IC Inspector General Oversees the Intelligence Community

Updated below

The Intelligence Community Inspector General (IC IG) received a tip last year that the Intelligence Community might have assembled a database containing US person data in violation of law and policy.

“A civilian employee with the Army Intelligence and Security Command made an IC IG Hotline complaint alleging an interagency data repository, believed to be comprised of numerous intelligence and non-intelligence sources, improperly included U.S. person data,” the IC IG wrote. “The complainant also reported he conducted potentially improper searches of the data repository to verify the presence of U.S. persons data. We are researching this claim.”

The resolution of that complaint concerning improper collection of U.S. person data was not disclosed. But the IC IG evidently found it credible enough to justify a rare report to the White House Intelligence Oversight Board (IOB).

Update, 12/04/14: The IC IG said it did not corroborate the complaint. “We researched this allegation to determine whether the data repository was operating with sufficient internal controls to provide reasonable assurance that the collection, retention and dissemination of information complied with applicable laws, executive orders, policies, and regulations. We reached a preliminary conclusion that this was the case and thus had no basis for further review.” The case was closed on June 4, 2014.

The report to the IOB was noted in the IC Inspector General’s Semi-Annual report for October 2013 to March 2014 that was released this week (in redacted form) under the Freedom of Information Act.

The IC Inspector General, I. Charles McCullough III, has oversight responsibility both for the Office of the Director of National Intelligence (ODNI) and for the Intelligence Community as a whole (but not for its individual member agencies). In addition to monitoring compliance with the law, the IC IG deals with a broad range of administrative, budgetary and personnel issues, several of which are described in the new report.

So, for example, “[An intelligence] contractor misconduct investigation substantiated that a contractor employee routinely misused government equipment and systems to engage in inappropriate and prurient Internet chat over an extended period of time.”

Judging from the Semi-Annual Reports, the IG is also capable of challenging senior ODNI leadership when there is cause to do so.

“An ODNI Senior Official engaged in conduct unbecoming a federal employee while on TDY [temporary duty] conducting official ODNI business,” according to the Semi-Annual Report for March-September 2013, which was also released this week.

“The Senior Official exhibited poor personal judgment that created circumstances which reflected poorly on the ODNI and potentially impaired his ability to perform his duties,” the IG report said. The case was referred to the ODNI Chief Management Officer, but further details such as the identity of the Senior Official were not divulged.

In the concentric circles of U.S. intelligence oversight, Inspectors General are close to the center — receiving allegations, interviewing witnesses, formulating responses, and taking appropriate action.

Though heavily redacted, the new Semi-Annual Reports include multiple points of interest, including these:

**    During the six-month period ending in March 2014, the IC IG processed 5 whistleblower complaints of waste, fraud or abuse, 3 “urgent concern” complaints, 2 requests for external review under the provisions of Presidential Policy Directive 19, and 1 whistleblower reprisal complaint. The outcomes of these cases were not described.

**    During the six-month period ending September 2013, the IC IG investigated two cases of unauthorized disclosures, neither of which was substantiated. There were no such investigations in the following six-month period.

**    “ODNI does not have a policy or process for notifying CIA Covert Capabilities Center when an employee or detailee separates from ODNI or is reassigned,” the IC IG reported. The CIA “Covert Capabilities Center” is not a familiar entity.

**    “An adverse work environment exists” in the IC Equal Employment Opportunity and Diversity Office.

**    In the six-month period ending last March, the IC IG complaint hotline “received 135 contacts, 48 internal contacts and 87 external contacts from the general public. ”

**    And while most ODNI and IC employees are directed to have no contacts with the media without prior authorization, the IC Inspector General made special arrangements for himself and his staff:  “We worked with PAO [ODNI Public Affairs Office] so they understood the need for the IC IG to work independently with media contacts to preserve IC IG objectivity and independence.”

In a four-part series this week, the Washington Examiner reported allegations that some agency Inspectors General are improperly subservient to, and protective of, their agency leadership.

Air Force Intelligence: No Human Experimentation Here

In the United States Air Force, “intelligence components do not engage in experimentation involving human subjects for intelligence purposes.”

That unsolicited assurance was reiterated in the latest revision of Air Force Instruction 14-104, Oversight of Intelligence Activities, November 5, 2014.

“For purposes of this instruction, the term ‘human subjects’ includes any person, whether or not such person is a US person. No prisoners of war, civilian internees, retained, and detained personnel as covered under the Geneva Conventions of 1949 may be the subjects of human experimentation.”

The Instruction also addressed domestic imagery collection, reporting of “questionable intelligence activities,” and other topics.

2014 Intelligence Budget Figures Released

The National Intelligence Program received a total appropriation of $50.5 billion in fiscal year 2014, the Office of the Director of National Intelligence disclosed yesterday, as required by law. The Military Intelligence Program was funded at $17.4 billion in FY 2014, the Department of Defense said. Current and past intelligence budget disclosures can be found here.

Marshall Erwin, a former analyst at the Congressional Research Service and the CIA, said that in principle, the intelligence community should be able to “absorb recent cuts quite easily.” But “whether the IC will actually absorb cuts without degrading capabilities is a separate question. While it has the means to do so, thus far decisionmakers have not proven up to the task.” He presented his perspective on trends in intelligence spending in “Doing Way More with Much Less: Intelligence by the Numbers” on the new blog Overt Action.

Overt Action is part of an effort by Erwin and several colleagues “to create a venue for intelligence professionals to more effectively engage in public debate.”

Defense Intelligence Mission Expands

On October 24, the Pentagon issued an updated version of DoD Directive 5143.01 defining the role of the Under Secretary of Defense (Intelligence), the Department’s principal intelligence advisor and manager of military intelligence programs.

The new directive is about 30% longer than the 2005 version that it replaces.

The differences between the two directives reflect changes in the global environment as well as in the intelligence mission, and in the role of the USD(I) in particular.

Cybersecurity. Insider threats. Unauthorized disclosures of classified information. Biometrics. None of these terms and none of these issues were even mentioned in the 2005 edition of the DoD intelligence directive.

But all of them and more are now part of the expanded portfolio of authorities and responsibilities of the Under Secretary of Defense for Intelligence, who also serves as Director of Defense Intelligence and principal advisor to the DNI on defense intelligence matters.

Meanwhile, intelligence spending has been on a downward slope for the past few years, and the FY2015 request for the Military Intelligence Program was about $1.3 billion below the request for the previous year, which was $18.6 billion. (The FY2014 intelligence appropriations for national and military intelligence programs are due to be disclosed this week.)

“Intelligence is a major source of U.S. advantage. It informs wise policy and enables precision operations. It is our front line of defense. The challenges we face, however, are increasing and becoming more complex, and our resources are declining,” said Michael G. Vickers, the current USD(I), at an April 4 hearing of the House Armed Services Committee.

“We have five defense intelligence operational priorities: countering terrorism, particularly countering the threat posed by al-Qaida; countering the proliferation of weapons of mass destruction and associated delivery systems; countering the actions of repressive governments against their people, such as in Syria; countering state-on-state aggression; and countering cyberthreats,” he said then.

“To address the intelligence gaps that exist within these operational priority areas, we are focused on enhancing defense intelligence capabilities in five areas: enhancing global coverage; improving our ability to operate in anti-access/area denial, or A2AD, environments; sustaining counterterrorism and counterproliferation capabilities; continuing to develop our cyberoperations capabilities; and strengthening our counterintelligence capabilities and reforming our security clearance processes to minimize insider threats,” Mr. Vickers testified.

The position of Under Secretary of Defense (Intelligence) was established by the defense authorization act for FY 2003 to improve management and coordination of defense intelligence programs. The office has previously been occupied by Stephen Cambone and James R. Clapper, Jr., the current DNI.

The new DoD directive authorizes the Under Secretary to “communicate with… members of the public… and non-governmental organizations.” However, “communications with representatives of the news media” are to be conducted through the Office of Public Affairs, the directive said.

CIA Posts Hundreds of Declassified Journal Articles

The Central Intelligence Agency has posted hundreds of declassified and unclassified articles from its in-house journal Studies in Intelligence, in an effort to settle a lawsuit brought by a former employee, Jeffrey Scudder. Until lately, the CIA had resisted release of the requested articles in softcopy format (Secrecy News, March 17), but the Agency eventually relented.

“Of the 419 documents that remain in dispute in Scudder, the CIA has produced 249 in full or in part by putting them up on the CIA website,” the government informed Mr. Scudder’s attorney, Mark S. Zaid, this week. They are posted here. [Update: The preceding link is dead. CIA has integrated the Scudder release into this larger collection of declassified Studies articles].

The newly posted articles cover a wide range of topics, and vary considerably in substance and originality. The CIA said that 170 other articles sought by Scudder had been withheld in full.

Jeffrey Scudder was profiled recently in the Washington Post (CIA employee’s quest to release information ‘destroyed my entire career’ by Greg Miller, July 4, 2014).

“Ingenuity” Could Not Prevent Atom Bomb Espionage

When the internal history of the Manhattan Project was written in 1944, officials still believed — mistakenly — that the atom bomb program had evaded the threat of foreign espionage.

“Espionage attempts were detected but it is felt that prompt action and intensified investigative activity in each case prevented the passing of any substantial amount of Project information,” according to a previously overlooked page from the Manhattan District History that was declassified yesterday.

Although declassification of the official history was thought to have been completed in July of this year (WWII Atom Bomb Project Had More Than 1,500 Leaks, Secrecy News, August 21), a single page had been inadvertently withheld from disclosure.

When its absence was pointed out to Department of Energy classification officials, they expeditiously retrieved the missing page (page 2.4 of Volume 14), declassified it and incorporated it in the published online document.

The newly disclosed page presents a flattering view of Manhattan Project counterintelligence efforts.

“The CIC [Counterintelligence Corps] Special Agents assigned to espionage cases became proficient in all phases of investigation technique. Many of them displayed skill and ingenuity unsurpassed by the most experienced investigators,” the document said.

“Agents impersonated men of all occupations in order to obtain information that would enable them to evaluate a suspect properly. An agent worked as a hotel clerk for over two years while another became bell captain in the few months he worked as a bell hop. Agents have posed as electricians, painters, exterminators, contractors, gamblers, etc.”

Yet their skill and ingenuity were inadequate to the task.  It later became clear that the Manhattan Project had been effectively penetrated by a number of Soviet intelligence agents and sympathizers.

The Department of Energy’s publication of the 36-volume Manhattan Project history itself required an extra measure of devotion. First, the tens of thousands of individual pages, many of them on second- or third-generation carbon paper, were painstakingly reviewed. The Public Interest Declassification Board noted with approval that “these records received a line by line declassification review, rather than being subjected to simple pass/fail determinations.” Then, once that process was completed, each page had to be manually scanned for online publication by the Department of Energy.

Except for a few passages stubbornly redacted by the CIA, the whole document has now emerged from the purgatory of sealed government archives and is now available to anyone who cares to read it.

 

Congress Grapples with Classification Issues

A bill introduced in the House of Representatives by Rep. Bennie Thompson (D-MS) would direct the President to reduce the amount of classified information by 10%. It is one of several new congressional initiatives seeking to rectify perceived defects in the national security classification system.

Most prominently, the Senate Intelligence Committee is engaged in an ongoing dispute with the Administration over declassification of the Committee’s report on the CIA’s post-9/11 detention and interrogation program.

Sen. Dianne Feinstein, the Committee chair, said the Administration’s proposed redactions to the executive summary of the report were unacceptably broad.

“I have concluded the redactions eliminate or obscure key facts that support the report’s findings and conclusions,” she said on August 5. “Until these redactions are addressed to the committee’s satisfaction, the report will not be made public.”

With this contentious experience fresh in mind, one might have expected the Senate Intelligence Committee to have acquired special insight into the failings of the existing classification system and to have devised some well-considered remedial measures to address them.

But that does not appear to be the case.

In its new intelligence authorization bill for Fiscal Year 2015 (S. 2741, sec. 311), the Committee weakly requires the Director of National Intelligence to prepare a report “describing proposals to improve the declassification process throughout the intelligence community.”

Under current circumstances, this proposed reporting requirement seems like a failure of imagination and leadership, and probably a waste of everyone’s time. Perhaps it is just a placeholder for something more ambitious that is still to come.

By contrast, the bill introduced by Rep. Thompson in the House and by Sen. Ron Wyden in the Senate is prescriptive and solution-oriented in its treatment of the issue.

Among its several provisions, the new bill (HR 5240) would require the President “to establish a goal for the reduction of classified information by not less than 10 percent within five years through improved declassification and improved original and derivative classification decision-making,” according to a Fact Sheet on the bill, dubbed the CORRECT Act. (It is unclear how the 10 percent reduction in information would be measured, whether in pages or bytes or number of classification decisions or by some other standard.)

The Thompson/Wyden bill would also bolster and expand the Public Interest Declassification Board, assigning it the responsibility to evaluate the continuing validity of all current classification guidance. Though this provision may seem innocuous, it is a clear challenge to the autonomy that is currently enjoyed by executive branch agencies regarding what is to be classified. As such, it represents the kernel of a solution to the problem of overclassification.

The bill would further direct the Privacy and Civil Liberties Oversight Board to establish standards for the emerging insider threat program, and it would decisively break from current practice by authorizing the Merit System Protection Board to review agency denials or revocations of security clearances.

However, the deliberative effort that has gone into preparing the bill is not going to yield any near-term reward. In all likelihood, Rep. Thompson’s CORRECT Act will not even receive a hearing in the remainder of this expiring Congress.

Another modest but potentially useful legislative effort is an amendment to be introduced by Sen. Jeanne Shaheen that would enhance the authority and capacity of the National Declassification Center.

If the Senate Intelligence Committee wants a report on “improving declassification,” as the new intelligence authorization bill requires, then there is already a report with that very title that was prepared by the Public Interest Declassification Board in December 2007.

Several of the report’s recommendations have still not been acted on. Among them is a proposal that “formal procedures should be established for the declassification review of classified [congressional] committee reports and hearing transcripts.”

Because such records are produced and held by congressional committees, such as the Senate Intelligence Committee, they are not eligible for declassification unless and until the originating committee takes the initiative to have them reviewed and declassified. Yet this is rarely done, despite the importance of these materials.

“Frequently, closed sessions of congressional committees are the only occasion when executive branch policy in the national security area is explained, challenged (by members), and defended by administration representatives. The exchanges at these hearings, as well as the views of Congress (elaborated in classified committee reports), often affect the policy choices of the executive branch. Yet, because the records of the committees involved are classified and never subjected to declassification review, the public and historians are largely unaware of their existence,” the PIDB report said.

“Despite their historical significance, classified records created by the Congress are reviewed for declassification only on a hit-or-miss and relatively limited basis. As a result, the public is denied a valuable source of historically significant information,” the report said.

So, for example, not a single classified annex to the annual intelligence authorization bills produced by the congressional intelligence committees has ever been declassified.

Identity Intelligence and Special Operations

“Identity intelligence” is a relatively new intelligence construct that refers to the analysis and use of personal information, including biometric and forensic data among others, to identify intelligence targets of interest and to deny them anonymity.

The term began to appear a few years ago and was included, for example, in a 2012 Defense Intelligence Agency briefing package. Since then it has quickly propagated throughout U.S. military and intelligence operations.

Identity intelligence (or I2) was included for the first time in published U.S. military doctrine in the October 2013 edition of Joint Publication (JP) 2-0 on Joint Intelligence, which elaborated on the concept. Identity intelligence is used, JP 2-0 said, “to discover the existence of unknown potential threat actors by connecting individuals to other persons, places, events, or materials, analyzing patterns of life, and characterizing their level of potential threats to US interests.”

(“Identity intelligence” also appeared in an undated Top Secret document that was disclosed by Edward Snowden and published in excerpted form by the New York Times on May 31, 2014.)

Most recently, an updated U.S. Department of Defense publication on special operations noted this month that “Identity intelligence products enable real-time decisions in special operations worldwide.”

The new DoD doctrine on Special Operations — Joint Publication 3-05, dated 16 July 2014 — includes further discussion of identity intelligence (I2) in the special operations context:

“I2 is the collection, analysis, exploitation, and management of identity attributes and associated technologies and processes. The identification process utilizes biometrics-enabled intelligence (BEI), forensics-enabled intelligence (FEI), information obtained through document and media exploitation (DOMEX), and combat information and intelligence to identify a person or members of a group.”

“I2 fuses identity attributes (biological, biographical, behavioral, and reputational information related to individuals) and other information and intelligence associated with those attributes collected across all intelligence disciplines….”

“USSOCOM [US Special Operations Command] exploits biometric, forensic, document and media data collections and integrates the data with all-source intelligence to locate and track unattributed identities across multiple or disparate instances. Intelligence collections are processed through the appropriate DOD and interagency databases, exploited to produce intelligence, and then disseminated to deployed SOF and throughout the interagency. I2 products enable real-time decisions in special operations worldwide.”

*    *    *

Identity intelligence aside, the new Joint Publication 3-05 provides an informative account of the role of special operations, along with some notable changes from previous special operations doctrine.

“Special operations require unique modes of employment, tactics, techniques, procedures, and equipment. They are often conducted in hostile, denied, or politically and/or diplomatically sensitive environments, and are characterized by one or more of the following: time-sensitivity, clandestine or covert nature, low visibility, work with or through indigenous forces, greater requirements for regional orientation and cultural expertise, and a higher degree of risk,” JP 3-05 says.

The previous edition of this publication (dated 2011) had identified 11 core activities for special operations: direct action, special reconnaissance, counterproliferation of weapons of mass destruction, counterterrorism, unconventional warfare, foreign internal defense, security force assistance, counterinsurgency, information operations (IO), military information support operations (MISO), and civil affairs operations.

The new edition adds a 12th mission that up to now had not been considered a core activity: hostage rescue and recovery.

“Hostage rescue and recovery operations are sensitive crisis response missions in response to terrorist threats and incidents. Offensive operations in support of hostage rescue and recovery can include the recapture of US facilities, installations, and sensitive material overseas,” the new JP 3-05 states.

When the Administration Asks Itself to Declassify

In preparing its recent report on the Section 702 surveillance program, the Privacy and Civil Liberties Oversight Board (PCLOB) demonstrated an unusual mode of declassification, in which one executive branch agency asks another agency to declassify information.

In this case, the process was remarkably productive, and it may offer a precedent for future declassification efforts.

“During the process of preparing this report we sought and obtained declassification of facts about this still highly classified [Section 702] program in order to allow us to put in context how the program operates and clarify some public misconceptions,” said PCLOB Chairman David Medine at a July 2 public meeting.

“As a result, over one hundred new facts were declassified by the government to provide needed context for the program’s operation,” he said.

In what the PCLOB staff termed a “lateral declassification” model, it was an executive branch agency (i.e., the PCLOB itself) — rather than Congress or members of the public — that pressed another government agency (ODNI, NSA, CIA, FBI or Justice) to declassify specific information.

Such an interagency request for declassification differs from the “referrals” that agencies routinely direct to one another. In those cases, the receiving agency is simply asked to review records to identify its own classified information (or “equities”) and then to advise the originating agency what must be withheld and what may be disclosed.

Here, the PCLOB didn’t merely ask agencies to screen for classified information under existing classification standards. It urged them to actually change those standards. And in more than 100 specific cases, the agencies did so.

Most of the declassified facts in the PCLOB Section 702 report are not specifically flagged as having been declassified at the Board’s request, and they may therefore be easily overlooked. A partial compilation of such newly declassified facts, prepared by a participant in the process, was obtained by Secrecy News.

Several features appear to have contributed to the efficacy of the lateral declassification approach.

For one thing, the requesting agency (the PCLOB) already possessed the requested information in classified form. So it knew exactly what it was asking for, and why it was asking for it to be declassified.

And then the fact that the declassification requests originated within the executive branch itself (the PCLOB is an independent executive branch agency) made it harder for the recipient agencies to ignore the request and easier for them to fulfill it.

By contrast, public requests through the Freedom of Information Act often seem to decline into an adversarial contest, in which the agency adopts a defensive posture and offers only minimal, grudging compliance with disclosure requirements.  (At CIA, one gets the impression that asking for a record to be declassified can make it less likely to be disclosed.) Requests from Congress also inevitably have a political overlay, and may be seen to serve an agenda that does not coincide with the Administration’s own.

But as part of the Administration, the PCLOB’s many declassification requests did not trigger the sort of immune response that any outside request would have done.

Of course, the PCLOB’s work, including its declassification proposals, did not take place in a vacuum.

“A lot of political wind was at our back,” said Peter Winn, acting general counsel for the Board.

Not only had related classified details entered the public domain through the Snowden disclosures, but calls for declassification of more information regarding current surveillance programs had been explicitly endorsed by the Director of National Intelligence and other senior officials.

Because of these competing factors, the role played by the Board’s “lateral declassification” approach cannot be precisely delineated or clearly distinguished from them.

But its apparent effectiveness is consistent with the productive declassification work performed by another executive branch body, the Interagency Security Classification Appeals Panel (ISCAP), which has declassified information in a large majority of the mandatory declassification review appeals presented to it.

Perhaps most important, the Board’s experience with declassification in the Section 702 report may serve as a precedent for similar initiatives in the future.

“For us, it’s a model,” said Sharon Bradford Franklin, executive director of the PCLOB.

She noted that more than 90% of the Board’s requests for declassification had been granted, and that they preceded completion of the Board’s report. (That is, the declassification actions were not predicated on any agency’s review of the Board’s conclusions or recommendations.)

Enough information about the 702 program was declassified that a classified annex — which had earlier been assumed to be necessary — turned out to be unnecessary, Ms. Franklin said.

She also credited the intelligence agencies for their diligent engagement and cooperation in the declassification process, as did the published PCLOB report.

“In the preparation of this Report, the Board worked with the Intelligence Community to seek further declassification of information related to the Section 702 program,” the report noted (at p. 3).

“Specifically, the Board requested declassification of additional facts for use in this Report. Consistent with the Board’s goal of seeking greater transparency where appropriate, the request for declassification of additional facts to be used in this Report was made in order to provide further clarity and education to the public about the Section 702 program.”

“The Intelligence Community carefully considered the Board’s requests and has engaged in a productive dialogue with PCLOB staff. The Board greatly appreciates the diligent efforts of the Intelligence Community to work through the declassification process, and as a result of the process, many facts that were previously classified are now available to the public.”

The final PCLOB report on the Section 702 program included several recommendations concerning transparency, including proposals for further specific declassification actions. Those proposals remain pending.

 

Senate Bill Requires Report on “All” NSA Bulk Collection

Updated below

The National Security Agency would be required to prepare an unclassified report on “all NSA bulk collection activities,” the Senate Appropriations Committee directed in its report on the Fiscal Year 2015 Department of Defense Appropriations bill, published yesterday.

The Committee told the NSA to prepare a report “describing all NSA bulk collection activities, including when such activities began, the cost of such activities, what types of records have been collected in the past, what types of records are currently being collected, and any plans for future bulk collection.”

Such a report would be expected to clarify whether NSA bulk collection extends beyond the acknowledged telephone metadata program in Section 215 of the USA Patriot Act.

The required report is to be “unclassified to the greatest extent possible,” the Senate Committee said.

In the reporting requirements that it imposed on NSA, the Senate Appropriations Committee notably went beyond what was required by the Senate or House Intelligence Committees.

The Appropriations Committee also directed NSA to submit additional reports on the total number of records acquired and reviewed by NSA in its bulk telephone metadata program over the past five years, and an estimate of the number of records of U.S. persons that have been acquired and reviewed in the telephone metadata program.

Another unclassified report is required to provide “a list of terrorist activities that were disrupted, in whole or in part, with the aid of information obtained through NSA’s telephone metadata program.”

A January 2014 report of the Privacy and Civil Liberties Oversight Board found that the Section 215 telephone metadata program had “minimal value in protecting the nation from terrorism.”

“We are aware of no instance in which the program directly contributed to the discovery of a previously unknown terrorist plot or the disruption of a terrorist attack,” the PCLOB report said.

In contrast to the Section 215 bulk telephone metadata program, the PCLOB said in a report this month that the Section 702 program to collect the communications of targeted non-U.S. persons abroad “has proven valuable in a number of ways to the government’s efforts to combat terrorism,” and that it had enabled the government to “discover previously unknown terrorist operatives and disrupt specific terrorist plots.”

The Board cautioned, however, that the 702 program “may allow a substantial amount of private information about U.S. persons to be acquired by the government, examined by its personnel, and used in ways that may have a negative impact on those persons.”

An estimate of the amount of such U.S. person information collected under the Section 702 program was not specifically required by the Senate Appropriations Committee.

Update: Identical reporting language was included by the Senate Appropriations Committee last year in its report on the FY2014 Defense Appropriations bill (h/t @byersalex), yet the required NSA reports were not produced.

At Emptywheel, Marcy Wheeler questions the utility of the proposed reports, particularly since the Senate Committee language lacks a clear, unambiguous definition of “bulk collection.”