Growing Data Collection Inspires Openness at NGA

A flood of information from the ongoing proliferation of space-based sensors and ground-based data collection devices is promoting a new era of transparency in at least one corner of the U.S. intelligence community.

The “explosion” of geospatial information “makes geospatial intelligence increasingly transparent because of the huge number and diversity of commercial and open sources of information,” said Robert Cardillo, director of the National Geospatial-Intelligence Agency (NGA), in a speech last month.

Hundreds of small satellites are expected to be launched within the next three years — what Mr. Cardillo called a “darkening of the skies” — and they will provide continuous, commercially available coverage of the entire Earth’s surface.

“The challenges of taking advantage of all of that data are daunting for all of us,” Mr. Cardillo said.

Meanwhile, the emerging “Internet of Things” is “spreading rapidly as more people carry more handheld devices to more places” generating an abundance of geolocation data.

This is, of course, a matter of intelligence interest since “Every local, regional, and global challenge — violent extremism in the Middle East and Africa, Russian aggression, the rise of China, Iranian and North Korean nuclear weapons, cyber security, energy resources, and many more — has geolocation at its heart.”

Consequently, “We must open up GEOINT far more toward the unclassified world,” Director Cardillo said in another speech last week.

“In the past, we have excelled in our closed system. We enjoyed a monopoly on sources and methods. That monopoly has long since ended. Today and in the future, we must thrive and excel in the open.”

So far, NGA has already distinguished itself in the area of disaster relief, Mr. Cardillo said.

“Consider Team NGA’s response to the Ebola crisis. We are the first intelligence agency to create a World Wide Web site with access to our relevant unclassified content. It is open to everyone — no passwords, no closed groups.”

NGA provided “more than a terabyte of up-to-date commercial imagery.”

“You can imagine how important it is for the Liberian government to have accurate maps of the areas hardest hit by the Ebola epidemic as well as the medical and transportation infrastructure to combat the disease,” Mr. Cardillo said.

But there are caveats. Just because information is unclassified does not mean that it is freely available.

“Although 99 percent of all of our Ebola data is unclassified, most of that is restricted by our agreements [with commercial providers],” Mr. Cardillo said. “We are negotiating with many sources to release more data.”

Last week, Director Cardillo announced a new project called GEOINT Pathfinder that will attempt “to answer key intelligence questions using only unclassified data.”

When it comes to transparency, the Office of the Director of National Intelligencerecently expressed the view that the U.S. intelligence community should make “information publicly available in a manner that enhances public understanding of intelligence activities, while continuing to protect information when disclosure would harm national security.”

But some intelligence agencies have chosen a different path.

At the CIA, for example, public access to unclassified translations and analytical products of the Open Source Center was abruptly terminated at the end of 2013. Such materials from the OSC and its predecessor, the Foreign Broadcast Information Service, had provided invaluable support to generations of scholars, students, and foreign policy specialists. But that is no longer the case.

New DNI Guidance on Polygraph Testing Against Leaks

Updated below

Director of National Intelligence James R. Clapper issued guidance this month on polygraph testing for screening of intelligence community personnel. His instructions give particular emphasis to the use of the polygraph for combating unauthorized disclosures of classified information.

Counterintelligence scope polygraph examinations “shall cover the topics of espionage, sabotage, terrorism, unauthorized disclosure or removal of classified information (including to the media), unauthorized or unreported foreign contacts, and deliberate damage to or misuse of U.S. Government information systems or defense systems,” the guidance states.

Such examinations “shall specifically include the issue of unauthorized disclosures of classified information during pre-examination explanations by incorporating a definition that explicitly states that an unauthorized disclosure means unauthorized communication or physical transfer of classified information to an unauthorized recipient.”

The polygraph administrator is further instructed to explain that an unauthorized recipient is any person without an appropriate clearance or need to know, “including any member of the media.”

See Conduct of Polygraph Examinations for Personnel Security Vetting, Intelligence Community Policy Guidance 704.6, February 4, 2015.

The use of polygraph testing to combat leaks has been a recurring theme in security policy for decades. Yet somehow neither leaks nor polygraph tests have gone away.

President Reagan once issued a directive (NSDD 84) to require all government employees to submit polygraph testing as an anti-leak measure.

In response, Secretary of State George P. Shultz famously declared in 1985 that he would quit his job rather than take the test. “The minute in this government I am told that I’m not trusted is the day that I leave,” Shultz told reporters.

Having forthrightly declared his position, Secretary Shultz was never compelled to undergo the polygraph test or to resign. “Management through fear and intimidation,” he said in 1989, “is not the way to promote honesty and protect security.”

From another perspective, the problem with polygraph testing has nothing to do with intimidation but with accuracy and reliability. There is at least a small subset of people who seem unable to “pass” a polygraph exam for reasons that neither they nor their examiners can discern. And there are others, such as the CIA officer and Soviet spy Aldrich Ames, who have been able to pass the polygraph test while in the espionage service of a foreign government.

Update: The polygraph provisions of NSDD 84 were quietly modified in 1984 and were never implemented.

Leaks Damaged U.S. Intelligence, Official Says

Unauthorized disclosures of classified information by Edward Snowden have damaged U.S. intelligence capabilities, National Counterterrorism Center director Nicholas J. Rasmussen told Congress last week.

“Due to the Snowden leaks and other disclosures, terrorists also have a great understanding of how we seek to conduct surveillance including our methods, our tactics and the scope and scale of our efforts. They’ve altered the ways in which they communicate and this has led to a decrease in collection,” Mr. Rasmussen said at a February 12 hearing of the Senate Select Committee on Intelligence.

“We have specific examples which I believe we have shared with the committee and the committee staff in classified session — specific examples of terrorists who have adopted greater security measures such as using various new types of encryption, terrorists who have dropped or changed email addresses, and terrorists who have simply stopped communicating in ways they had before, in part because they understand how we collected,” he said.

This is not terribly persuasive, particularly since Mr. Rasmussen did not specify which leaks resulted in which changes by which terrorists at what cost to U.S. security. Nor is a public statement by an intelligence official before the Senate Intelligence Committee entitled any longer to a presumption of accuracy since the Committee permits errors to stand uncorrected.

Nevertheless, it seems plausible that leaks which had the power to galvanize public debate over the scope of intelligence surveillance might also have had the power to undermine existing collection capabilities, including collection for valid and necessary purposes.

For some of Edward Snowden’s partisans and supporters, however, the possibility that his leaks had negative as well as positive consequences involves more complexity than they can tolerate. If Snowden intended to defend constitutional values, as he insists, then how dare anyone suggest that he may have also aided America’s enemies, even indirectly?

This sort of complexity does not arise in Laura Poitras’s award-winning film Citizenfour about Snowden, as its few critical reviewers have noted.

Many of the documents Snowden disclosed “go far beyond exposures of spying on Americans,” wrote Fred Kaplan in a review of the film in Slate. “If Snowden and company wanted to take down an intelligence agency, they should say so. But that has nothing to do with whistleblowing or constitutional rights.”

Likewise, wrote George Packer in The New Yorker, “Among the leaked documents are details of foreign-intelligence gathering that do not fall under the heading of unlawful threats to American democracy–what Snowden described as his only concern. [Former NSA official William] Binney, generally a fervent Snowden supporter, told USA Today that Snowden’s references to ‘hacking into China’ went too far: ‘So he is transitioning from whistle-blower to a traitor’.”

And from Michael Cohen in The Daily Beast: “What is left out of Poitras’s highly sympathetic portrayal of Snowden is so much of what we still don’t know about him. For example, why did he steal so many documents that have nothing to do with domestic surveillance but rather overseas–and legal–intelligence-gathering operations?”

But for a discussion of Citizenfour that presents no such dissonant, skeptical notes or troublesome opposing views, see the late David Carr’s final interview with Snowden, Poitras and Glenn Greenwald.

“How’d you like the movie?” Mr. Carr asked Snowden. “It’s incredible,” Mr. Snowden affirmed. “I don’t think there’s any film like it.”

DNI Issues Directive on “Critical Information”

The Director of National Intelligence last week issued a new directive on “critical information,” also denominated “CRITIC,” which refers to national security information of the utmost urgency.

“Critical information is information concerning possible threats to U.S. national security that are so significant that they require the immediate attention of the President and the National Security Council,” the directive explains.

“Critical information includes the decisions, intentions, or actions of foreign governments, organizations, or individuals that could imminently and materially jeopardize vital U.S. policy, economic, information system, critical infrastructure, cyberspace, or military interests.”

See “Critical Information (CRITIC),” Intelligence Community Directive 190, February 3, 2015.

Interestingly, any intelligence community official can designate information as “critical,” thereby hotlining it for Presidential attention. “Critical information may originate with any U.S. government official in the IC,” the DNI directive says.

Moreover, “CRITIC reporting may be based on either classified or unclassified information.” However, “CRITIC reporting should be based solely on unclassified information only if that information is unlikely to be readily available to the President and the National Security Council.”

The threshold for critical information is fairly high. It includes such things as a terrorist act against vital U.S. interests, the assassination or kidnapping of officials, a cyberspace attack that produces effects of national security significance, and so on.

Confusingly, the term critical information (CRITIC) is used differently in the Department of Defense.

According to the latest DoD Dictionary of Military Terms, “critical information” means “Specific facts about friendly intentions, capabilities, and activities needed by adversaries for them to plan and act effectively so as to guarantee failure or unacceptable consequences for friendly mission accomplishment. Also called CRITIC.”

US to Detainee: The Government “Regrets Any Hardship”

In an unusual gesture, the U.S. Government last week apologized to Abdullah al-Kidd, a U.S. citizen who was arrested in 2003 and detained as a material witness in connection with a terrorism-related case.

Mr. Al-Kidd, represented by American Civil Liberties Union attorney Lee Gelernt, challenged his detention as unconstitutional and inhumane. Now the case has been settled, with an official apology and a payment of $385,000.

“The government acknowledges that your arrest and detention as a witness was a difficult experience for you and regrets any hardship or disruption to your life that may have resulted from your arrest and detention,” wrote U.S. Attorney Wendy J. Olson in a January 15 letter.

This sort of admission of regret is rare. The government apologizes much less frequently than it perpetrates injuries that are inappropriate or unwarranted. So, for example, the recent Senate report on post-9/11 CIA interrogation practices noted that at least 26 individuals had been “wrongfully detained.” But legal attempts to recover damages are typically foreclosed by courts based on “separation of powers, national security, and the risk of interfering with military decisions.”

Why not apologize and compensate those who have been abused and mistreated, starting with those individuals who by all accounts are innocent of any wrongdoing? It would be the just and honorable thing to do, both for the intelligence community and for the country. And it would be most powerful (and most “therapeutic”) if the IC undertook this step at its own initiative, rather than waiting to be compelled by others.

“Personally I agree,” a senior U.S. intelligence community legal official said privately, “for the reasons you say and some others. [But] getting it done is a lot harder.”

And so it is. Even as it apologized to Abdullah al-Kidd, the U.S. Government insisted on a stipulation that the settlement of the case “is not, is in no way intended to be, and should not be construed as, an admission of liability or fault on the part of the United States.”

SSCI Wants Copies of Full Torture Report Returned

Updated below

There is a new sheriff in town. Is that the message that Senator Richard Burr, the new chair of the Senate Select Committee on Intelligence, is trying to send?

Senator Burr reportedly wrote to President Obama last week to ask that all copies of the classified 6,700 page Committee report on CIA interrogation practices be returned immediately to the Committee. While the redacted summary of the report has been publicly released and is even something of a bestseller for the Government Printing Office as well as a commercial publisher, the full report has not been made public. And Senator Burr seems determined to keep it that way.

Senator Burr’s letter was reported in C.I.A. Report Found Value of Brutal Interrogation Was Inflated by Mark Mazzetti, New York Times, January 20. (More: Washington Post, Huffington Post.)

Senator Dianne Feinstein, who chaired the Committee while the report was produced, scorned the request for its return.

“I strongly disagree that the administration should relinquish copies of the full committee study, which contains far more detailed records than the public executive summary. Doing so would limit the ability to learn lessons from this sad chapter in America’s history and omit from the record two years of work, including changes made to the committee’s 2012 report following extensive discussion with the CIA,” she said in a statement.

Among other things, the proposed return of the full report may be intended to prevent its potential future accessibility through the Freedom of Information Act, which does not apply to records in congressional custody.

But if so, this seems short-sighted and probably futile, given that all of the evidentiary material on which the report is based originated in the executive branch anyway. Moreover, the Committee report has spawned an entire literature of agency evaluations and responses (such as the so-called Panetta Review). That literature belongs to the agencies, and sooner or later it should be subject to public disclosure regardless of the fate of the SSCI report.

Update 1/22/15: Jason Leopold of VICE News has a thorough account of this episode to date here, including a copy of the letter from Senator Burr and a letter from Senator Feinstein in response.

“Insider Threat” Program Lags Behind Schedule

The government-wide effort to contain the threat to classified information and sensitive facilities from trusted insiders is falling behind schedule.

Currently, the anticipated achievement of an Initial Operating Capability for insider threat detection by January 2017 is “at risk,” according to a new quarterly progress report. Meanwhile, the date for achieving a Full Operating Capability cannot even be projected. See “Insider Threat and Security Clearance Reform, FY2014, Quarter 4.”

One aspect of the insider threat program is “continuous evaluation” (CE), which refers to the ongoing review of background information concerning cleared persons in order to ensure that they remain eligible for access to classified information and to provide prompt notice of any anomalous behavior.

The Office of the Director of National Intelligence was supposed to achieve “an initial CE capability for the most sensitive TS [Top Secret] and TS/SCI population” by December 2014.  The latest quarterly report on the Insider Threat program noted that this milestone is “at risk.” In fact, it was missed.

“We did not meet” the December 2014 milestone for an initial CE capability, confirmed ODNI spokesman Eugene Barlow, though he said that “we’ve made considerable progress” in the Insider Threat program overall.

Nor has a revised milestone date for the initial CE capability been set, he added. But “we continue to aggressively push forward” and the desired function will be rolled out over the next few years, he said.

The Department of Defense is “on track” to provide continuous evaluation of 225,000 agency personnel by the end of 2015, and to expand that number to 1 million employees by 2017, according to the quarterly report. Actual achievements in individual agencies are classified.

As a general matter, the Insider Threat program faces both technological and “cultural” obstacles.

The information technology structures that are in place at most executive branch agencies are not optimized to support continuous evaluation or related security policies. Adapting them to address the insider threat issue is challenging and resource-intensive. Nor are agency policies and practices consistent across the government or equally hospitable to security concerns.

But it’s worth noting that the uneven performance described in the quarterly report reflects a degree of public candor that is unusual in security policy.  Instead of presenting assurances that everything is fine in the Insider Threat program, the report acknowledges that some things are not fine and will not be fine for an unspecified time. That is refreshing and even, in its straightforward approach to the issue, somewhat encouraging.

IC Inspector General Finds No Overclassification

“We do overclassify,” Director of National Intelligence James R. Clapper, admitted at his 2010 confirmation hearing. It’s a theme he has reiterated on a number of occasions on which he has spoken of the need for increased transparency in intelligence.

So it comes as a surprise and a disappointment that a new study of the subject from the Intelligence Community Inspector General failed to identify a single case of unnecessary or inappropriate classification.

“IC IG found no instances where classification was used to conceal violation of law, inefficiency, or administrative error; prevent embarrassment to a person, organization, or agency; restrain competition; or prevent or delay the release of information not requiring protection in the interest of national security,” the December 2014 report said.

When it comes to overclassification, ODNI is far from the worst offender. But the IC IG report purports to address classification trends across the intelligence community. And its conclusions are hard to reconcile with the public record, to say the least.

Thus, at the same time that the Inspector General was finding no use of classification to prevent or delay the release of information not requiring protection, the release of the Senate Intelligence Committee report on CIA interrogation practices was being hamstrung and delayed for months or years by dubious, inconsistent classification claims.

“Members of the Committee have found the declassification process to be slow and disjointed, even for information that Congress has identified as being of high public interest,” Sen. Dianne Feinstein wrote to the President last month.

Today the New York Times reported on a 2012 report on intelligence surveillance practices that had been withheld in its entirety until it was partially released in response to a lawsuit brought by the Times. Numerous other examples of the misapplication of classification authority could be cited. Yet all of them were somehow missed or ignored by the IC Inspector General.

Meanwhile, some senior officials in the intelligence community are rethinking current classification practices and policies because they have concluded, contrary to the thrust of the new IG report, that the status quo is unsatisfactory.

“Going forward, I believe that the Intelligence Community is going to need to be much more forward-leaning in what we tell the American people about what we do,” said ODNI General Counsel Robert S. Litt in a public speech last year. “We need to scrutinize more closely what truly needs to be classified in order to protect what needs to be protected.”

IC Inspector General Oversees the Intelligence Community

Updated below

The Intelligence Community Inspector General (IC IG) received a tip last year that the Intelligence Community might have assembled a database containing US person data in violation of law and policy.

“A civilian employee with the Army Intelligence and Security Command made an IC IG Hotline complaint alleging an interagency data repository, believed to be comprised of numerous intelligence and non-intelligence sources, improperly included U.S. person data,” the IC IG wrote. “The complainant also reported he conducted potentially improper searches of the data repository to verify the presence of U.S. persons data. We are researching this claim.”

The resolution of that complaint concerning improper collection of U.S. person data was not disclosed. But the IC IG evidently found it credible enough to justify a rare report to the White House Intelligence Oversight Board (IOB).

Update, 12/04/14: The IC IG said it did not corroborate the complaint. “We researched this allegation to determine whether the data repository was operating with sufficient internal controls to provide reasonable assurance that the collection, retention and dissemination of information complied with applicable laws, executive orders, policies, and regulations. We reached a preliminary conclusion that this was the case and thus had no basis for further review.” The case was closed on June 4, 2014.

The report to the IOB was noted in the IC Inspector General’s Semi-Annual report for October 2013 to March 2014 that was released this week (in redacted form) under the Freedom of Information Act.

The IC Inspector General, I. Charles McCullough III, has oversight responsibility both for the Office of the Director of National Intelligence (ODNI) and for the Intelligence Community as a whole (but not for its individual member agencies). In addition to monitoring compliance with the law, the IC IG deals with a broad range of administrative, budgetary and personnel issues, several of which are described in the new report.

So, for example, “[An intelligence] contractor misconduct investigation substantiated that a contractor employee routinely misused government equipment and systems to engage in inappropriate and prurient Internet chat over an extended period of time.”

Judging from the Semi-Annual Reports, the IG is also capable of challenging senior ODNI leadership when there is cause to do so.

“An ODNI Senior Official engaged in conduct unbecoming a federal employee while on TDY [temporary duty] conducting official ODNI business,” according to the Semi-Annual Report for March-September 2013, which was also released this week.

“The Senior Official exhibited poor personal judgment that created circumstances which reflected poorly on the ODNI and potentially impaired his ability to perform his duties,” the IG report said. The case was referred to the ODNI Chief Management Officer, but further details such as the identity of the Senior Official were not divulged.

In the concentric circles of U.S. intelligence oversight, Inspectors General are close to the center — receiving allegations, interviewing witnesses, formulating responses, and taking appropriate action.

Though heavily redacted, the new Semi-Annual Reports include multiple points of interest, including these:

**    During the six-month period ending in March 2014, the IC IG processed 5 whistleblower complaints of waste, fraud or abuse, 3 “urgent concern” complaints, 2 requests for external review under the provisions of Presidential Policy Directive 19, and 1 whistleblower reprisal complaint. The outcomes of these cases were not described.

**    During the six-month period ending September 2013, the IC IG investigated two cases of unauthorized disclosures, neither of which was substantiated. There were no such investigations in the following six-month period.

**    “ODNI does not have a policy or process for notifying CIA Covert Capabilities Center when an employee or detailee separates from ODNI or is reassigned,” the IC IG reported. The CIA “Covert Capabilities Center” is not a familiar entity.

**    “An adverse work environment exists” in the IC Equal Employment Opportunity and Diversity Office.

**    In the six-month period ending last March, the IC IG complaint hotline “received 135 contacts, 48 internal contacts and 87 external contacts from the general public. ”

**    And while most ODNI and IC employees are directed to have no contacts with the media without prior authorization, the IC Inspector General made special arrangements for himself and his staff:  “We worked with PAO [ODNI Public Affairs Office] so they understood the need for the IC IG to work independently with media contacts to preserve IC IG objectivity and independence.”

In a four-part series this week, the Washington Examiner reported allegations that some agency Inspectors General are improperly subservient to, and protective of, their agency leadership.

Air Force Intelligence: No Human Experimentation Here

In the United States Air Force, “intelligence components do not engage in experimentation involving human subjects for intelligence purposes.”

That unsolicited assurance was reiterated in the latest revision of Air Force Instruction 14-104, Oversight of Intelligence Activities, November 5, 2014.

“For purposes of this instruction, the term ‘human subjects’ includes any person, whether or not such person is a US person. No prisoners of war, civilian internees, retained, and detained personnel as covered under the Geneva Conventions of 1949 may be the subjects of human experimentation.”

The Instruction also addressed domestic imagery collection, reporting of “questionable intelligence activities,” and other topics.