Report of the Joint Inquiry Into the Terrorist Attacks of September 11, 2001, by the House Permanent Select Committee on Intelligence and the Senate Select Committee on Intelligence, 2/02, at American Buddha Online Library

REPORT OF THE JOINT INQUIRY INTO THE TERRORIST ATTACKS OF SEPTEMBER 11, 2001

Reflecting on his time as DCI, Judge Webster explained that "[o]ccasionally I would issue something that looked nominally like an instruction, it was mostly hoping with a lot of groundwork behind it. ..something would come of it." If the head of national intelligence were placed at the White House "without troops," Judge Webster argued, "it's difficult for me to see how it would be truly effective."

Former CIA Inspector General Fred Hitz agreed with Judge Webster, describing the Secretary of Defense as an "800-pound gorilla" that the DCI has never been able to wrestle to the ground because of the Secretary's responsibility and command authority for defense intelligence agencies. Mr. Hitz recommended "realistic" proposals giving the DCI "a kibitzing power over selection of Director of NSA and more collaborative powers with the Secretary of Defense."

Former Congressman Hamilton responded that the Director of National Intelligence should have "real authority and real personnel authority": "I wouldn't put him in the White House, as Judge Webster is suggesting [1 would]." General Odom argued that the DNI "has to take some organizational capability with him -he can't just stand out there in an office and be a czar over in the White House." He should have an expanded National Intelligence Council as a reinforcement which together with the DCI's Community management staff give him "a pretty good organizational base." As for limiting change to strengthening the existing DCl position, Congressman Hamilton asserted:

We're in a new world, and we have to begin to think of ways to structure this. I have heard the argument about strengthening the DCI for 35 years. ...It's a move in the right direction. But I don't think it gets us into the new era we're in.

E. Counterterrorism within the U.S and Creation of a Domestic Intelligence Agency

The witnesses addressed the organizational and other challenges to the effective conduct of counterterrorism operations in the United States. To Congressman Hamilton, the CIA and FBI must "fundamentally alter" policies and practices: "The FBI, with its new emphasis on prevention, will have to focus more on counter-terrorism, and the CIA will have to trace international leads to the homeland." Indeed, "the threat of terrorism is going to require an unprecedented overlap between intelligence and law enforcement." Although Congressman Hamilton favored

349

restructuring the Intelligence Community so that "resources can be coordinated and agencies aid, not obstruct one another," he did not recommend a new organization to conduct counterterrorism domestically:

I don't think it's a statutory solution, a legislative solution. ...Most important, the two agencies will have to share information and work together to infiltrate, disrupt and destroy terrorist cells...If the shortcomings leading up to 9/11 were systemic in nature, the solution lies in better system management, the handling and analysis of vast amounts of information, and the distribution in a timely manner of the key conclusions to the right people.

[Page 368]

Congressman Hamilton urged recognition of the fact that CIA and FBI have "for a very long period" done their jobs "quite well" and they are now "suddenly confronted with a new world." The decision to transform FBI priorities from law enforcement to prevention is a "huge change," and we cannot expect the Bureau "to turn around on a dime." Rather than new legislation, change "takes leadership, it takes oversight."

In contrast, General Odom argued for a major change in the organization of U.S. counterintelligence and counterterrorism. Counterintelligence, he urged, "is in the worst shape of all." Five agencies have counterintelligence operations -FBI, CIA, and three military services - "with no overall manager." As a consequence, "[t]he parochialism, fragmentation, and incompetence are difficult to exaggerate in the U.S. counterintelligence world." Fragmentation and lack of skills ensures "dismal performance" because "terrorists, like spies, come through openings."

General Odom recommended that the "first step" is "to take [counterintelligence] responsibility out of the FBI, leaving the Bureau with its law enforcement responsibilities, and create a National Counterintelligence Service under the DCI with operational oversight over the [counterintelligence] operations of the CIA and the three military departments in the Pentagon." The new organization would not be given arrest authority, which would remain with the FBI and other law enforcement organizations: "The FBI might be the agency to use [intelligence] to go make arrests and provide the evidence for prosecutions, but the business of locating spies, finding out what they're doing, understanding patentable collection, terrorist infiltrations, et cetera, can be primarily an intelligence operation."

350

Judge Webster did not "warm to the idea of separating counterterrorism from the FBI." He responded to proposals for a separate domestic intelligence service modeled after England's MI-5 service:

We're not England. We're not 500 miles across our territory. We have thousands of miles to cover. Would you propose to create an organization that had people all over the United States, as the FBI does?

[Page 369]

The Congress, Judge Webster argued, would "never vote the resources to have a second FBI throughout the country." It is better, then, "to use what we have and train them to be more responsive." Rather than spending time "moving the boxes around," Judge Webster recommended that Congress look to those areas in the system which need to be shored up with appropriate resources and training." The "crucial" example, he testified, was the FBI's twelve year-old information system, that "the FBI has been trying to get help with for years, and has not succeeded." Judge Webster also called for "new sets of relationships between CIA, which has been functioning largely abroad, until more recently, with the FBI's participation and expanded legal attache relationships, and the law enforcement responsibilities of dealing with the threat here":

More than any other kind of threat, there is an interrelationship between law enforcement and intelligence in dealing with the problem of terrorism ...We need both investigative capability and intelligence collection capability, as well as those who go through the bits and pieces and fill in the dots.

Senator Rudman maintained that creation of a British-styled MI-5 domestic intelligence service would not solve the problems we face: "You have got enormous domestic collection capability in the FBI, assuming it is focused in the right direction." He concluded that the Intelligence Community could enhance its campaign against terrorism by adopting measures designed to share and cooperate amongst its members:

[T]he more jointness that you have between these agencies, the more they work in joint counterterrorism centers, the more their information databases become common, the more there is constant daily, hourly cooperation between them, the more the NSA is brought in by statute, if necessary, to supplying the FBI with domestic counterterrorism information, then you will do the improvement you need.

Senator Rudman spoke forcefully against proposals for a new counterterrorism organization:

I do not believe we need new structures or new systems. We may need different kinds of people, we may need different kinds of technology, but I don't think

351

[page 370] there is anything wrong with the systems. I think there is a lot wrong with how they have been used over the last ten years.

Senator Rudman did not believe that a law-enforcement culture makes it impossible for the Bureau to be an effective intelligence- gathering agency, an issue he has also addressed as chairman of the President's Foreign Intelligence Advisory Board. "The best domestic intelligence-gathering organization...on the ground today is the FBI," although the Senator agreed that "[t]he problem is that they have had a law enforcement mind-set." In spite of that problem, the Bureau has 56 field offices and 44 offices overseas, and, therefore, "it is not a question of trying to get a new agency to do the domestic intelligence, counterintelligence; it is a question of [getting] the resources" necessary for the task.

Following the Joint Inquiry hearings, the Commission that Governor Gilmore chairs on assessing domestic response capabilities against terrorism, released recommendations in advance of its fourth annual report in December 2002. The Commission recommended establishment of a National Counter Terrorism Center (NCTC), a "stand-alone organization" headed by a Senate confirmed, presidential appointee, "responsible for the fusion of intelligence, from all sources, foreign and domestic, on potential terrorist attacks inside the United States." The Commission also recommended that "collection of intelligence ...on international terrorist activities inside the United States, including the authorities, responsibilities and safeguards under the Foreign Intelligence Surveillance Act, which are currently in the FBI, be transferred to the NCTC" for two reasons: First, "while the FBI remains the world's preeminent law enforcement agency, there is a big difference between dealing with a terrorist act as a crime to be punished and dealing with it as an attack to be prevented." Second, "it is important to separate the intelligence function from the law enforcement function to avoid the impression that the U.S. is establishing a kind of "secret police."' The proposed NCTC would not have arrest authority.

Governor Gilmore's preference is "to maintain these [domestic intelligence] functions within the FBI and to build upon [its] considerable structures, sources and resources to upgrade and improve these functions." Nevertheless, he said he would support the Commission's recommendation, given the oversight provisions and legal restrictions described in the Commission's preliminary report to ensure that our civil liberties are not diminished. Another Commission member disagreed with the [Page 371] recommendation, however, asserting in

352

dissent that "[t]he FBI culture as a law enforcement agency provides a backdrop and check and balance against any abuse of civil liberties."

F. A Legislative Charter for the Intelligence Community

Beyond streamlining the Intelligence Community by, for example, enacting legislation to create a new Director of National Intelligence, Congressman Hamilton urged the enactment of a "legislative charter" for the Community, a task he knew from personal experience would be difficult to accomplish:

U.S. intelligence is governed by a set of disparate laws and executive orders produced over the last fifty-five years. No single one of these laws provides a comprehensive legal foundation for our massive intelligence establishment. This is a remarkable state of affairs in a country that takes the rule of law so seriously.

In short, the Congressman testified, "[w]e need a statutory foundation for U.S. intelligence."

G. Respect for the Rule of Law

Notwithstanding differences on particular proposals, many witnesses joined in the conviction Congressman Hamilton voiced that "[r]eforms in the Intelligence Community must not come at expense of the rule of law and respect for civil liberties." As Judge Webster put it: "I hope that in the rush to judgment, we will remember who we are and [that] the methods we choose, both for intelligence and for law enforcement, will be consistent with who we are in this country." Congressman Hamilton described the challenges ahead: "Intelligence work requires that our government obtain information, and obtaining that information requires surveillance of people who have committed no crime --the challenge is to facilitate information-gathering about suspicious people, while insulating legitimate personal and political activity from intrusive scrutiny."

Congressman Hamilton also stressed that responsibility for protecting basic rights lies in several places:

It's very easy to overlook these matters of privacy and civil rights --it has to come from the top of the agency. It has to be protected by the courts. The United

353

[page 372] States Congress, the intelligence committees, have to be sensitive to the manner in which intelligence activities are carried out, and they have to zero in on civil rights and liberties.

Judge Webster added that ensuring that investigatory tools are used in accordance with the law is "an important role for the Department of Justice," and, therefore, he is opposed to law enforcement "go[ing] outside the Department of Justice at the federal level by giving it to people who are not trained and do not understand the requirements that the Constitution and our laws impose on them."

General Odom asserted that "[t]he [Congressional] committees that did the investigation [of the Intelligence Community] in the 1970s did a great service in implementing the system that they have at NSA now, ensuring that rights are not violated":

Congress should get credit for that. And as the director of the agency I felt better for having this. I felt that I could be certain that my bureaucracy was not going to run away and violate these kind of rights. And it was a thoughtfully done process that created that system in the 1970s.

Finally, General Odom emphasized the importance of accountability:

In the military, we have a tradition. When you screw things up, we relieve the commander, which leaves me puzzled about the behavior of the Administration in the intelligence area. I consider intelligence...a military engagement, and I would hold the commanders as responsible as I would ship commanders who run their ships aground. They don't stay around after they've run them aground, even if they are not very guilty.

X. Information Sharing

Before September 11, 2001, the Intelligence Community had not melded into an effective team to prevent terrorist attacks within the United States. Efforts had been taken to improve cooperation between the CIA and FBI. After the DCI created the CTC in 1986, for instance, CIA and FBI cross-detailed personnel to each other's counterterrorism units, but this did not lead to a plan between those two agencies or across the Community to integrate intelligence collection and analysis. In the absence of a plan, agencies tended to operate independently.

[Page 373]

354

Prior to September 11, information was inadequately shared not only within the Intelligence Community, but also between the Community, other federal agencies, and state and local authorities. In sum, the Joint Inquiry discovered significant problems in how intelligence agencies shared information among themselves and with entities that need information to protect the nation against terrorist attack.

A. Information Sharing between Intelligence Agencies and within the Federal Government

In closed and open hearings witnesses from both the intelligence and law enforcement communities spoke of the need to share information. As the Comptroller General put it in a statement submitted for the Joint Inquiry record, "The success of a homeland security strategy relies on the ability of all levels of government and the private sector to communicate and cooperate effectively with one another."

a. National Security Agency

NSA intercepts well over [ ] communications each day, which it uses to create reports for dissemination to components of the Executive Branch that have expressed requirements for certain information. The growth of global communications and computer networks has significantly increased the volume of communications NSA can intercept. One of the major challenges the agency faces is to find information buried in the avalanche of electronic data it receives every day. In deciding which communications [ ] to target, which [ ] to monitor [ ], and which communications to select [ ], NSA tries to maximize its exploitation capability, including its linguistic and analytic workforce.

[The effort to find and report the most useful information results in decisions at every step in the exploitation process that leave information behind, unanalyzed and unreported. Thus, potentially vital information is rejected before analysts see it, or, if it reaches an analyst, it is not reported to customers. For example, NSA informed the Joint Inquiry that it reported some but not all communications analyzed in 1999 and the first half of 2000 involving a [page 374suspected terrorist facility in the Middle East linked to al-Qa'ida activities directed against U.S. interests. NSA did not publish other communications involving this facility and as.5ociated with a participant

355

in a January 2000 meeting in Malaysia, hijacker Khalid al-Mihdhar. As was explained in the section of this report devoted to that meeting, these communications fell below NSA 's reporting threshold].

NSA officials described the threshold as a subjective standard that can change every day. It is a product of several factors including the priority of the intelligence topic (for example, threat warnings have the highest priority), the level of customer interest in a particular subject, the perceived value of the information, and the amount of intercept available for analysis and reporting. In short, analysts have considerable discretion in reporting information, especially when it is fragmentary or obscure.

A major concern of NSA customers is that this winnowing process is not sufficiently well informed to avoid leaving potentially vital but seemingly irrelevant information on the "cutting room floor," particularly with regard to targets like al-Qa'ida where the smallest piece of information may fill in the mosaic of the organization and its plans. To make well-informed decisions about what to report, NSA needs detailed knowledge about how raw intercept data might respond to customer needs. NSA deploys many analysts to customer agencies to understand their needs and help them shape NSA reports. This is an important, but not complete solution to the problem.

NSA officials complained to the Joint Inquiry that its customers rarely reciprocate by assigning analysts to NSA to access its information, including raw intercepts. An NSA counterterrorism supervisor noted that the productivity of NSA analysts was substantially increased when a CIA analyst with access to Directorate of Operations cables was detailed to NSA.

NSA officials are concerned about sharing raw intercepts in large part because some intercepts contain information about "U.S. persons" that NSA must protect under "minimization procedures" established by the Attorney General and the Foreign Intelligence Surveillance Court. It is not practical to review all raw traffic to strip off this information, and minimized [page 375]

356

information might not have the same value as original text. NSA officials also cited concerns about protecting sources and methods that produced the data and the difficulties in separating content from information about them.

b. The Central Intelligence Agency

CIA personnel also make decisions about sharing information, particularly with regard to [ ] cables that contain vital information about ClA activities.

[NSA has told the Joint Inquiry that regular access to [ --] cables would enhance its understanding of material it intercepts and increase the productivity of its analytic workforce. The Director of the Defense Intelligence Agency expressed particular concern about cables relating to the Malaysia meeting. Joint Inquiry staff identified numerous CIA [-] cables concerning that meeting that contained information of value to all-source analysts. In response to a Joint Inquiry request, DIA identified four leads its terrorism analysts could have pursued in early 2000 and one in December 2000, had information been shared. DIA also identified three leads in [CIA] cables in August 2001 that would have allowed it to take action concerning the Malaysian meeting, Zacarias Moussaoui, Khalid al-Mihdhar, and Nawafal-Hazmi].

[CIA is concerned that access to cables would place its sources and methods at risk because cables contain information about activities, including meetings with human assets. Most analytic personnel recognize this concern and profess not to want operational details or information about sources and methods. These analysts see information of potential significance, embedded in the raw data. The CIA, they believe, filters out many intelligence "nuggets" before analysts receive the information. The agency has itself recognized the value of this data by integrating its counterterrorism analysts into the CTC where they are supposed to have full access to raw traffic].

[Page 376]

c. The Federal Bureau Of Investigation

The FBI collects vast amounts of information from both criminal and intelligence investigations, including interviews, wiretaps, physical searches, grand jury material, and

357

intelligence disseminated by other members of the Intelligence Community. The FBI's problem is twofold: 1) dissemination of information within the Bureau and, 2) sharing of information with other members of the Intelligence Community. In some cases, the FBI was limited by legal or policy constraints on, for example, the use of grand jury information and information obtained through criminal wiretaps. The USA Patriot Act eliminated some of those constraints. However, the FBI has also been hampered by its own limitations, for example, a failure to develop a strategy for sharing information. As its Deputy Assistant Director for Counterterrorism and Counterintelligence testified:

We did not leverage what we had information-wise, and we did not leverage what other agencies had as information. We lacked analysts, we lacked linguists, we lacked electronic architecture that allows to us interact with other organizations. ... we lacked size. And we lacked attacking the target from 360 degrees. For example, we did not develop a program that leveraged what we have as expertise, what the Treasury had as expertise, and what the [CIA] had as to expertise for a concentrated, focused, aggressive investigation in finances. Terrorist organizations ...like al-Qa'ida ...have several points of strength, but several points of weakness. ...We did not leverage State and local police. The culture says you don't share that information.

In addition, as a result of technological problems, FBI analysts did not have access to all information within the Bureau. The FBI's Deputy Assistant Director for Counterterrorism Analysis testified that "the FBI lacked effective data mining capabilities and analytical tools, it has often been unable to retrieve key information and analyze it in a timely manner, and a lot has probably slipped through the cracks as a result."

Before September 11, FBI personnel were not trained or equipped to share foreign intelligence developed in counterterrorism investigations with the Intelligence Community or even with other units within the Bureau, which deprived analysts throughout the Community of information. The FBI's Chief of the Counterintelligence Analysis Section in the Counterintelligence Division explained: [page 377]

Technology alone, however, is not the silver bullet; gaining access to all relevant FBI information associated with an individual terrorist suspect, terrorist group or State Sponsor was also an issue the analysts faced periodically. Information was sometimes not made available because field offices, concerned about security or media leaks, did not upload their investigative results or restricted access to specific cases. This, of course, risks leaving the analysts not knowing what they did not know.

358

Finally, the FBI typically used information obtained through the Foreign Intelligence Surveillance Act only in the cases in which it was obtained and would not routinely disseminate the information within the Bureau or to other members of the Intelligence Community.

d. The Department Of State

One of the principal State Department contributions to the fight against terrorism is the TIPOFF watchlist program, which, according to its director, was established in 1987 after the Department issued a visa to someone the Intelligence Community knew was a terrorist.

According to TIPOFF's Director, from inception to Summer 2002, the program prevented 763 individuals from receiving visas to enter the United States. However, the Joint Inquiry was told that information flow into TIPOFF before September 11 was less than complete. It was not until 1995, eight years after a terrorist was mistakenly allowed into the United States, that the CIA approved State Department declassification of data for inclusion in TIPOFF. Before the change in policy, State would submit a list of names monthly for CIA declassification, and that process delayed the watchlist updates.

Growing concern about the terrorist threat did not noticeably increase the amount of information shared between the Intelligence Community and the State Department before September 11, which, in contrast, advised the Joint Inquiry that it received at least 1,500 CIA Central Intelligence Reports containing terrorist names shortly after September 11. State Department officials also spoke about the difficulty in obtaining data for watchlisting purposes from the FBI National Crime Information Center, in spite often years of negotiations with the Bureau for access.

[Page 378]

September 11 hijackers Khalid al-Mihdhar and Nawaf al-Hazmi provide perhaps the most glaring examples of incomplete information sharing with the State Department. As is demonstrated in other sections of this report, the CIA had reportable information about these men long before it asked that they be "watchlisted" in August 2001. As DCI Tenet testified, this failure is not the result of a limited problem in the systems in place:

The fact that we did not recommend al-Hazmi and al-Mihdhar for watchlisting is not attributable to a single point of failure. There were opportunities, both in the

359

field and at Headquarters, to act on developing information. The fact that this did not happen -aside from questions of CTC workload, particularly around the period of the disrupted Millennium plots -pointed out that a whole new system, rather than a fix at a single point in the system, was needed.

In particular, the DCI pointed to CIA personnel not understanding their obligation to place people on watchlists or the criteria by which watchlist decisions should be made. The Director of the TIPOFF program also described poor attendance at meetings he would arrange to brief CIA personnel on the program and the frequent turnover of CIA personnel assigned to it.

Some improvements have been made since September 11. For example, Ambassador Francis Taylor told the Joint Inquiry that, "in August, 2002, the entire TIPOFF database, including full biographic records on nearly 85,000 terrorist names, photographs, fingerprints, and on-line documentation, was made available to the authorized users from five Intelligence Community and law enforcement agencies." In August 2002 the State Department added over seven million names from FBI indices to a State watchlist, augmenting the 5.8 million names already uploaded.

e. The Federal Aviation Administration (FAA) and the Transportation Security Administration (TSA)

The FAA and its successor TSA are responsible for making threat information available to airlines and airports, domestic and foreign. Without specific information from intelligence [page 379] and law enforcement agencies, TSA is unable to provide the context of threat to carriers and airports. FAA officials told the Joint Inquiry that they have to make convincing cases about threats to the aviation industry because the industry is not willing to absorb additional security costs, absent strong evidence of need.

An example of the importance of providing context is the memorandum an agent in the FBI's Phoenix office prepared expressing concern about Middle Eastern students taking aviation training. Claudio Manno, TSA's Assistant Undersecretary for Intelligence, told the Joint Inquiry that the FAA saw the Phoenix memorandum for the "first time" when Joint Inquiry staff brought the matter up. Mr. Manno testified that, had he been made aware of the document, he would have done "a number of things that were done later" to advance the post-September 11 investigation.

360

B. Information Sharing between Intelligence Agencies and State and Local Officials

Although federal officials emphasized the importance of state and local perspectives, the Joint Inquiry heard witnesses complain that the federal government does not systematically involve state and local agencies in counterterrorism programs. Governor Gilmore, Chairman of the Advisory Panel to Assess Domestic Response Capabilities for Terrorism Involving Weapons of Mass Destruction, testified:

[T]o the extent that there has been intelligence sharing, it has been ad hoc. It has been without a real systematic approach. And what would you expect? With the Intelligence Community, it is within the culture if not within the statute that you don't share information. If you do [share information], you are even subject to criminal penalties. ...

Some progress was made on information sharing with state and local officials after the FBI organized Joint Terrorism Task Forces in its field offices. Starting with the first JTTF New York City in 1980, the FBI made a concerted effort to expand the program. As Director Freeh noted, "We doubled and tripled the number of Joint Terrorism Task Forces around the United States so we could multiply our forces and coordinate intelligence and counterterrorism operations with FBI's federal, state, and local law enforcement partners." As of September 11, thirty-five FBI field offices had JTTFs; now all fifty-six offices do.

JTTFs are designed to combine federal and local law enforcement and intelligence capabilities into a cohesive unit to address complex international and domestic terrorism investigations. JTTFs might include federal participants from CIA, INS, the Marshals Service, the Secret Service, TSA, Customs, the Bureau of Alcohol, Tobacco, and Firearms, the State Department, U.S. Postal Inspection Service, the IRS, Park Police, and other agencies.

According to FBI representatives, JTTFs have improved communication among these agencies and enabled the FBI to leverage their capabilities in counterterrorism investigations. For example, INS personnel assigned to the Minneapolis JTTF were able to determine quickly that Zacarias Moussaoui's authority to stay in the United States had expired, leading to his arrest and detention.

361

JTTFs have not solved the information concerns of all state and local officials. Baltimore Police Commissioner Edward Norris told the Joint Inquiry that serious gaps remain:

I would like to know exactly what everyone else knows in my city. Whatever Federal agencies are working on in my city. ... I should know exactly what's happening. ...[W]e know for a fact [that] terrorists are living in our cities. We all know they're here; we just don't know who they are, we bring the urban police departments in this country. I would like to know and I would like to have a briefing. ..at least every month. I would like to know what's happening, because I get briefings from my intelligence division every day, so I know who we're working on and I know what we're looking at. ...If I had access in a full briefing from whatever agency investigating within my city, it would make my life a whole lot more efficient and comfortable. I would like to know what is happening, but currently do not.

C. Additional Information Sharing Problems

Detailing employees from one agency to another is often praised as a form of information sharing, but the Joint Inquiry heard that there are several limits to the practice. The Departments of State, Transportation, Treasury, and Energy and the INS, Customs, and other organizations detail personnel to the CIA's Counterterrorist Center, the FBI, and, to a much lesser extent, NSA.

[Page 381]

Intelligence Community agencies also send detailees to non-intelligence and law-enforcement agencies. Numerous task forces and cooperative agreements exist between the FBI and border-security and intelligence agencies. Task forces are also primary vehicles for involving state and local agencies in counterterrorism efforts.

The Joint Inquiry was told repeatedly that host agencies restrict access to information and limit databases detailees can query on security and policy grounds. Detailees often learn about intelligence only after host agency employees make ad hoc judgments to share information.

Representatives of detailing agencies also told the Joint Inquiry that host agency employees often do not understand issues of interest to other agencies and consequently provide detailees with information without context.

Access to databases is also impaired. This is because there is no single architecture in the Intelligence Community that bridges all federal, state, and local government databases.

362

Cultural concerns are another problem. Former DIA Director Admiral Thomas Wilson explained to the Joint Inquiry that "information sharing" implies that one' "owns the information." According to Admiral Wilson, agencies must shed the belief that they own information, which, in fact, belongs to the government.

D. The Wall: Barriers between Law Enforcement and Intelligence

Legal and other considerations have substantially influenced the degree to which intelligence agencies share information with law enforcement agencies. These concerns also affected how information was shared between FBI intelligence components and FBI criminal investigators and Department of Justice prosecutors. In interviews and at hearings, the Joint Inquiry has been told repeatedly that a phenomenon known as the "Wall" significantly hampered the free flow of information between the intelligence and law-enforcement entities. Michael Rolince, former Chief of the FBI's International Terrorism Operations Section, testified:

[Page 382] In terrorism cases this became so complex and convoluted that in some FBI field offices FBI agents perceived walls where none actually existed. In fact, one New York supervisor commented that "so many walls had created a maze" which made it very difficult for the criminal investigators.

The "Wall" is not a single barrier, but a series of restrictions between and within agencies constructed over sixty years as a result of legal, policy, institutional, and personal factors. These walls separate foreign from domestic activities, foreign intelligence from law-enforcement operations, the FBI from the CIA, communications intelligence from other types of intelligence, the Intelligence Community from other federal agencies, and national-security information from other forms of evidence.

Following World War II, the National Security Act of 1947 created the Central Intelligence Agency, our first peacetime civilian intelligence organization. Two fundamental considerations shaped that Act: the United States would not establish an organization that coupled foreign and domestic intelligence functions, and the FBI's domestic jurisdiction would be preserved. To satisfy these aims, the Act provided that the CIA would not have police, subpoena, or law enforcement powers and would not perform internal security functions.

363

Generations of intelligence professionals have been trained in the belief that the CIA should not play an internal security role. They also learned that sensitive information should be disclosed only to those with a demonstrable "need to know" the information within the rigidities of a national security classification system. In addition, law enforcement personnel have long recognized that confidentiality, protection of witnesses, and secrecy of grand jury information are essential to the successful investigation and prosecution of crimes. Thus, in the law-enforcement and foreign intelligence professions, security practices and strict limits on sharing information have become second nature.

The division between foreign intelligence and law enforcement is illustrated in the different procedures developed for law-enforcement and foreign-intelligence electronic surveillance and searches.

[Page 383]

The Fourth Amendment to the Constitution requires a judicial warrant for most physical searches for law enforcement purposes. In 1967, the Supreme Court held in Katz v. United States, 389 U.S. 347, that the Constitution requires that law enforcement officers engaged in electronic surveillance in criminal investigations also obtain a warrant.

The 1967 decision stated that it was not addressing the question of whether electronic surveillance for foreign intelligence required a warrant. However, in 1912, the Court held that a domestic group could not be subjected to warrantless electronic surveillance, even if authorized by the President or Attorney General, unless a connection was established between the group and a foreign power. The government's argument that surveillance was necessary to collect intelligence about the group as part of an "internal security" or "domestic security" investigation was not sufficient to override the Constitutional warrant requirement. The Court explicitly did not address the President's surveillance power with respect to foreign powers.

A few years later, Congress conducted extensive investigations into the activities of U.S. intelligence agencies, including warrantless electronic surveillance of citizens who were not agents of a foreign power and warrantless physical searches purportedly to identify subversives and protect intelligence sources and methods. These investigations led to the enactment of the Foreign Intelligence Surveillance Act of 1978 (FISA).

364

FISA established a special court in response to the argument that the judiciary was not equipped to review requests for foreign intelligence surveillances. Recognizing that intelligence and law enforcement interests would coincide in many cases where foreign intelligence surveillance is appropriate, such as espionage and terrorism investigations, the Act permits information produced by surveillance to be shared with law enforcement, However, to ensure that the division between foreign-intelligence and law-enforcement surveillance was maintained, the Act required a certification that "the purpose" of a proposed FISA surveillance was collection of foreign- intelligence information.

[Page 384]

In the early 1980s, the law enforcement and intelligence communities often worked together often in counterintelligence and counternarcotics investigations. Law enforcement agencies became more acutely aware in the course of this collaboration of the evidentiary complications that could arise as a result of using intelligence information in law enforcement efforts. For example, defense attorneys seeking discovery of investigative information relating to the guilt or innocence of their clients could move to have charges dismissed, if the government withheld information on the basis of national security. Thus, increased interaction between law enforcement and intelligence agencies required that procedures be devised to disseminate intelligence for law enforcement use while protecting intelligence sources and methods. For example, intelligence agencies provided information to law enforcement organizations "for lead purposes only," so as to allow those organizations to act on the information without its becoming entwined in criminal prosecutions.

Personnel within the Justice Department and United States Attorneys' Offices were given responsibility for insulating law enforcement personnel from intelligence information while finding ways for them to benefit from it. These arrangements came to be known as "walls."

To avoid court rulings that FISA surveillances were illegal because foreign intelligence was not their "primary purpose," Department of Justice lawyers began to limit contacts between FBI personnel involved in these activities and DOJ personnel involved in criminal investigations. One result of this approach was that the then Counsel for Intelligence Policy at DOJ, the official

365

most responsible for dealing with the FISA Court, was recused from handling FISA applications on al-Qa'ida because she had worked with prosecutors on the embassy bombing prosecution.

The Attorney General issued procedures in 1995 regulating FBI foreign intelligence investigations in which FISA was used and potential criminal activity was discovered. These procedures required notice and coordination among the FBI, DOJ's Criminal Division, and its Office of Intelligence Policy and Review (OIPR). In November 2001, the FISA Court adopted these procedures.

[Page 385]

The wall in FISA matters became thicker and higher over time, as the FISA Court explained in a May 2002 opinion rejecting procedural changes proposed by the Attorney General;

[T]o preserve...the appearance and the fact that FISA [was] not being used sub rosa for criminal investigations, the Court routinely approved the use of information screening "walls" proposed by the government in its applications. Under the normal "wall" procedures, where there were separate intelligence and criminal investigations, or a single counter-espionage investigation with overlapping intelligence and criminal interests, FBI criminal investigators and [DOJ] prosecutors were not allowed to review all of the raw FISA [information] lest they become de facto partners in the FISA [operations]. Instead, a screening mechanism, or person, usually the chief legal counsel in an FBI field office, or an assistant U.S. attorney not involved in the overlapping criminal investigation, would review all of the raw [information] and pass on only that information which might be relevant evidence. In unusual cases. ... [DOJ] lawyers in OIPR acted as the "wall." In significant cases, ...such as the bombings of the U.S. embassies in Africa, ...where criminal investigations of FISA targets were being conducted concurrently, and prosecution was likely, this Court became the "wall" so that FISA information could not be disseminated to criminal prosecutors without the Court's approval.

The thicket of procedures, reviews, and certifications regarding FISA information and contact between foreign-intelligence and criminal investigators led to confusion and error. An FBI attorney noted in an interview that, as detail was added to certain FISA applications, the Court began to expect that level of detail in all applications. Thus, an application to renew a surveillance of an intelligence officer of a foreign government that might have originally required two paragraphs in support grew to many pages, increasing the possibility of error in details.

In March 2000, the Department of Justice discovered substantive errors in factual applications presented to the FISA Court. By September 2000, the Department identified errors in

366

about seventy-five FISA matters, and in March 2001 notified the FISA Court of additional errors. In response, the Court required that all DOJ personnel involved in FISA matters certify that they understood that FISA information could not be shared with criminal prosecutors without the Court's approval and an FBI agent involved with the erroneous filings was barred from the Court. While the Department attempted to correct the process that had led to erroneous [Page 386] filings, a large number of FISA surveillances, including many related to international terrorism, expired in the spring and summer of 2001.

[The consequences of the FISA Court's approach to the Wall between intelligence gathering and law enforcement before September 11 were extensive. FBI personnel involved in FISA matters feared the fate of the agent who had been barred and began to avoid even the most pedestrian contact with personnel in criminal components of the Bureau or DOJ because it could result in intensive scrutiny by OIPR and the FISA Court. In addition, because NSA was not certain that it could identify reporting that came from FISA derived information, it began to indicate on all reports of terrorism-related information that the content could not be shared with law enforcement personnel without FISA Court approval].

The various walls have had other consequences of direct relevance to the Joint Inquiry. For example, a CIA employee spoke to two FBI employees in January 2000 about the activities of future hijacker Khalid al-Mihdhar in Malaysia, but did not tell them that he had a U.S. visa. The CIA officer stated in an e-mail at the time that the FBI would be brought "into the loop," only after "something concrete" was developed "leading us to the criminal arena or to known FBI cases." Perhaps reflecting the deadening effect of the long standing wall between CIA and FBI, the FBI agents reportedly thanked the CIA employee and "stated that this was a fine approach," although the FISA wall did not apply in this case.

Even in late August 2001, when the CIA told the FBI, State, INS, and Customs that Khalid al-Mihdhar, Nawafal-Hazmi, and two other "Bin Laden-related individuals" were in the United States, FBI Headquarters refused to accede to the New York field office recommendation that a criminal investigation be opened, which might allow greater resources to be dedicated to the search for the future hijackers than would be available in an intelligence investigation. This was based on Headquarters' reluctance to utilize intelligence information to draw the connections

367

between al-Mihdhar and the USS Cole bombing necessary to open a criminal investigation. FBI attorneys took the position that criminal investigators "CAN NOT" ( emphasis original) be involved and that criminal information discovered in the intelligence case would be "passed over the wall" according to proper procedures. An agent in the FBI's New York field office responded by e-mail, [page 387] "Whatever has happened to this, someday someone will die and, wall or not, the public will not understand why we were not more effective in throwing every resource we had at certain problems." Again, FBI Headquarters applied FISA "walls" to a non-FISA case.

The USA PATRIOT Act, enacted in response to September 11, provided unambiguous authority for the Attorney General and other law enforcement officials to disclose to the Director of Central Intelligence foreign intelligence collected in the course of a criminal investigation. The Act also requires that intelligence be "a significant purpose" of a FISA search rather than "the purpose." These provisions were intended to reduce, if not remove restrictions that had grown up around FISA operations. The Foreign Intelligence Surveillance Review Court, in its first opinion since being established in 1979, has affirmed that the Act permits the free flow of intelligence to prosecutors, who may direct and control FISA surveillances.

XI. Technology Gaps

Technology is critical to the Intelligence Community's efforts to collect, analyze, and disseminate information on terrorist identities, locations, capabilities, plans, and intentions. The Joint Inquiry examined a number of issues in order to assess how well-postured the Community was in regard to its use of technology as well as its understanding of the use of technology by terrorists. The NSA, which, of all the intelligence agencies, relies the most on technical collection, received most of the attention.

A. Technology Gaps at NSA

Al-Qa'ida members employed a variety of communications technologies, including modern ones such as [ .-], in the conduct of their activities. In his testimony, NSA Director Lt. Gen. Hayden lamented the fact that terrorists have access to the three-trillion-dollar-a-year communications industry. The Joint

368

Inquiry attempted to examine NSA's current and planned capabilities to exploit these types of modern communications as well as the tools being used and developed to help linguists and analysts process and share the volumes of information collected. In addition, the Joint Inquiry [page 388] examined the health of the technical collection platforms from which the majority of counterterrorism intelligence information is derived.

The assessment presented below draws on testimony, interviews, and some NSA documentation.

B. [ ]

[ ].

C. [ ].

[

369

[Page 389]

[ ].

D. [ ].

[ ].

E. [ ].

[ ].

[ ]

370

[Page 390] [ ].

F. Selection and Filtering for[ ] Communications

Much of NSA's pre-September 11 success against terrorist targets was due to the ability to [ ] based on [ ] interest rather than randomly choosing among millions of communications. With the proliferation of multimedia communications, even better selection and filtering techniques will be required.

One area of increased attention is [ ] an area in which NSA has made only limited progress. [ ]. Unfortunately, NSA's selection capabilities suffer from a critical deficiency, [ ].The solution to this deficiency is well understood and estimated to cost less than $1 million to implement. However, the Joint Inquiry learned in interviews that even though [ ] have been available for many years, and even though NSA has had recent significant funding increases, the program manager is still "scrounging" for funds to pay for this upgrade that would not be completed until 2004.

G. Analyst Tools

NSA often did not provide analysts with sufficient tools to exploit the data collected. For example, NSA in 1998 did not have the capability to [ ], NSA's Analysis and Production Chief, noted, "At that time the systems that were in place were high tailored, not integratable. The plug and play was only beginning to come into play at that point in time. So a tailored solution that you might be able to architect at home wasn't necessarily one that you could deploy across [ ] or within a CT shop." [ ] noted, however, that this capability now existed.

[Page 391]

However, field operators still do not have such tools, even though they were available at NSA Headquarters after September 11. During a visit to the [ ],

371

Joint Inquiry personnel found [ ] linguists frustrated with Headquarters support for language tools. In fact, one of their primary concerns was the inability to display [ ]. They noted that they could purchase software on the local economy that can display [ ] but are prohibited from doing so because the software is not an "approved application" for their computer platform. "When they officially requested such a capability through official channels, they were told that something could be available in 18 months." They noted that some computers they still use are 1993 vintage UNIX machines that cannot even display ordinary graphical user interfaces correctly due to color graphics limitations.

H. Collection Platforms

NSA collects signals intelligence using a variety of methods or platforms. Often these platforms, which have a sizable infrastructure investment, serve a myriad of intelligence missions. In identifying these critical platforms, the Joint Inquiry examined statistics on counterterrorism- related reporting. The following chart shows the source of counterterrorism reports per technical collection platform both pre- and post-September 11:

NSA spending increases after September 11, however, are not focused on several of the most productive sources of counterterrorism information. [ ] [Page 392]

372

[ ].

The evidence suggests that an effective counterterrorism effort requires [ ]. In testimony, Lt. Gen. Hayden acknowledged, [ ]. Lt. Gen. Hayden also stated that in his effort to develop capabilities against new communications technologies by the end of the 1990s, "This meant taking money away from current, still active, still producing activities. ..." Since the attacks, NSA has focused on its transformation strategy.

Lt. Gen. Hayden testified:

"Shortly after September 11th, I had a meeting of my senior leaders. I asked them the following question: Is there any part of our transformation roadmap that we should change as a result of the attacks? Unanimously, they responded, 'No, but we need to accelerate these changes.' With the money the President has requested and Congress has provided, we have done just that."

NSA's commitment to the future viability of the [ ] collection platforms remains unclear, despite their value.

XII. Technical Collection of Terrorist Communications

[Responsibility for most of the technical collection of terrorist communications falls under the purview of the National Security Agency, although the CIA and the FBI also conduct technical collection against terrorism. NSA and other agencies learned valuable information from intercepting terrorist communications and prevented several planned attacks. Indeed, numerous

373

officials throughout the policy and Intelligence Community told the Joint Inquiry that Signals Intelligence (SIGINT) was a valuable source of information on al-Qa'ida. Exploitation of terrorist communications, however, was uneven at best and suffered from insufficient investment. AI-Qa'ida was only one of several high priority targets and a difficult one].

A. NSA's Organizational Structure for Collecting Terrorist Communications

Within the NSA, the Signals Directorate, which was created in February 2001 by combining the Operations and Technology Directorates, has the primary SIGINT mission. Within the Signals Directorate, the Counterterrorism Product Line has the lead for counterterrorism reporting. [ ]:

[ ];
[ ];
[ ];
[ ];
[ ];
[ ];

B. SIGINT and the September 11 Attacks

Prior to 11 September 2001, NSA had no specific information indicating the date, time, place, or participants in an attack on the United States. Numerous NSA personnel, including

374

Lt. [Page 394] General Hayden, the Director of the NSA (DIRNSA), repeatedly related this conclusion to the Joint Inquiry.

[NSA had intercepts on September 10, 200 I that, in retrospect, appear to relate to the September 11 attacks. These intercepts were processed on September 11 (after the terrorist attacks) and reported early on September 12, 2001. Although each of the products referred to something occurring the following day, neither intercept had specifics on the attack, location, or targets. This wording was similar to other non-specific threats occasionally reported by NSA over the past several years.

In an effort to place the September 10 messages in perspective, General Hayden testified, "I should also note that [over a period of time] earlier that summer we had intercepted and reported over 30 such imminent attack messages and that since September 11 [NSA continues to report similar activities]."

In fact, following September 11, there was a flurry of similar [ ] intercepts that were not associated with any terrorist attacks:

[ ];
[ ];
[ ]; and
[ ].

[Page 395]

C. A Chronological Review of NSA Collection Efforts Against al-Qa'ida

[In the years before the September 11 attacks, NSA steadily increased its collection on al-Qa'ida. Initial Intelligence Community efforts focused on Bin Ladin himself as a terrorist financier. As the 1990s wore on, this effort expanded to collection on Bin Ladin's associates and the al-Qa'ida organization. [ ].

The following review is largely drawn from Joint Inquiry interviews. It highlights important milestones in NSA's collection against al- Qa'ida.

[ ]. Bin Ladin was viewed almost exclusively by the Intelligence Community as a terrorist financier until 1996].

[In 1996, CTC established its Bin Ladin unit as the Intelligence Community focal point for tracking Bin Ladin. [ ]. The first phase of the unit's Bin Ladin project was strategic information gathering,[ ]. It was at this point that the Intelligence Community began focusing on the Bin Ladin target as a terrorist support network in addition to being a terrorist financier].

[ ].

[Page 396]

376

[Before Bin Ladin issued his February 1998 anti-American fatwa, [ ]. Following the fatwa, the Director of NSA appealed to [ ] partners, few of which were focused on counterterrorism at the time, for counterterrorism assistance. [ ].

[Following the August 1998 East Africa Embassy bombings, NSA instituted a much higher operations tempo, which never really subsided. After the bombings, at the request of FB1's New York Field Office, NSA provided all reports that appeared related to the attacks. This information was useful to the FBI].

[In the fall of 1998, NSA lost the ability to listen to Bin Ladin on his satellite phone. This loss was probably the result of, among other things, a media leak. [ ].

[ ].

In February 1999, the Department of State demarched the Taliban, [ ].

[Page 397]

377

[ ].

The Millennium threat surge began in November 1999. The Millennium threat was a top priority for the entire Intelligence Community, and NSA personnel worked around the clock supporting CIA's disruption campaign. During this time, Jordanian officials arrested terrorists linked to al-Qa'ida. [ ].

[ ].

Several other advances occurred throughout 2000. [ ].

[Page 398]

Following the USS Cole bombing in October 2000, NSA consolidated some of its counterterrorism efforts [

378

[By the winter of 2000, NSA noted a general rise in threat activity. The Intelligence Community assessed the threat to be mostly oriented abroad. In spring 2001, NSA noted another significant rise in threat activity. Again, the Intelligence Community assessed the threat to be directed abroad].

[Throughout June and July 2001, another rise in threat activity was identified. NSA analysts noted vague communications traffic indicating that something was afoot. Intelligence Community speculation centered on whether the likely target was abroad. The U.S. military was sufficiently concerned that an attack would occur on the Arabian Peninsula that "ThreatCon Delta" was declared and all ships in the area were sent to sea].

[Military customers asked NSA/CT analysts if the threat were real. NSA counterterrorism analysts reviewed the evidence and were confident that it was. [ ].

[In the spring, the Intelligence Community reported indications that an attack may have been postponed. The Joint Inquiry was told that this led the Intelligence Community to believe that a real terrorist attack had been averted].

D. Technical Collection Problems and Limits at NSA

Technical collection was limited. This was due to both the nature of the target and missteps by the NSA and other U.S. government elements.

379

a. Difficulties of Gaining Actionable Intelligence on al-Qa'ida

[Several senior NSA officials, including the Deputy Director of NSA and Chief of the counterterrorism organization contended in interviews and testimony that information on terrorist plans and intentions was often not available [ ]. Even when information was intercepted, the analyst often must interpret arcane, circumspect discussions, put them into context, and identify linkages to other known targets or activities. NSA's Director stated: ". ...we do not anticipate being able to provide detailed threat information from SIGINT in most cases." Indeed, SIGINT did not provide significant intelligence to prevent other major terrorist attacks against U.S. interests such as Khobar Towers, the East Africa U.S. Embassies, and USS Cole].

[However, these arguments are somewhat belied by evidence uncovered during the Joint Inquiry that identified several instances of communications providing some specifics in terms of a timeframe and general location for terrorist activity. In addition, the FB I acquired toll records that five or six hijackers communicated extensively abroad after they arrived in the United States. The Intelligence Community had no information prior to September 11, 2001 regarding these communications, and, as a result, does not know what clues they may have contained].

[ ] [Page 400] [ ]. The Director of NSA, testifying about the targeting challenges facing NSA, said "cracking into these targets is hard - very hard - and SIGINT operations require considerable patience - sometimes over years - before they mature."

Go to Next Page