Sometimes, the abyss stares back

After the 9/11 attacks, many people who had little or no experience in counterterrorism were casting about fearfully and desperately for ways to prevent another attack. We're aware of many of their mistakes, but this one certainly is in a category all by itself:

The military trainers who came to Guantánamo Bay in December 2002 based an entire interrogation class on a chart showing the effects of “coercive management techniques” for possible use on prisoners, including “sleep deprivation,” “prolonged constraint,” and “exposure.”

What the trainers did not say, and may not have known, was that their chart had been copied verbatim from a 1957 Air Force study of Chinese Communist techniques used during the Korean War to obtain confessions, many of them false, from American prisoners.

Two things make this incident particularly odious. First, of course, there's the idea that US officials would copy the interrogation techniques used by our enemies in the Cold War. However, you might give them the benefit of the doubt if the methods actually worked.

However, it's important to understand exactly what these techniques were designed to do. Controlling behavior, not eliciting accurate intelligence, was the goal. The Soviets had applied similar techniques long before the Cold War had started, in many cases to get public confessions from "counter-revolutionaries," who in most cases were just people unlucky enough to lose Stalin's trust, but gain his attention. Foreign nationals, such as the leaders of the WWII Polish underground (pictured here), and captured American pilot Francis Gary Powers, were also the subjects of show trials.

Public political points, not the quiet gathering of accurate intelligence, was the endgame for techniques like "Semi-Starvation," "Exploitation of Wounds," and "Filthy, Infested Surroundings." In fact, these methods made it harder to get reliable information from the victims, since they were so broken down that they were eager to tell their captors whatever they wanted to hear.

During the Cold War, anti-communists in the West pointed to show trials and brutal interrogations as evidence that the USSR and other communist regimes were an evil on par with Hitler. While we might dicker over who deserves the "Most Evil" title, Hitler or Stalin, it's enough to say that the anti-communists were correct. Books like Darkness At Noon, Animal Farm, and The Gulag Archipelago gained talismanic power because they described an evil that needed to be confronted. They were never written to be how-to manuals.

If you think that I'm expending a lot of words on what may have been just the horrendous bad judgment of one Guantanamo Bay "instructor," I'll just add this final observation that might make these words worthwhile. Excessive secrecy has not been protecting interrogation methods that work. Instead, they have been keeping the public eye from seeing exactly how unprepared, unprincipled, and ineffective some of the people on the "front lines" against Al Qaeda have been.

[P.S. For those who don't know me, such as someone who posted in the comments section of one of yesterday's posts, I make these arguments as a person who spent a good part of his adult life worried that Americans were not taking the threats of terrorist and guerrilla groups seriously enough. I also worried that Americans did not realize how dreadfully unprepared the US was to fight these enemies. Unfortunately, after 2001, a lot of people who knew next to nothing about these forms of warfare devised strategies that they argued were necessary and effective, but have proved exactly the opposite.]

Now hear this

Some excellent podcasts recently that deserve your attention:

• From This American Life, the most screwed-up terrorism prosecution imaginable. It's so screwed up that it's hard to figure out exactly what happened.
• Also from This American Life, a journalist discovers that he's the target of a warrantless wiretap.
• From Spycast, the International Spy Museum's podcast, a veteran counterterrorism professional talks about the nature of the terrorist threat and the self-imposed problems the United States has in fighting it.

There's a common theme among these three podcasts. Whoever the next President will be, whatever the face of the next Congress, the question people will be asking in 2009 is, "How on earth did we waste eight years combating terrorist groups? And how do we hold people accountable for screwing around?"

Tourist intelligence

If you're ever in the DC area, I strongly recommend visiting the International Spy Museum. Don't worry about the hokey "You're a spy now" introduction. There's a lot of more substantive stuff to come.

Be sure to look through the book section of the gift shop. I dare you to walk away without buying a book you didn't know existed and now need to have.

The FBI's NSL FUBAR

To no one's surprise, the FBI abused the expanded powers for domestic surveillance granted by the PATRIOT Act.

In a review focusing on FBI investigations in 2006, Justice Department Inspector General Glenn A. Fine found numerous privacy breaches by the bureau in its use of national security letters, or NSLs, which allowed the FBI to obtain personal information on tens of thousands of Americans and foreigners without approval from a judge.

Why NSLs are a BFD
If you need a refresher, NSLs gave the FBI the ability to poke around your personal information, such as finances, e-mail, and telephone calls, without the approval of a judge, grand jury, or even a prosecutor. Worse, if you are involved in this collection--for example, as an employee of a phone company turning over your cell phone records--you could not discuss the NSL with anyone. No asking your supervisor or lawyer whether this request was proper and legal, and most of all, no telling the target about the records search.

In 2007, a federal judge struck down the NSL portion of the PATRIOT Act. However, the decision dealt with the principle behind NSLs; it did not answer the question, How often did the FBI abuse this power?

The Inspector General's report expands the story beyond the less-than-credible internal FBI investigation:

According to Fine's report, the FBI continued to rely heavily on national security letters in counterterrorism, counterintelligence and cybercrime investigations, issuing nearly 50,000 of the documents in 2006 alone. Nearly 200,000 were issued from 2003 through 2006, the report said, and were used in a third of all FBI national security probes during that time.

Even more important than the scope of abuse is its cause:

The pattern persisted in 2006, Fine concluded in the report issued today, in part because the FBI had not yet halted the shoddy recordkeeping, poor oversight and other practices that contributed to the problems. He also said it was unclear whether reforms enacted by the Justice Department and FBI last year will address all the issues identified by his investigators.

So much for technology
It's worth digging into some details of that "shoddy recordkeeping." A few years ago, you probably skipped any articles about the FBI's problems implementing a "case management system." However, this story, which got no attention outside a few journals that cover computer technology in the federal government, is perhaps one of the best examples of how things went horribly wrong with counterterrorism during the Bush years.

Since most people haven't heard of a case management system before, here's a quick explanation of what it is. Many legal and government jobs are all about opening and closing cases. For example, a lawyer needs an efficient way to collect and organize the information about a particular court case. At the same time, that lawyer's boss is scrutinizing how quickly and effectively the lawyer handles the case, so the case management has an important managerial function as well. The case management system, for everyone from trial lawyers to FBI agents, is where that person spends a large, important amount of time each day. (If you want more information about what these applications do, click here for the American Bar Association's ratings for various case management systems.)

For several years, the FBI tried, and ultimately failed, to implement a case management system. The following headlines from Government Computer News give a nice summary of what happened:

• FBI plans to build new case management system from scratch (12/30/04)
• Senators fume as FBI admits Trilogy foul-ups (02/04/05)
• Cold case (03/07/05)
• FBI takes another swing at case management with Sentinel system (05/24/05)
• Report: FBI ‘scrambling’ to launch case file system (06/06/05)
• Justice, FBI to overhaul fingerprint and case management systems (08/29/05)

As the FBI's case management project crashed into a brick wall, the FBI kept on issuing NSLs at a furious rate--200,000 between 2003 and 2006, according to the Inspector General's report.

Last year, the FBI finally announced that it was ready to launch the new system, six years after the 9/11 attacks. The old case management system, based on 1970s-era technology, was already a failure, since many FBI employees avoided spending time entering data into it. (That's a familiar problem, by the way, with many systems that ask people to stop what they're doing and type up their notes.) All talk about "service-oriented architecture features that facilitate information exchange among law enforcement systems" aside, there's still an open question about getting people in the FBI to use any system, new or old.

If this were the only example of information technology (IT) projects in the FBI that went south, you might chalk it up to bad luck, peculiar difficulties with this sort of system, or the team working on that particular project. However, the FBI has fumbled many IT projects, including the useless terrorist watch list database. In 2007, another Justice Department IG report found that the FBI was losing laptops at a rate of 2.6 per month.

So, let's summarize:

• The Bush Administration pushed to expand the warrantless surveillance powers of the executive branch.
• The "point of the spear," the FBI, has depended on antiquated systems to store, secure, and analyze this information--when FBI employees were using these systems at all.
• A major overhaul of the case management system, needed to track sensitive information collected via NSLs and other mechanisms, was a long, expensive failure.
• There's no evidence that the White House put pressure on the Justice Department to fix these problems.

Should the results be a surprise?

There are certainly people to blame, such as the Chief Information Officer of the FBI, Zalmai Azmi. However, as implied in the bulleted list above, it's also up to the President and his staff to pay attention to these details. It's also important for the US public to mind these details more carefully. Millions of taxpayer dollars spent, thousands of breaches of privacy, and not one terrorist attack stopped.

"Endemic surveillance"

It's clear from this analysis that countries electronically monitor their own citizens because they want to, not because they can.

The top tier, evocatively named "endemic surveillance societies," include Russia, China, the United Kingdom, France, Singapore, Malaysia, Thailand, Singapore, and the United States. If surveillance were merely a matter of capability ("Hey, we have all this eavesdropping technology already manufactured or widely sold in this country--let's put it to use!"), you'd expect more European countries, and perhaps Canada, to appear on the list.

Instead, political considerations seem to be behind "endemic surveillance." The countries in the top tier fall somewhere on a continuum between concerns about terrorism (say, the UK) and an interest in maintaining internal political controls (for example, China). Surveillance at this level isn't free, so you'd expect motivation, not capacity, to be a key factor.

The good news is that terrorist attacks don't automatically inspire a high level of eavesdropping. Countries like Canada, Italy, Spain, and Germany have certainly had their fill of terrorism; however, they haven't jumped to the highest level of surveillance because of potential "enemies in our midst." They also have a pretty good record of fighting terrorism, so it would be wrong to conclude that it's only the counterterrorism milquetoasts who stay away from heavy surveillance. On the flip side, it'd be hard to say that Russia has an admirable counterterrorism record.)

In a way, this Privacy International study is good news. The science fiction writer David Brin argued that endemic surveillance is a technological inevitability, to the point where privacy will cease to exist. The facts appear to contradict Brin: many societies choose not to monitor their own citizens, even though they could purchase and deploy the necessary technology.

Among some of the happier conclusions from this study: "The privacy performance of older democracies in Europe is generally failing, while the performance of newer democracies is becoming generally stronger." In other words, the less jaded you are about democracy, the more likely you are to protect privacy rights. Something worth remembering during the campaign season here in the United States.

[Thanks to Lawyers, Guns, and Money for the pointer.]

Revenge of the Gosslings

One side of the missing interrogation tapes story that hasn't been discussed enough is the following question: To what extent is the culture of the "new CIA" to blame?

By the "new CIA," I mean the infusion of less experienced but politically orthodox employees that spiked when Porter Goss became Director. In 2005, Goss' appointment started a wave of resignations, including some very senior, very experienced people from the covert action side of the CIA. Goss and his entourage had been hostile to the traditional Agency for years; seeing them walking in the front door, many career CIA employees decided to exit through the back.

Goss may be gone, but his legacy remains. A decade or so ago, the people who worked at the CIA inherited generations of experience at spycraft. That legacy was often quite literal: some CIA operatives were the children of former operatives. The CIA's history was definitely marred by major errors, from the failure to predict the collapse of the USSR to the immoral testing of LSD on unwitting subjects. Still, the Agency learned some of the important lessons from its successes and failures; certainly, the decades of institutional experience were a vital commodity.

The Agency also learned the inevitability of legal discovery. From the Church Committee through the FBI probes in the 1990s, CIA employees have had ample reminders that their actions might fall under legal scrutiny.

However, that's probably not the expectation of the "Gosslings." Instead, many of them brought to the Agency the "pull no punches, be bound by no law" attitude that the Bush Administration encouraged throughout the executive branch.  In other words, some of the people who might have been involved in the decision to destroy the interrogation tapes were guided not by decades of hard-won CIA experience, but the fantasies of the Fox scriptwriters behind the 24 TV series.

It's therefore pointless for Porter Goss to throw up his hands and claim that he had nothing to do with the destruction of the tapes, any more than Henry II could be held blameless for wishing aloud that something would be done about that meddlesome priest.

Interrogation that works

This excellent op-ed piece by Stuart Herrington describes how interrogation really works:

In interrogation centers I ran, we called prisoners "guests" and extended military courtesies, such as saluting captured officers. We strove to undermine a prisoner's belief system, which we knew instructed him that Americans are unschooled infidels who would bully him and resort to intimidation, threats and brutality. Patience was essential. We rejected the view that interrogators could merely "take off the gloves" and that information would somehow magically flow if we brutalized our "guests." This notion was uninformed and counterproductive, not to mention illegal, and we made sure our chain of command understood that bowing to such tempting theories would result in bad information.

In other words, you want to "turn" someone, to increase the amount and reliability of information. You don't want to turn them into someone who will lie to you, just to get the excruciating pain to stop. If you doubt Herrington, first go read his book about his experience as a military intelligence professional during the Vietnam War (link to your right).

[Thanks to Misfire! Misfire! Misfire! for the pointer.]

The best spies money can buy?

Let's hope that we see more attention paid to the "outsourcing" of US intelligence gathering and analysis. Just as Americans were unpleasantly surprised to learn how many military tasks, such as piloting Predator drones, were handled by civilian contractors, they're likely to be just as flabbergasted that a rapidly increasing number of intelligence functions are now privatized.

Worse, the argument is often no more specific than, "The competition of the private sector is more likely to produce better results than a bunch of civil servants." If there were more of a "business case" to let businesses handle American spycraft, the $1 billion of privatized line items in the latest Defense Intelligence Agency budget might have a bit more specificity:

The DIA did not specify exactly what it wants the contractors to do but said it is seeking teams to fulfill "operational and mission requirements" that include intelligence "Gathering and Collection, Analysis, Utilization, and Strategy and Support." It holds out the possibility that five or more contractors may be hired and promised more details on Aug. 27.

If you want to see if your vague feelings of unease about intelligence privatization have any justification, read RJ Hillhouse's blog, The Spy Who Billed Me. Hillhouse, who has been a voice in the wilderness on this issue, details the risks, such as the possible slanting of the President's daily briefing. Judge for yourself how serious these risks are.

Privatization of government functions does not get the skeptical questioning it should, particularly when we're talking about fundamental national security responsibilities. Here's a slow softball pitch to the Congressional Democrats: demand that privatization be doubted, not automatically granted the benefit of the doubt.

Security? Just say no.

The US attorney imbroglio wouldn't normally be a topic for a blog about national security. However, at least one revelation in the last few days does have a serious national security dimension.

To avoid discovery, in the legal sense of the term, White House officials, including Karl Rove, have been using outside e-mail accounts, on mail servers maintained by the Republican National Committee. While that statement sinks in, here's a quote from a White House employee:

"We just got a bit lazy," said one aide. "We knew E-mails could be subpoenaed. We saw that with the Clintons but I don't think anybody saw that we were doing anything wrong."

Actually, I think they had the Iran-Contra scandal in mind, more than the Clintons. Remember when Oliver North et al. thought they had deleted messages from the internal mail system, only to discover that archived copies of them still existed?

Legal matters aside
There may be good legal reasons why people in the White House should never, never use outside e-mail to conduct government business. Some observers have cited the 1978 Presidential Records Act, which in a post-Watergate world, clearly intended to preserve even the most embarrassing content. If content is maintained outside US government systems, the risk of losing this information to posterity runs pretty high.

Unfortunately, there's a bit of wiggle room in the Act, which has exemptions for "personal records," which include "materials relating to private political associations, and having no relation to or direct effect upon the carrying out of constitutional, statutory, or other official or ceremonial duties of the President" and "materials relating exclusively to the President's own election to the office of the Presidency; and materials directly relating to the election of a particular individual or individuals to Federal, State, or local office, which have no relation to or direct effect upon the carrying out of constitutional, statutory, or other official or ceremonial duties of the President." It seems doubtful that these exemptions were intended to cover 95% of the communications from the President's Political Advisor, however, which fairly describes how often Karl Rove used these RNC e-mail accounts.

While there are other laws that the Administration may have broken here, the legal issues aren't necessarily the biggest problem with outside e-mail use. National security could be easily and severely compromised.

Communications insecurity
You don't have to be someone like me, working on the software business, to know the potential security risks with e-mail. Instead of getting into technical details, I'll tell you how information technology (IT) departments treat situations like this one. I've worked with hundreds of IT professionals who are very concerned that people in their organizations are using outside e-mail like Yahoo! and Gmail, outside file storage on services like XDrive, outside chat systems like AOL Instant Messaging, and outside web conferencing services like WebEx. (Here's a decent summary of the e-mail security problems, if you're interested.)

Without saying how secure these services are, they are definitely not designed for a high-security environment. There's also the problem of security "along the wire." An outside e-mail service might be very secure, but the connection between your PC or Blackberry might not be. (That statement definitely applies to text messages, which White House staffers were also using to communicate.)

Companies worry that trade secrets might be exposed, or they might be violating regulations about the confidentiality of financial information (see the SEC restrictions on what companies can communicate during quiet periods). HR departments, insurance companies, and health care providers can face serious legal penalties if they accidentally expose private medical information.

Need I go on? Let's just say, outside communication and collaboration services are a big source of anxiety in IT departments. Sure, there are companies in the security business who overstate the threats. However, the threats are quite real. If DoD employees can't install software on their own computers, why should White House staffers be using their Blackberries to read e-mail on the RNC's e-mail servers, with God only knows how good security on the server or on the wireless connection to it?

Multiple levels of information security
No one should have to make the argument that the White House needs to be at least as secure in its communications as an electronics retailer or a hospital chain. In fact, it needs to be more secure, in part because of the accidental ways people might divulge important secrets without realizing it. While most people focus on the first-order secrets, the direct documentation of decision-makers' statements or policies, the threat of indirect, second-order disclosure is just as dangerous.

Take, for example, the Japanese surprise attack on Pearl Harbor. A number of indirect clues that the Japanese were going to take some kind of aggressive action existed. The negotiations between Japan and the United States had stopped. The bulk of the Japanese navy, most critically its carriers, were not in port. Japanese diplomats were destroying documents. As shown in the Russo-Japanese war and other conflicts, the Japanese pattern was to mobilize, strike, and then declare war. Scholars continue to debate whether the US government should have been better prepared for the attack because the warning signs were certainly there.

Flash forward to the present day, when White House staffers have their daily work perturbed by counterterrorism, the war in Iraq, and any number of other high-security questions. Even if someone eavesdropping on RNC e-mail accounts couldn't find a "smoking gun" document about (speaking hypothetically here) a secret understanding between the US and North Korean governments, someone could infer the existence of such a deal through these kinds of second-order clues. Which top officials were out of the office on particular days? Were White House officials sending lots of messages to anyone used as back channel conduit for discussions with the DPRK? Was anyone asking for a briefing on particular legal or diplomatic issues that might point towards a secret US-DPRK deal?

Of course, it's the height of absurdity and hypocrisy for the Justice Department to be using outside channels of communication. On the one hand, the DOJ is involved in highly secret counterterrorism investigations and prosecutions. On the other hand, some key DOJ officials may have been using text messaging and outside e-mail servers to communicate.

An obvious conclusion
We can spend the next several years tied up in knots over the legal issues involved. It can take less than five minutes of reflection to determine that someone in the White House needs to be fired for jeopardizing national security in this fashion.

No Arabic speakers need apply

IN THE NEWS
From Poliblogger comes this jaw-dropping Washington Post story. Apparently, the FBI still hasn't recruited more Arabic speakers:

Five years after Arab terrorists attacked the United States, only 33 FBI agents have even a limited proficiency in Arabic, and none of them work in the sections of the bureau that coordinate investigations of international terrorism, according to new FBI statistics.

As Poliblogger notes, what makes this story doubly infuriating is how it came to light. An Egyptian-born agent--one of the few who can speak Arabic, apparently--sued the FBI because he was cut out of terrorism-related cases. If he hadn't sued, it's not clear when someone might have noticed that the FBI is as about as proficient at monitoring or interviewing Arabic-speaking suspects as, oh, they were before the 9/11 attacks. Accountability, anyone?

Deliberately vague

IN THE NEWS
Dahlia Lithwick at Slate makes an obvious point: perhaps it's not a good idea to have too specific a definition of torture.

Or perhaps we shouldn't be having this discussion at all. When Americans are chewing over the proper definitions of torture, we're in a bad, bad place.

And no, the 9/11 terrorists did not put us there. We did it to ourselves. There are no ticking bombs that can be found and dismantled. There are people who mean us harm, and there are people in indefinite American custody. Most of the people in the latter category do not belong to the former. The minority of prisoners who may be involved with Al Qaeda or its allies don't have knowledge of imminent attacks.

Al Qaeda is like any terrorist organization: it hopes for an overreaction. Al Qaeda's leaders want Americans are more afraid than they should be. They want the US government to take reckless, violent measures that are as offensive as they are unjustified.  They're probably very happy to see Americans having a debate that should never have happened in the first place.

ADDENDUM: The fellows at Lawyers, Guns, and Money make an excellent point: the Constitution is written deliberately to be far less than specific on most points, as are many laws that extend from these constitutional axioms. There are plenty of reasons to be unspecific, when you're trying to deter the worst forms of behavior.

Trust us

IN THE NEWS
Trust us is about all President Bush can say to defend warrantless wiretaps, waterboarding, indefinite detentions, and other post-9/11 measures. Matt Lauer's questions are surprisingly pointed, and he politely but firmly continues his line of questioning. Well worth watching: the suspense around whether Bush is going to stab Lauer through the chest with his finger is nearly unbearable.

Distrust of government

IN THE NEWS
The theft of personal data about 26.5 million US veterans makes the point more eloquently than I did the other day: it's better not have to trust the federal government with private information by keeping it out of the hands of government officials.

Government's wicked ways

IN THE NEWS
I noticed, after commenting on Armchair General's escapade with his car insurance, that he had updated his original post. The General feels better that the USAA representative assured him that the extra information the company requested was purely for their own records, and that they wouldn't possibly share private information with the federal government.

Uh, right. Much like the gigantic database of phone calls won't be used to retaliate against reporters and their sources. To quote Peter Cushing's character (the consummate bad bureaucrat, Grand Moff Tarkin) in Star Wars, "You're far too trusting."

I know the General was trying to make the best of a bad situation, but this anecdote illustrates how far Americans have come from their political roots. Clearly, the Bush Administration's MO is, Trust us as much as humanly possible. However, this country was founded on the principle that government is inherently untrustworthy. Even the most well-intentioned policies are subject to abuse.

Rather than use an example you might expect (say, something to do with the NSA's warrantless wiretaps), I'll cite welfare as a good example. Back in the day when conservatives were people who were skeptical about big government, many conservative thinkers, such as William F. Buckley, said that welfare programs were corrosive to the spirit. They had a point: being on welfare meant opening everything about your life—what you owned, who lived with you, what you did with practically every moment of your time—to the scrutiny of a government employee. Where did you get that radio? How did you pay for it? Who is this man living with you? Is he contributing to the rent? How much time did you spend looking for work? Can you verify that you made these job applications? Etc. Naturally, this approach made many welfare recipients resentful of this intrusion, and resistant to the, er, helpful suggestions they received from agents of the federal government. Clearly, these officials were trained and rewarded to be distrustful of their subjects, putting the representatives of the US government immediately at odds with a certain class of American citizens.

If you believe in this sort of critique of welfare, it's hard to see where widespread surveillance is much different. You might say that the professional busybodies who poked and prodded into the lives of welfare recipients were just protecting the taxpayer's investment in social welfare. How different is that from protecting the taxpayer?

James Madison used terms like "wickedness" to describe the realities of human nature that the Constitution needed to take into account. The Framers were well aware of the potential abuses of government, particularly when these abuses could be framed as necessities for public order and national security. The original Articles built a system of shared powers and overlapping responsibilities to make the tyranny of the majority or the dictatorship of a single man impossible. Since they felt they weren't clear enough on a few key points, the Framers added the Bill of Rights, in which the federal government is barred from indefinitely imprisoning criminal suspects, forcibly quartering troops in citizens' homes, and declaring monopoly control of the weapons needed to maintain a "well-regulated militia."

The government might claim exigent reasons for all these abuses. For example, during the Whiskey Rebellion, the government might have thrown suspected rebels into prison until prosecutors could find evidence against them. Government troops might have demanded they be quartered immediately in the homes of local residents, while the wagons containing their tents caught up with them. Officers might have ordered the immediate seizure of all weapons in the area of the rebellion. National leaders might have claimed all these steps were necessary, since the "first new nation" was so new that an uprising might fracture it. To their credit, the first generation of American leaders were confident that they could handle challenges like the Whiskey Rebellion without reverting to British methods, the policies that inspired the American War of Independence in the first place.

If empowering government busybodies in the name of national security is a bad idea, enrolling corporate busybodies in the same campaign is worse. Civil servants are at least accountable to some measure, and their activities can be swiftly regulated or de-funded if things get out of hand. It's inherently harder to monitor people outside of the government, and it's more difficult to police their actions. Just as mercenaries are no substitute for US soldiers, insurance agents and customer service representatives at companies like USAA are no substitute for the FBI.

Even the most self-consciously villainous people will cite good reasons for their villainy. The Framers, whose jaundiced view of human nature recognized this fact of life, built a system of government to keep power out of the hands of accidental or deliberate villains.

The meaning of the PATRIOT Act

IN THE NEWS
What does the PATRIOT Act mean to you? If you try to refinance your house, in most cases, the amount of paperwork has gone up at least 50%. Apparently, we're more security if Al Qaeda can't purchase condominiums in Sarasota, Florida.

That's the sort of trivial, brainless response to 9/11 that's all to commonplace, but might be relatively innocuous. However, this anecdote from Armchair Generalist is anything but harmless. What does it mean if you can't perform any standard transaction, such as paying off your automobile loan, without having to endure intrusive scrutiny? How many other private organizations than your bank and your phone company are willing to act as de facto arms of the US government's surveillance apparatus?

We've quickly entered a world in which the federal government claims sweeping powers to monitor US citizens, then hands off much of the actual monitoring to private corporations. If you throw in the government's claim that the Justice Department lacks the clearances needed to investigate how this surveillance is being conducted, you have a program with no effective control or accountability. Once you lose people like John Robb, who is about as dedicated to the defeat of terrorists as you can get, you've pretty much lost the core of informed observers who might have suspended disbelief about the effectiveness of these programs.

Wrong and ineffective

IN THE NEWS
Poliblogger's post on the vast NSA database of everyone's phone calls is really good...But it's not enough. The argument has to be made that these policies are not just morally and Constitutionally indefensible. To land the rhetorical punch, you have to also make the argument that they are not effective.

I wish Americans had enough faith in their own institutions that the burden of proof didn't include explaining why the Framers created the system of government we have. I also wish that 9/11 had prompted enough people to review the history of counterterrorism, in the United States and elsewhere, to the point where the general public already knew that a big pile of information doesn't make you safer. But, we're here now, where it's not enough to say that the NSA wiretaps and archive of phone records are just illegal and unconstitutional. It's also important for the reading public to know, they're also practically useless--at least for catching terrorists. What other purposes they might serve is a separate question.

Flame wars and terrorist e-mails

IN THE NEWS
Just to continue listing reasons to be skeptical about the US government's data mining efforts, here are a few more salient points:

• To date, the executive branch has followed up on only a handful of leads from these surveillance efforts.
• The recently-revealed Library Tower plot doesn't really help the Administration's case. The fact that someone was thinking about crashing an airliner in Los Angeles isn't proof that a serious possibility of such an attack existed. It's also not clear from the information provided that surveillance helped stop the plot--only that the alleged terrorists never followed through.
• According to this recent article in Wired, humans have serious cognitive obstacles to understanding the tone and intent of e-mails sent to them. Since terrorists can and do talk in code, this psychological barrier to understanding e-mail traffic only confounds further attempts to catch terrorist communications through a vast electronic dragnet.

No surprise, then, that Congress is increasingly skeptical of this program's value.

Give it up already

IN THE NEWS
Sometimes, bad ideas die a natural death. Other times, they cling to life like the mold in your shower. The executive branch's various experiments in data mining fall into the latter category. Just when you thought the Total Information Awareness (TIA) program has died, up pops the warrantless NSA wiretaps, which are just the proverbial tip of the iceberg. The US government is still pushing for a massive sweep of all e-mail, web sites, telephone calls, and other sniglets of electronic information it can get.

What's the value of this information? They say, We're focusing on suspected terrorists, don't worry. We say, Your algorithms mistakenly identify people like Senator Ted Kennedy and a four year old boy as terrorists, and there's a suspiciously high number of your political opponents on the no-fly list.

They say, Every program has its kinks to work out. We have our top people on this project. We say, So why do you keep giving important posts in the departments of Homeland Security and Defense to people who got their computer science degrees from diploma mills?

They say, We're fixing problems like these as we go. We say, Data mining projects are just plain hard. If Amazon.com needs a large team of programmers to analyze the buying habits of the captive audience of people browsing their web site, how exactly are you going to find terrorists in all the e-mails, instant messaging, phone calls, and other electronic communications out there?

They say, Catching terrorists is our top priority. We'll figure out how to do this. We say, Even if there were the Manhattan Project of data mining, we're finding it hard to believe you.

They say, Trust us. We say, You keep saying that, but you never back up your claims with results. And don't tell us it's too secret to say a word about how we catch terrorists, because European governments, with a lot more counterterrorism experience under their belts, frequently do tell their citizens about their counterterrorism efforts .

They say, No, really, trust us. We say, You're not listening to anything we've said.

Of course we need to monitor suspected terrorists. It's the way the Administration has described its efforts that fails to convince, particularly in light of the problems already identified.

Cowardly lions

IN THE NEWS
Slate has two excellent articles about the NSA wiretap controversy. The first details exactly how toothless yesterday's hearings were. The second points out the obvious problems with the Trust us defense.

When controversies get serious

IN THE NEWS
One measure of the seriousness of a scandal is how the people at the center of it react. Karl Rove is telling Congressional Republicans that their "disloyalty" in the NSA wiretap scandal might cost them Republican Party support when they face re-election. Unlike the Valerie Plame controversy, which got lost in Byzantine timelines of who knew what when, the NSA wiretap issue has a very clear, direct line from Administration policy to potential criminal wrongdoing. Here's a quote from the coverage in Insight, the Washington Times' news magazine:

The sources said the administration has been alarmed over the damage that could result from the Senate hearings, which began on Monday, Feb. 6. They said the defection of even a handful of Republican committee members could result in a determination that the president violated the 1978 Foreign Intelligence Surveillance Act. Such a determination could lead to impeachment proceedings.

And that's from the rapidly pro-Bush, Reverend Moon-owned crowd at the Times, who regularly feature opinion pieces like this one on the National Prayer Breakfast. Imagine what those "Constitution-huggers" at The New York Times and The Washington Post will have to say about this story.

Yesterday, I was arguing that the skeptics on the Senate Judiciary Committee needed to tackle the practical and political dimensions of the NSA wiretap controversy while they debated the legal particulars. Apparently, Rove is already taking the battle to the political front.

The Information Operations Roadmap

IN THE NEWS
Thanks to ZenPundit for pointing out this de-classified version of the Department of Defense's 2003 document outlining its "Information Operations Roadmap," which includes everything from normal C3I issues through psychological operations (PSYOPS). It's a very interesting peek into the Pentagon's view of the information battlefield.

While it's always good to know that the DoD is preparing to protect communications flows during wartime, the document isn't exactly comforting. Its content and tone reflects the Net-Centric Initiative, which conforms to the Pentagon's preference for conventional warfare. The Roadmap describes a generic approach to defeating a generic adversary: while we are trying to protect the flow of information during wartime, we're trying to choke off the enemy's. While we're keeping the decision-making process humming along, we're trying to tie the enemy's leadership in knots. There's a heavy emphasis on technology, which defense contractors at this upcoming Net-Centric Strategy conference are quick to position themselves as the providers of this technology. The Net-Centric Strategy has spawned innumerable computer-based projects, as this directive from the Assistant Secretary of Defense For Networks and Information Integration/Department of Defense Chief Information Officer (ASD(NII)/DoD CIO) implies. (Does that job title fit on just one business card?)

Unfortunately, most elements of the Information Operations Roadmap will be much less successful against terrorists and guerrillas than conventional military organizations like our own. Hezb-i-Islami, one of the groups fighting the Afghan government, uses cell phones and computers. However, these insurgents are far less concerned about magnetic pulse weapons than, say, our own armed forces might be. If you're looking for signs that "information operations" are designed with terrorists and guerrillas in mind, you'll have to look elsewhere.

...And the wiretap lawsuits begin

IN THE NEWS
The Electronic Frontier Foundation's suit against AT&T could be the harbinger of more lawsuits to come. A private company's cooperation with the NSA may violate various consumer protections and terms of service agreements, not to mention privacy laws at the federal, state, county, and even city level. Therefore, the EFF is not the only potential plaintiff, and any telecommunications company that might have been cooperating with the NSA is on the list of potential defendants. The rate that lawsuits get filed might easily outstrip the ability of the Justice Department to try to intervene with each one, so there may be a push to get some precedent set at the federal level as soon as possible.

Good talk, bad questions

IN THE NEWS
Mandatory reading for anyone interested in the FISA wiretaps controversy is the transcript of a talk given by General Michael Hayden, a former NSA director who now works for John Negroponte, the new Director of National Intelligence. Hayden gives a creditable summary of the reasons why the Bush Administration decided to bypass the FISA courts after 9/11. In fact, someone in the Administration should have put Hayden in front of the press right away.

However, Hayden is not 100% convincing about either the necessity or the legality of the warrantless wiretaps. On the question of whether the wiretaps were legal or constitutional, I don't expect him to play the role of a Department of Justice attorney. However, Hayden can talk more than he did about the effectiveness of the wiretaps in catching terrorist or stopping attacks. For all the words spoken in his speech and the Q&A session afterwards, Hayden did not really provide an answer to that question. Hayden does acknowledge the practical problems this new geyser of data created:

Now, as another part of our adjustment, we also turned on the spigot  of NSA reporting to FBI in, frankly, an unprecedented way. We found that we were giving them too much data in too raw form. We recognized it almost immediately, a question of weeks, and we made all of the  appropriate adjustments. Now, this flow of data to the FBI has also become part of the current background noise, and despite reports in the press of thousands of tips a month, our reporting has not even approached that kind of pace. You know, I actually find this a little odd. After all the findings of the 9/11 commission and other bodies about the failure to share intelligence, I'm up here feeling like I have to explain pushing data to those who might be able to use it. And of course, it's the nature of intelligence that many tips lead nowhere, but you have to go down some blind alleys to find the tips that pay off.

If you follow his carefully-phrased sentences carefully, however, he doesn't say much more than, The flow of information got more focused and more useful. Of course, that assertion begs the question, As measured by what results?

Whatever you think of General Hayden, the journalists in the room deserve to be dope-slapped for the godawful questions they asked. Both the press and the US Congress have lost the ability to ask simple, pointed questions, the kind that elicit reluctant but necessary answers. Instead, Hayden suffered through overlong, unfocused questions that didn't really compel him to do anything but repeat his earlier assertions. Yes, thank God, the NSA is not listening to random telephone calls. But did the warrantless wiretaps actually accomplish anything?

[Incidentally, I'm by no means trying to deflect the discussion away from the serious legal and constitutional issues. I do believe strongly that the effectiveness question needs to be handled at the same time.]

America's Maginot Line

IN THE NEWS
There's a symmetry about the White House's approach to intelligence and counterterrorism that is, sad to say, a reflection of the thinking that went into the construction of the Maginot Line. I'm sure that people in the Administration would bristle at the comparison, if for no other reason than I'm comparing them to the French. However, the parallels—the prohibitive costs and the unmanageable risks of a forward defense—are clear.

The French government built the Maginot Line to secure their frontier against the German army in another world war. France's old network of forts, including the famous fortress at Verdun, helped stabilize the front lines in 1914, which after the Battle of the Marne did not change significantly for the rest of the war. You can understand why French leaders thought a new, more expansive string of fortifications would stop the Germans cold the next time they invaded, saving France (and Europe, for that matter) the horrors of another world war.

Of course, we know that the Maginot Line failed, not because of stupidity, but politics. To cover all of France's eastern frontier, the Maginot Line would have to extend across France's border with Belgium, which France had committed to defend from any German invasion. Sealing off the Belgian border would have nullified this promise, signaling instead that the Belgians were on their own. In 1940, the Germans exploited this hole in the Maginot Line, sweeping through Belgium. The Wehrmacht also gained operational surprise by pushing armored and motorized divisions through the supposedly "untankable" Ardennes Forest. Not having defended this sector as fully as they should have, Allied commanders compounded the mistake by throwing forward a joint French-British army north of where the main German thrust lay. Suddenly, the Germans had outflanked France's fortifications in the south, while a substantial number of its defenders were extending themselves in the wrong direction in the north.

The problems of forward defense resurfaced during the Cold War, when NATO faced a similar dilemma in West Germany. Viewed from a purely military perspective, NATO should have deployed its forces for a defense in depth. In this scenario, the front line, which included the border between East and West Germany, would be manned with enough troops to slow the Warsaw Pact assault. Just as critically, other NATO forces would be held in reserve far back from the front line, available to stop any breakthrough the enemy made, and possibly counterattacking when the opportunity arose. Just as the French in 1940 looked at the last war to decide their current strategy, NATO commanders drew cautionary lessons for the defense of Europe from the German blitzkrieg, including the battle for France.

However, NATO had its own political problem that echoed the French dilemma with Belgium.  NATO could not abandon West Germany, which any defense in depth would have effectively done. Warsaw Pact breakthroughs were calculated to be inevitable, so the real battle would be decided after the Soviets and their allies had seized (and undoubtedly decimated) much of West Germany. Fearing what might happen if a West German government used defense in depth as a rationale for declaring neutrality and leaving the alliance (what used to be called "Finlandization"), NATO commanders deployed their troops for a more forward defense.

Ironically, this strategy increased the chance that West Germany would be devastated in the worst fashion possible, if the Warsaw Pact invaded. The enemy still had a high likelihood of breaking through, despite the reinforcement of the front line. Without conventional troops to plug these holes and prevent the encirclement of the first line of defense, NATO would have to contemplate using tactical nuclear weapons against the massive Warsaw Pact formations. Aside from the catastrophic casualties and damage that tactical nuclear weapons themselves would cause, there was a high risk that the Soviets would retaliate in kind, and perhaps even launch pre-emptive attacks at targets elsewhere. The United States and its NATO partners, fearing pre-emption, would themselves have to contemplate pre-emptive attacks on the Soviet Union…You can see where this line of argument is going. To deter the Soviets, the US and its European allies had to make it appear convincing that global Armageddon was the likely result of any conventional invasion. It was a bluff that NATO leaders would have preferred not to make, but the politics of defending West Germany led to this conclusion.

How does this discussion of forward defense relate to the present day? There is a common thread in the Bush Administration's approach to national security: throw as much resources as possible against counterterrorism's front lines. Today's front line don't always exist on a map, but they represent a real commitment of resources to stop any "penetration" of American defenses at its frontiers. In other cases—most notably, Iraq—the Administration has worked to create a geographic front line where it did not exist, and then pour resources into its defense.

The "front-line defense" thinking may be part of the Bush Administration's mania for piles of information, from wiretaps to Google's search archive. While there may be other motives at work, at least some people in the executive branch may be fearful what might happen if they don't have access to all possible information at all times. (They may also be afraid of what happens if a superior catches them not trying to get all information available, even if the information isn't necessarily useful.) However, this strategy is founded on the mistaken idea that more information is better information.

As many, including the 9/11 Commission, have pointed out, the 9/11 hijackers succeeded because no one in a top-level decision-making role pieced together related pieces of information into a coherent whole. The information needed to draw the conclusion that Mohammed Atta and other members of the Al Qaeda cell were plotting to hijack airliners and use them as weapons. More information would not necessarily have helped decision-makers reach that conclusion more certainly or more quickly. In fact, it may easily have made it harder:

• More information means more content to sift for what's useful, or how different facts may be related. Taking the Administration's claim that the secret wiretaps only monitored suspected Al Qaeda members, the amount of information could still easily outstrip the ability of intelligence analysts to make sense of all of it.
• Some "information" may be misleading or just plain wrong, throwing people off the scent. The qualifying adjective suspected, as in suspected Al Qaeda member, indicates that some percentage of the people under surveillance had nothing to do with Al Qaeda at all.
• Raw information, such as a cell phone intercept, needs to be channeled to particular audiences and packaged for them. One of the complaints FBI agents made about the post-9/11 wiretaps was the lack of useful contextual information: who was talking; what they may have been discussing (often in code); and why anyone in the FBI should believe any of it to be important.
• Information gathered illegally or inappropriately may be so tainted that prosecution of terrorist suspects is impossible. Unless we're going to abandon law enforcement as a tool of counterterrorism entirely, this presents a real problem.

In other words, shifting finite resources to expand the collection of information isn't inherently useful, It's the intelligence equivalent of the Maginot Line, a massive investment in defense at the very periphery of potential conflict. In this case, the border is comprised of information.

Shifting the soldiers of the intelligence war—CIA analysts, NSA signal intelligence collectors, Justice Department attorneys—to the front lines makes it harder to detect any "penetration" that may have occurred. Once again, the failure of forward defense in an era of maneuver warfare provides an apt analogy. The German Wehrmacht showed how, once they had punched a hole in their opponents' front line, they could create panic and indecision by rampaging unopposed through the enemy's rear areas. The story was the same in Poland in 1939, France in 1940, and the Soviet Union in 1941: the Germans seemed everywhere all at once; too few troops were rushed where the Wehrmacht was strong, and too many where there were no Germans at all; the Wehrmacht capitalized on this confusion to surround pockets of the enemy and force them to surrender.

Similarly, enough of the "soldiers" responsible for counterterrorism need to be positioned in the "rear area," to prevent confusion and chaos when penetrations actually occur. Intelligence professionals can then alert their colleagues in the FBI, the Department of Defense, the Justice Department, the State Department, local law enforcement to take immediate action against the right people.

You often hear that the French defeat in 1940 was the result of "last war" thinking. In this view, the French government and army were framing military preparations in terms of World War I, in which the Maginot Line would have been more effective than in an era of highly mobile armor and motorized infantry divisions. This interpretation, however, is almost completely wrong. While some French military and civilian leaders may have suffered from "last war" thinking, the French army was already in the midst of a major reform that embraced the new realities of maneuver warfare.

French military planners knew that the Germans were ahead in their doctrine, organization, training, and equipment for this new style of warfare. Unfortunately, the Battle of France occurred before the French army completed these reforms. French leaders knew that, with or without the Maginot Line, they had to adapt their tactics to better fit the new era of blitzkrieg warfare. They already realized that Maginot Line was not a 100% reliable defense. In all likelihood, the Germans could blow a hole through one or more sections of it, in which case the French army would have to rush to plug these holes before the operationally nimble Wehrmacht could exploit them. Since the Belgian gap was a hole that already existed in the Maginot Line, this weakness forced French military thinkers to solve a problem with their own doctrine and organization that would have  existed anyway. The Belgian gap merely illustrated in the starkest possible terms how important it was to discard obsolete notions, such as seeing the tank primarily an infantry support weapon, and replace them with important innovations, such as using the tank as the new arm of decision. Had these reforms been completed by the German invasion, the Battle of France—which was by no means a sure German victory—could have ended more like the Battle of the Marne.

Similarly, the intelligence battlefield today has a " Belgian gap" in its version of the Maginot Line—and once again, it is the result of politics. The intelligence community has learned to work within limits set by the US Constitution, several decades of executive orders, and various pieces of legislation. During the Cold War, when no one had to verify the existence of WMDs (thousands of them were pointed at us), intelligence professionals learned to work around these restrictions. More than just one life was at stake, or a few thousand—millions could die if the US government missed warnings of an imminent Soviet nuclear attack.

Constraints breed resourcefulness, and such was the case with the intelligence community. In the 1950s, the Red Scare led to all sorts of ridiculous warnings about who might be a Communist agent. In some cases, this hysteria sometimes obscured the work of real spies who were attempting to steal American nuclear secrets. (See the complex history of the Rosenberg case for a good example.) A decade or two later, counterintelligence professionals could focus on who might credibly be a Soviet agent, instead of sifting through unfounded rumors about who might be the Red agent living around the block.

In other words, the US government does not have to discard the legal and administrative restrictions on surveillance to defeat terrorists (which, it's worth remembering, come from both within the United States as well as outside of it).  Some restrictions undoubtedly needed revision. For example, some wiretap