How CIA Criminalized a Senate Staffer Google Search
Katherine Hawkins has a very good review of the results of the CIA IG Report and “Accountability Review Board” over the Senate Intelligence Committee staffers’ access to CIA documents on torture; you should read the whole thing. Hawkins points out that the CIA’s own review of the Torture Report admitted it needs to approach individual failures from a broader systemic approach, but that their treatment of this issues shows they continue to fail to do so.
While the CIA’s official response to the Senate torture report acknowledges “significant shortcomings in CIA’s handling of accountability” for failures and abuses that occurred during the rendition and black site program, it still does not recommend any corrective action. The response instead states that the agency “do[es] not believe it would be practical or productive to revisit any [rendition, detention and interrogation program]-related case so long after the events unfolded,” thinking it sufficient to say:
Looking forward, the Agency should ensure that leaders who run accountability exercises do not limit their sights to the perpetrators of the specific failure or misconduct, but look more broadly at management responsibility and more consistently at any systemic issues … [N]o board should cite a broader issue as a mitigating factor in its accountability decision on an individual without addressing that issue head on.
The CIA Accountability Board’s December report on the agency’s search of Senate computers is the first test of whether these reforms have any meaning or effect. And the answer is: they do not.
Critically, Hawkins points to something the ARB ignores: the rationalization the CIA General Counsel lawyer used to justify searching the Senate side of the RDI server hosting the torture documents. She describes how this lawyer justified treating Senate Intelligence Committee staffers doing their job as criminals.
[T]he CIA lawyer assigned IT staff to search Senate staffers’ side of RDINet, the computer network that staffers used to review documents for the torture study. The attorney presents himself as having not only the legal right, but also the duty, to take these actions because of the CIA’s statutory obligation to protect “sources and methods.”
Incredibly, the Accountability Board report repeatedly cites the need to preserve the CIA’s relationship with the Senate as a justification for searching Senate computers without informing the committee. The board writes that the initial search was “reasonable given the embarrassment to the Agency and harm to the Agency-SSCI relationship that would have resulted from a false allegation.” Further searches were “reasonable” because “this was no normal potential security problem; it involved the United States Senate,” which made it more important to “have explored all alternatives and possible solutions before the problem was confirmed and the D/CIA would have raised it with Senate leaders.”
But the CIA lawyer’s memo makes it very clear that the purpose of not informing the Senate was not to verify evidence and explore alternatives — which could have been accomplished through dialogue with the committee. The purpose was to gather evidence for a potential criminal prosecution of Senate staff, before Senators could protest or staff could “get their stories straight.” The agency went on to file an inaccurate crimes report against Senate staff with the Department of Justice — a fact that the Accountability Board does not dispute, but barely acknowledges. It is hard to think of anything that could be more damaging to the oversight relationship that the CIA and the White House claim to value so highly. But the Accountability Board fails to identify who was responsible for the inaccurate report to DOJ, fails to recommend that anyone be disciplined for it, and fails to recommend any safeguards against a repetition of the incident.
As Hawkins summarizes, the crime report was based off a flaw in the Google search that CIA’s own contractor had built into the system.
On February 7, 2014, the CIA’s Acting General Counsel Robert Eatinger (whose name is redacted from the OIG report) filed a crimes report against Senate staff with the Department of Justice. The OIG report found that the crimes report “was unfounded,” in part because Eatinger “had been provided inaccurate information on which the letter was based.” In particular, the OIG wrote:
[T]he crimes report stated that SSCI staffers might have exploited a software vulnerability on RDINet to obtain access to the [Panetta Review documents], in violation of the Computer Fraud and Abuse Act … The report was solely based on inaccurate information provided by the two [Office of the General Counsel] attorneys [to the Office of Security].
The OIG report found that there was indeed “a vulnerability” with the Google search tool that the CIA provided to the committee, which was “not configured to enforce access rights or search permissions within RDINet and its holdings” from 2009 to April 2013. But contrary to the CIA lawyer’s memorandum and the crimes report to DOJ, OIG found no evidence that Senate staff had deliberately “exploited” this flaw until CIA personnel “confronted them” with inappropriately accessed documents. Rather, it was SSCI staff who brought the vulnerability to the CIA’s attention. On November 1, 2012, a SSCI staff member alerted CIA staff that the search tool “was indexing the Majority staff work product on a shared drive,” and asked them to make it stop. The CIA did not act on this request for months. Then in 2013, a SSCI staff member requested “a number of detainee videos not provided to the SSCI by the CIA,” based on a spreadsheet that a CIA employee recognized as being from the Panetta Review. After this incident, in April 2013, CIA IT staff finally discovered and repaired the flaw with the Google search tool.
In other words, CIA set up an expensive server, accessed by Google searches, so SSCI staffers could do their job. And then tried to get them prosecuted for using what turned out to be a flaw in that Google search function.
There’s just one question Hawkins leaves out of this. This entire server set-up (as well as multiple contractor reviews of each document) reportedly accounts for the bulk of the $40 million the Torture Report cost to complete.
But it apparently didn’t even accomplish the function it was supposed to (or did it?). Why is CIA trying to prosecute oversight rather than reclaiming some chunk of that $40 million?