Thursday, January 7, 2010

7 1/2 years later, more of the same intelligence failures

Note: This post takes a more in-depth look into a single document than I'd normally care to do, but I feel the way I've done it is the only way to make the conclusions clear.

"Information systems contribute to every aspect of homeland security. Although American information technology is the most advanced in the world, our country's information systems have not adequately supported the homeland security mission. Databases used for federal law enforcement, immigration, intelligence, public health surveillance, and emergency management have not been connected in ways that allow us to comprehend where information gaps or redundancies exist. . . . To secure the homeland better, we must link the vast amounts of knowledge residing within each government agency while ensuring adequate privacy."

(From the first National Strategy for Homeland Security, released in July 2002. This document was commissioned by President Bush, and prepared by the Office of Homeland Security. That November, OHS was expanded into the Department of Homeland Security; one of its primary objectives was to fix the problems described above.)

Fast-forward 7 and a half years. The White House today released a preliminary analysis of the systemic failures that allowed for the failed Christmas day terrorist attack. It starts off like this:

"Though all of [the information needed to recognize the plot] was available to all-source analysts at the CIA and the NCTC prior to the attempted attack, the dots were never connected, and as a result, the problem appears to be more about a component failure to "connect the dots," rather than a lack of information sharing."

The point the review is trying to make here is that the systemic failures this time were different than the ones that led to 9-11, and later to the creation of the DHS. However, the following can be found later in the review:

"No single component of the CT [counter-terrorism] community assumed responsibility for the threat reporting and followed it through by ensuring that all necessary steps were taken to disrupt the threat. This argues that a process is needed to track terrorist threat reporting to ensure that departments and agencies are held accountable for running down all leads associated with high visibility and high priority plotting efforts, in particular against the U.S. Homeland."

In other words, everyone in the counter-terrorism community assumed someone else would handle it. Sounds to me like a failure of communication, of precisely the sort that the DHS was made to prevent.

This can be seen more clearly later in the review, when it gets into questions about the terrorist watch lists, saying that "Although Umar Farouk Abdulmutallab was included in the Terrorist Identities Datamart Environment (TIDE), the failure to include Mr. Abdulmutallab in a watchlist is part of the overall systemic failure." The watchlisting process is described in the review as follows: First, the NCTC "consolidates all information on known and suspected international terrorists in the Terrorist Identities Datamart Environment. NCTC then makes this data available to the FBI-led Terrorist Screening Center (TSC), which reviews nominations for inclusion in the master watchlist called the Terrorist Screening Database (TSDB)."

This is the process that was used in considering whether Abdulmutallab should be placed on the watchlist. However, according to the review, "Hindsight suggests that the evaluation by watchlisting personnel of the information contained in the State cable nominating Mr. Abdulmutallab did not meet the minimum derogatory standard to watchlist. Watchlisting would have required all of the available information to be fused so that the derogatory information would have been sufficient . . . Watchlist personnel had access to additional derogatory information in databases that could have been connected to Mr. Abdulmutallab, but that access did not result in them uncovering the biographic information that would have been necessary for placement on the watchlist." (emphasis mine)

A bit of extra research led me to an audit of the FBI's watchlist nomination practices released in May 2009, which found, among other things, that "initial watchlist nominations created by FBI field offices often contained inaccuracies or were incomplete, leading to delays in the inclusion of known or suspected terrorists on the watchlist."

So, it seems the complete picture on the watchlist question is something like this: All the information necessary to secure a place on the watchlist for Abdulmutallab was available in intelligence databases. However, the nomination for his consideration (likely drawn up by someone at the FBI) did not include enough information to get him on the list. Those who reviewed the nomination likely assumed that it had all the pertinent information, and they found that it wasn't enough to put Abdulmutallab on the watchlist. Furthermore, this precise sort of problem has been recognized at least since last May, but the gap has not been fixed. The administration's review tries to confuse the issue and make it about individual failures to "connect the dots", but a careful analysis makes it clear that this is precisely the sort of communication problem that the DHS was supposed to make a thing of the past. The intelligence was there, but communication was so poor that nobody involved seemed to have known whose job it was to analyze it more thoroughly - those who drew up the nomination, or those who reviewed it.

The review itself even seems to concede that it's talking about the same old intelligence problems. In the very next paragraph, it states that while Abdulmutallab had a U.S. visa, revocation of it "would have only occurred if there had been a successful integration of intelligence by the CT community, resulting in his being watchlisted." If "the CT community" failed to integrate intelligence, why try to frame the issue as failures of individual components?

The fact that many people within the CT community had access to databases with the information necessary for decisive action is commendable, but ultimately irrelevant. There was, nevertheless, a remarkable failure to communicate. There's a big difference between making a massive database of mostly useless information available to several agencies, and effective communication between those agencies regarding which pieces of that information are most relevant, and who has the responsibility for connecting each of the dots. For instance, if the concerns of the terrorist's own father that he was planning something of the sort had been communicated with the sort of priority any rational person would place on them, it's hard to imagine it wouldn't have shown up in the watchlist nomination, and even harder to imagine that it wouldn't be enough to get him on the watchlist.

People sometimes make mistakes. Systems sometimes fail. The men and women of the counter-terrorism community cannot be expected to be perfect. But the last thing they or any other American needs is an administration that passes off the same old failures that clearly ought to have been more thoroughly addressed in the past, as something completely different. This was a failure of inter-agency communication and cooperation, and must be discussed as such if anything good is to come of the intelligence review.

Update (1-8-10): It turns out the watchlist nomination was made by the U.S. embassy in Nigeria, after CIA officers there spoke with the suspect's father. However, the nomination seemed to suffer from the same problems detailed in the FBI audit, so the same point still stands.

Sources (all PDF files):

National Strategy for Homeland Security, Office of Homeland Security, July 2002

Summary of the White House Review of the December 25, 2009 Attempted Terrorist Attack

The Federal Bureau of Investigation's Terrorist Watchlist Nomination Practices; U.S. Department of Justice, Office of the Inspector General, Audit Division; May 2009