tandem with James Clapper’s judgement that “Roughly half of the world’s currently stable countries are at some risk of instability over the next two years.”
In his talk at the Council on Foreign Relations, John Brennan was asked about terrorists’ use of offshore bank and shell companies (just after 50:00)
I must say that the US Department of the Treasury as well as other institutions of the US government have been very very effective and successful working, again, with international partners to try to uncover and uproot this, but it’s not just for terrorism purposes, it’s for organized crime, narco, um, cartels and others.
It would be thoroughly unsurprising if NSA were spying on monetary flows. After all, their dominance of international telecom cables mean they dominate the infrastructure tracking that flow. Plus there’s that whole SWIFT thing.
But it’s nice to know from John Brennan that those “other institutions” have so thoroughly uncovered and uprooted that kind of intelligence, while presumably ignoring the crimes of Jamie Dimon.
I noted some weeks ago about how John Brennan — who had failed spectacularly on cybersecurity while at the White House but then learned the joys of hacking targets when he spied on the Senate Intelligence Committee — was rolling out a cyber directorate.
On Wednesday and yesterday, Brennan rolled out that change amid a larger restructuring.
In a troubling sign, the plan twice refers to the “digital revolution” as if it were in progress right now, not something that has already happened and is now our status quo. “Second, we must be positioned to embrace and leverage the digital revolution to the benefit of all mission areas.” But don’t worry, because Brennan says this reorganization will prevent the CIA from suffering the fate of Kodak, which didn’t anticipate digital cameras. CIA is embracing the “digital revolution” so it doesn’t miss the next one, I guess, as it did with the Arab Spring.
With all the focus on the digital directorate, however, I think there are aspects of this reorganization plan that are far more worthy of note.
First, the whole thing reads like a mid-1990s business reorganization plan, organized into “themes” and speaking of “investing in our people” and a new Talent Development Center of Excellence and embracing and modernizing and blah blah blah. That’s troubling, because those jargon-driven reorganizations usually failed after some Mitt Romney type had stripped the entity in question for cash. At least in the unclassified description of the reorganization, the plan seems better served to attract credulous investors than to effect change.
Just as telling, the unclassified plan says nothing about how CIA will retain what linguistic and cultural skills it has after it shifts to a more topical and less geographic structure. Digital analysis is nice, but there will come a time when someone is going to have read the content that metadata has identified, and we can’t simply rely on foreign partners to do this or we’ll be susceptible to their disinformation.
Finally, there’s this section:
Theme Three: Modernize the way we do business. The pace of world events and technological change demands that Agency leaders be able to make decisions with agility, at the appropriate level, with the right information, and in the interests of the broader enterprise. We must have the capacity to make the sound strategic decisions needed to build a better Agency and run it efficiently, even as we respond to urgent external requirements. We must empower our officers to address the operational, analytical, technological, support, and other issues that are at the heart of what we do every day. Accordingly, we will:
- Enhance and empower the Executive Director’s role and responsibilities to manage day-to-day organizational functions, including overseeing a revamped corporate governance model.
- Create a restructured Executive Secretary office to streamline core executive support functions, thereby increasing effectiveness and efficiency.
- Even as we improve our ability to govern and make decisions and streamline our processes at the enterprise level, there will be a corresponding effort to delegate decisionmaking and accountability for achieving mission to the lowest appropriate level and to streamline our processes and practices throughout the Agency.
Perhaps I should just trust Brennan here, because he has served as both Chief of Staff to the Director and Deputy Executive Director, so he knows how these critical management roles function. But it also sounds like a bid to have the Director’s immediate staff more involved in the nitty gritty of operations, perhaps akin to the way the White House National Security Council (where Brennan has served more recently) has done the same with operations, in part to bypass oversight. If Brennan wants to make it easier to hold officers accountable for fuck-ups, great. But if Brennan wants to make it easier to conduct ill-considered operations without a grown-up objecting, it’ll lead to more problems from the CIA.
Alfreda Bikowsky has been the model of the analyst-who-sticks-her-nose into the operations function that seems to be the goal here. The CIA thinks she’s great, but she’s also the poster child for hackishness, abuse, and in some cases obstinate stupidity. I wish Brennan the best of luck in making CIA a more effective agency. I just hope he doesn’t end up making it still more problematic.
Man, I must have written about this letter Ron Wyden sent to John Brennan during his confirmation process 15 times (of which just a few are linked below). Which is why I’m so fascinated by the back and forth between Wyden’s office (the staffer’s name is redacted) and ODNI, largely Bob Litt, both before and after Wyden sent the letter on January 14, 2013. (Many many kudos to Zack Sampson who FOIAed it through MuckRock.)
Wyden’s office submitted the letter for a declassification review on January 11, 2013. Wyden’s office did not get an answer before he sent it. And on January 15, Bob Litt complained,
I have a concern that there are several references in this letter that are not only classified but compartmented.
So the staffer writes back letting Litt know that he or she had unclassified comments by Executive Branch officials for all the references, and he or she will happily share it. To which Litt responded (on January 17),
Although I am dubious, since there are statements in there that assume as fact things that we have recently succeeded in convincing a judge remain classified, I’ll take a look.
It went on for a while (the email thread is from page 21 to 24), with Litt complaining some more, promising Brennan wouldn’t answer questions about it, and the staffer ultimately pointing out that the reason they keep asking publicly is because ODNI won’t provide answers even in classified form (this exchange precedes Clapper’s lies about the dragnet — about which most of the other documents released under this FOIA pertain — by two months).
What Litt was talking about, clearly, was the Administration’s killing of Anwar al-Awlaki, the memos authorizing which Judge Colleen McMahon, citing Alice in Wonderland for the bizarreness of it all, had just ruled remained exempt from FOIA on January 2, 2013.
In other words, Litt was suggesting that Wyden should not have said the following — which cites McMahon!! — because McMahon had ruled that the government did not have to give the OLC memos authorizing the Awlaki killing to ACLU and NYT, which is rather different from ruling they didn’t have to share such information with the Intelligence Committee or claiming that Wyden could not refer to official comments in a letter to someone who made those comments because citing back those comments made them classified.
I have asked repeatedly over the past two years to see the secret legal opinions that contain the executive branch’s understanding of the President’s authority to kill American citizens in the course of counterterrorism operations. Senior intelligence officials have said publicly that they have the authority to knowingly use lethal force against Americans in the course of counterterrorism operations, and have indicated that there are secret legal opinions issued by the Justice Department’s Office of Legal Counsel that explain the basis for this authority. I have asked repeatedly to see these opinions and I have been provided with some relevant information on the topic, but I have yet to see the opinions themselves.
Both you and the Attorney General gave public speeches on this topic early last year, and these speeches were a welcome step in the direction of more transparency and openness, but as I noted at the time, these speeches left a large number of important questions unanswered. A federal judge recently noted in a Freedom of Information Act case that “no lawyer worth his salt would equate Mr. Holder’s statements with the sort of robust analysis that one finds in a properly constructed legal opinion,” and I assume that Attorney General Holder would agree that this was not his intent.
As Wyden noted, both Brennan and Holder had given big dog-and-pony shows that were clearly about killing Awlaki, and yet Bob Litt wanted to prevent Wyden from pressuring Brennan to turn over the actual legal authorizations to the Intelligence Community’s oversight committee? Really?
Ah well, it all worked out for the forces of good, as when the Committee threatened to hold up Brennan’s confirmation, someone leaked the White Paper to Mike Isikoff that therefore had to be shared with Jason Leopold that ultimately led McMahon to liberate the opinions themselves.
Which is probably precisely what Bob Litt was worried about.
Back during John Brennan’s confirmation process, I noted he got zero questions about cybersecurity, in spite of the fact that that is a big part of the portfolio of the White House Homeland Security Czar (as has been made evident by Lisa Monaco’s central role in the Sony hack response).
Since then, John Brennan permitted his subordinates to hack the email accounts supposedly designated for the Senate Intelligence Committee’s designated use.
Those are both reasons you should be concerned by the news that — as part of a larger “subject matter” reorganization of CIA, Brennan wants to hack.
U.S. officials said Brennan’s plans call for increased use of cyber capabilities in almost every category of operations — whether identifying foreign officials to recruit as CIA informants, confirming the identities of targets of drone strikes or penetrating Internet-savvy adversaries such asthe Islamic State.
Several officials said that Brennan’s team has even considered creating a new cyber directorate — a step that would put the agency’s technology experts on equal footing with the operations and analysis branches that have been pillars of the CIA’s organizational structure for decades.
All the more so given that neither all of the Intelligence Committees nor NSA’s leadership knows what Brennan is up to.
Brennan provided only broad outlines of his plan in recent congressional meetings that excluded all but the four highest-ranking members of the House and Senate intelligence panels. A senior U.S. intelligence official said that some senior NSA executives remain in the dark on Brennan’s cyber ambitions.
But then, if all of SSCI knew what Brennan was up to, I guess it’d be harder for him to hack them in the future.
This is a detail I’ve meant to post on for some time, but the discussion of ODNI’s latest on leaks has finally prompted me to point to this detail.
As part of the standard questionnaire for Intelligence Committee nominees, Rasmussen was asked if he had been interviewed in the last 10 years in a leak investigation (question 42). He responded that he had been interviewed in two investigations:
The latter one is likely to be the 2014 investigation into who leaked a terrorist watch list document to the Intercept. Rasmussen would clearly be among the (as he describes it “large number of people who had access by virtue of position to the information that was reportedly compromised.”
It’s the other investigation I’m interested in. The best known “disrupted” terrorist plot in 2010 was the AQAP toner cartridge plot. And while it could be a different thwarted plot (like Faisal Shahzad’s attack, though not much got leaked about it except from Pakistan), no one has ever reported an investigation into that, even though aspects of that leak largely resembled the UndieBomb 2.0 leak that DOJ subpoenaed the AP over.
But I’m just as struck by Rasmussen’s silence about the UndieBomb 2.0 leak investigation. Rasmussen remained at the same counterterrorism position in the White House until June 2012, through the UndieBomb 2.0 leak. Unless those investigations merged (which might explain why they were investigating a 2010 leak in 2013), it would seem to suggest that Rasmussen was not read into the UndieBomb 2.0 infiltration, in spite of its significant similarities to the Toner Cartridge infiltration.
By way of comparison, here’s how John Brennan answered the same question (he was going to be interviewed on the UndieBomb 2.0 leak during his confirmation process).
The comparison raises the same questions: There’s no way Brennan wasn’t read into whatever 2010 thwarted attack got compromised, because he would have been read into everything (he was a key point person on both the Faisal Shahzad attack, and did a big dog-and-pony show around the Toner Cartridge plot).
Were Rasmussen and Brennan just discussing the same investigation, into how details of double agents in AQAP kept getting exposed (in large part, by our Saudi and AQAP allies). In any case, was Rasmussen not interviewed in the latter part, in which case it would suggest the compartment for the latter was much more closely held?
Katherine Hawkins has a very good review of the results of the CIA IG Report and “Accountability Review Board” over the Senate Intelligence Committee staffers’ access to CIA documents on torture; you should read the whole thing. Hawkins points out that the CIA’s own review of the Torture Report admitted it needs to approach individual failures from a broader systemic approach, but that their treatment of this issues shows they continue to fail to do so.
While the CIA’s official response to the Senate torture report acknowledges “significant shortcomings in CIA’s handling of accountability” for failures and abuses that occurred during the rendition and black site program, it still does not recommend any corrective action. The response instead states that the agency “do[es] not believe it would be practical or productive to revisit any [rendition, detention and interrogation program]-related case so long after the events unfolded,” thinking it sufficient to say:
Looking forward, the Agency should ensure that leaders who run accountability exercises do not limit their sights to the perpetrators of the specific failure or misconduct, but look more broadly at management responsibility and more consistently at any systemic issues … [N]o board should cite a broader issue as a mitigating factor in its accountability decision on an individual without addressing that issue head on.
The CIA Accountability Board’s December report on the agency’s search of Senate computers is the first test of whether these reforms have any meaning or effect. And the answer is: they do not.
Critically, Hawkins points to something the ARB ignores: the rationalization the CIA General Counsel lawyer used to justify searching the Senate side of the RDI server hosting the torture documents. She describes how this lawyer justified treating Senate Intelligence Committee staffers doing their job as criminals.
[T]he CIA lawyer assigned IT staff to search Senate staffers’ side of RDINet, the computer network that staffers used to review documents for the torture study. The attorney presents himself as having not only the legal right, but also the duty, to take these actions because of the CIA’s statutory obligation to protect “sources and methods.”
Incredibly, the Accountability Board report repeatedly cites the need to preserve the CIA’s relationship with the Senate as a justification for searching Senate computers without informing the committee. The board writes that the initial search was “reasonable given the embarrassment to the Agency and harm to the Agency-SSCI relationship that would have resulted from a false allegation.” Further searches were “reasonable” because “this was no normal potential security problem; it involved the United States Senate,” which made it more important to “have explored all alternatives and possible solutions before the problem was confirmed and the D/CIA would have raised it with Senate leaders.”
But the CIA lawyer’s memo makes it very clear that the purpose of not informing the Senate was not to verify evidence and explore alternatives — which could have been accomplished through dialogue with the committee. The purpose was to gather evidence for a potential criminal prosecution of Senate staff, before Senators could protest or staff could “get their stories straight.” The agency went on to file an inaccurate crimes report against Senate staff with the Department of Justice — a fact that the Accountability Board does not dispute, but barely acknowledges. It is hard to think of anything that could be more damaging to the oversight relationship that the CIA and the White House claim to value so highly. But the Accountability Board fails to identify who was responsible for the inaccurate report to DOJ, fails to recommend that anyone be disciplined for it, and fails to recommend any safeguards against a repetition of the incident.
As Hawkins summarizes, the crime report was based off a flaw in the Google search that CIA’s own contractor had built into the system.
On February 7, 2014, the CIA’s Acting General Counsel Robert Eatinger (whose name is redacted from the OIG report) filed a crimes report against Senate staff with the Department of Justice. The OIG report found that the crimes report “was unfounded,” in part because Eatinger “had been provided inaccurate information on which the letter was based.” In particular, the OIG wrote:
[T]he crimes report stated that SSCI staffers might have exploited a software vulnerability on RDINet to obtain access to the [Panetta Review documents], in violation of the Computer Fraud and Abuse Act … The report was solely based on inaccurate information provided by the two [Office of the General Counsel] attorneys [to the Office of Security].
The OIG report found that there was indeed “a vulnerability” with the Google search tool that the CIA provided to the committee, which was “not configured to enforce access rights or search permissions within RDINet and its holdings” from 2009 to April 2013. But contrary to the CIA lawyer’s memorandum and the crimes report to DOJ, OIG found no evidence that Senate staff had deliberately “exploited” this flaw until CIA personnel “confronted them” with inappropriately accessed documents. Rather, it was SSCI staff who brought the vulnerability to the CIA’s attention. On November 1, 2012, a SSCI staff member alerted CIA staff that the search tool “was indexing the Majority staff work product on a shared drive,” and asked them to make it stop. The CIA did not act on this request for months. Then in 2013, a SSCI staff member requested “a number of detainee videos not provided to the SSCI by the CIA,” based on a spreadsheet that a CIA employee recognized as being from the Panetta Review. After this incident, in April 2013, CIA IT staff finally discovered and repaired the flaw with the Google search tool.
In other words, CIA set up an expensive server, accessed by Google searches, so SSCI staffers could do their job. And then tried to get them prosecuted for using what turned out to be a flaw in that Google search function.
There’s just one question Hawkins leaves out of this. This entire server set-up (as well as multiple contractor reviews of each document) reportedly accounts for the bulk of the $40 million the Torture Report cost to complete.
But it apparently didn’t even accomplish the function it was supposed to (or did it?). Why is CIA trying to prosecute oversight rather than reclaiming some chunk of that $40 million?