Suspect or Sloppy?

Privacy mavens are all atwitter at the news this morning:

A Justice Department investigation has found pervasive errors in the
FBI’s use of its power to secretly demand telephone, e-mail and
financial records in national security cases, officials with access to
the report said yesterday.

The inspector general’s audit found 22
possible breaches of internal FBI and Justice Department regulations —
some of which were potential violations of law — in a sampling of 293
“national security letters.” The letters were used by the FBI to obtain
the personal records of U.S. residents or visitors between 2003 and
2005. The FBI identified 26 potential violations in other cases.

Set aside for a moment the old-fashioned notion of privacy so many keep fantasizing about and the fact that law enforcement and intelligence need some fast and easy way to gather common personal information because bad people live, work and operate among us and what does the article really tell us?

The pervasiveness and diversity of the errors suggest that there is a serious training deficiency at the FBI. Even without NSLs FBI agents have always handled a not more personal information than, say, NSA officers, but at NSA rules about dealing with such information are beaten into your head and heart from day one. Violations are dealt with swiftly and harshly. If these cases were part of a deliberate campaign to abuse NSLs there would be more focus and the errors more consistent.

It is also important to note that this revelation was self-exposed by the IG, not the result of a leak or a lawsuit. A systematic and organized effort would have a much more substantial defense/spin machine at work, or enough sense to not have been caught altogether.

Need more convincing? One of the more revealing points is brought up later in the article:

Fine’s audit, which was limited to 77 case files in four FBI field
offices, found that those offices did not even generate accurate counts
of the national security letters they issued, omitting about one in
five letters from the reports they sent to headquarters in Washington.
Those inaccurate numbers, in turn, were used as the basis for required
reports to Congress.

Remember, this is an agency that is legend among bureaucracies for the depth and breadth of its paperwork. You can build a whole career at the FBI doing nothing but “i” dotting and “t” crossing. In that sort of environment the fact that each office didn’t have a log documenting each letter issued suggests confusion or chaos, not conspiracy.

This is a problem about unclear policy and shoddy procedure, not organized and systemic mischief against the people. The Bureau would do well to learn some lessons from their brothers in Anne Arundel County (could have leveraged Mo B. when you had her) or they’re likely to start slipping towards the danger zone that the Nebraska Avenue kids are in (which – mark my words – is a fiasco waiting to happen).

All aboard the cluetrain express

This is classic:

Wiki technology advocates within the intelligence community, known as
intellipedians, were circulating among their colleagues promoting the
use of the collaborative social software to create intelligence
products, the official said.

The general response among the intelligence
technologists the intellipedians approached was “It’s great! Can you
build one for us?,” according to the official. That question indicated
that the technologists had not grasped the intellipedians’ premise that
wiki information sharing should permeate the community, the official

You know your agency’s head geek got his degree from a state-funded diploma mill when he stops you after the second slide of a briefing and says, “What’s this XML you’re talking about?” This was five years ago and apparently little has changed.

As with any sufficiently radical effort (and believe me, this is practically magic to some on the inside) there is a marked difference between the public face and the reality in the cube. Are people using it? Sure. Is it pervasive? Not a chance. Is it widely and solely the way business is done? Dream on. Getting a foot in the door is one thing; closing the sale is another issue entirely.

Have fun storming the castle . . .

The Q Prize

Funny what you think of in what passes for a traffic jam in these parts . . .

Ruminating about John’s recent post about tinkering with technology  and the mention of the X-Prize and DARPA Grand Challenges . . .

. . . remembering the post from the other day about how the explosion of available information  has not only overcome the government’s ability to categorize, search and make sense of it, the force of the wave is pushing efforts backwards . . .

. . . we have the CIA’s DNI’s Galileo Awards but that’s for insiders (no small font of great but untapped ideas btw): where is the parallel opportunity for outsiders and “amateurs ?” Where is the “Q Prize” for dealing with the IC’s information and technology problems? (1)

Many of the problems the IC faces WRT technology and information are identical to the ones facing large,
bureaucratic, information-centric institutions outside of the secret
world. The solutions that are turning around firms in industry – or
propelling start-ups beyond their more established competition – can
work on the inside. Large-scale contracting firms are full of competent
and talented people but projects like Virtual Case
File, Trailblazer and others are more indicative of what happens when large private
institutions try to help large public ones.


There will of course be reluctance to expose even a sliver of the inner workings to outsiders, but there are ways to anonymize and genericize details of problems and systems so that anyone can get involved without risk of exposing real secrets.

There will also be resistance from the traditional solution providers. The Q-Prize approach upsets the old RFP game and could put big firms at a disadvantage. Don’t underestimate the power of the bandits (what does SAIC spell backwards?).

More, better solutions have been put together by two dudes in a garage (or the big iron equivalent thereof) than have come out of a cross-functional, multi-domain corporate tiger-team. Maybe it is time to give the hungry, little, nimble guys a chance.

(1) I started with “I(ntelligence) Prize” but that didn’t sound right. The inspiration for “Q” should be self evident but it isn’t ideal because Q worked in the system, not outside of it. I mean, of all the things you can stick on a watch these days and Bond is still carrying around that stainless steel wrist-laser. Come on . . .

How about a real intelligence reform bill then?

The nation’s intelligence agencies, mired in
bureaucratic messes, have failed to deliver to Congress the
high-quality information it needs about trouble spots such as North
Korea and Iran, Michigan’s Rep. Pete Hoekstra said today.

still don’t have the intelligence community (needed) to give us as
policy-makers the information we need to make good decisions on North
Korea and Iran and other places,” Hoekstra, R-Holland, said during an
appearance on “Fox News Sunday

Hoekstra is the top Republican
on the House Intelligence Committee, and a top ally of the White House
on national security issues. But he criticized former top Bush
administration officials for hampering the flow of quality
intelligence. He said turf wars between the Pentagon and intelligence
agencies and a slow start-up to a reformed intelligence bureaucracy
that was part of post-9/11 changes are to blame.

I really like Rep. Hoekstra and the level of effort he puts against intelligence issues, but pointing to an alleged mil-civ divide as the reason for a lack of progress in intelligence reform is a non-starter.

The blame for a lack of enthusiasm for change is not exclusively a military one. The DOD is the largest producer and consumer of intelligence information. You don’t think they’d welcome changes that would put more/better/faster intel into the hands of those that could use it?

Get analytic elements out of collection agencies, eliminate duplication of effort, and stop operating as if it is still 1955 and you’ll start to realize some meaningful change.

Want real intelligence reform? How about a real intelligence reform bill?

IO: meet the new boss, same as . . .

From Inside the Pentagon (subscription):

As the Air Force prepares to open a new Cyber Command in May, a top service general overseeing the effort is calling on policymakers to consider how far the United States should go to safeguard its electronic communications and data storage.

“This is an area where technology has outstripped our ability to make policy,” Air Force Gen. Ronald Keys told reporters at a Feb. 9 press conference. “We need to have a debate, I think, and figure out how are we going to defend ourselves.”

No shortage of ex-pilots who get dumped into IO and don’t feel the compulsion to review the
work carried out by their predecessors. Next step: finding a wheel to reinvent:

Though a hacker’s penetration into computers in the United States is akin to an armed foreign aircraft crossing the border, “there’s nothing like [air defense] on the Internet,” he said. “You can toodle on in and you can do anything you want and there’s nobody asking you, “Who are you? What are you doing?”[or] following you. You can’t be forced down.”

Asked if the Cyber Command, which is to report to Keys’s Air Combat Command, will be authorized to shut down intruders that threaten U.S. government or business
interests, the general replied, “Can’t do it. It’s illegal. We live in a democracy.”

Our form of government has little to do with it, which gives you some insight into how in
tune with the mission this Command is. You can’t shoot back because you are
inevitably going to be shooting at innocents. The General goes on to note (with
no sense of irony) that we can’t shut down cyber attacks, but that our
offensive capability should serve as a deterrent to potential ‘bogies.’ When your
strategy says you reserve the right to nuke those who hack you,
better make sure your targeting cell knows what it is doing.

Enemy bytes and enemy planes are not the same thing. For starters we wouldn’t stand for the
latter to violate our airspace, but we allow the former to happen all
the time
. It’s been going
on for decades
and the DOD has never taken the mission seriously enough to
throw up a wall of ack-ack.

JTF-CND/O/GNO was a great start but can they enforce compliance? SPACECOM got the ball
rolling but then got careless; STRATCOM was a more appropriate home but calling
senior airmen IO-ers who last week were SIGINTers was no strategy. Gen
Cartwright moved things forward (as you would expect a Marine to do) but where
is the real expertise? Being reorged out of existence back in DC. To paraphrase
When everyone does IO, no one does IO.
I have been as guilty of this as anyone, but I still have a problem with trying to force facile
physical world metaphors onto the digital world. Everyone is worried about the
Digital Pearl Harbor, but we get surprised and deal with attacks like that
everyday; it’s the Digital Chicago Fires* that throw us for loops.
* Credit to A.M. for coming up with that one.

On accountability

That’s what I’m talkin’ about!

Maj. Gen. George W. Weightman, commanding general of the North
Atlantic Regional Medical Command and Walter Reed Army Medical Center,
was relieved of command at 10 a.m. Thursday by Secretary of the Army
Dr. Francis Harvey, according to an Army press release. […]

was informed this morning that the senior Army leadership had lost
trust and confidence in the commander’s leadership abilities to address
needed solutions for soldier-outpatient care at Walter Reed Army
Medical Center.

It has been a long time since a senior Army officer has taken been forced to accept responsibility for his actions or inactions. General Colonel Karpinski is the only one in recent memory. The Navy, by contrast, regularly sends commanders packing for running aground, bumping into fishing boats, etc.

The MFIC sits on a three-legged stool (authority, responsibility, perks) that all too often is missing a leg (responsibility). We saw this in the immediate aftermath of 9/11 and the subsequent recycling of national security seniors from discrete agencies into DNI positions. Almost none of those people should still be on the payroll, not because any given one of them is personally responsible for intelligence failures, but because that’s the price you are supposed to pay for being granted certain authorities. If you have nothing at risk, you are disinclined to do what is necessary to achieve real gains.

Unrealistic? In an age when everyone is special and no one makes judgment calls it may very well be. Cruel? It is not like someone with a Masters in International Relations (not to mention a security clearance) doesn’t have options outside the General Schedule.

Keeping the IC Competitive

Technophiles will undoubtedly joke about the first item but that is beside the point . . .

The IC is always trying to bring on the smartest folks it can find, though it constantly errs by equating top-tier academic quals with actual smarts (we’ve lost more clever folks because they lack a piece of paper).

Appreciating a diversity (not the fake kind) of outlook and opinion is something the IC works very hard at squashing. Note that we’re only now moving dissenting opinions from footnotes to full-sized text in NIEs.

And it isn’t that outsiders can’t offer a fresh perspective or new idea, its just that the people in the business should be the first people you go to when you want to know what in the business needs fixing. This doesn’t mean town halls where your executives can practice their Toastmaster skills and only the kooks raise their hands because everyone just wants to keep quiet so the pain will stop.

Fresh Start

DNI McConnell starts his second full day on the job today, and the former intelligence experts interviewed in the Baltimore Sun say that he must “restore faith, unite agencies.” I agree on both points, though I’d like to respectfully suggest that he follow different tacks than the other old hands suggest.

Restore Faith

This is actually a two pronged effort: restore faith in the intelligence services and restore the faith of those working in the services.

The first part of the remedy involves setting new expectations across the board. People on the job need to be allowed to take more risks, challenge the status quo, and come up with new ways of operating; our legislative overseers need to realize that intelligence work can be messy, dangerous, and inadequate. Oversight should be a check-and-balance not a check-and-burden. When people know they won’t be hung out to dry for coming up short, they’re more apt to shine; when decision-makers understand that intelligence isn’t a silver bullet they should be less likely to abuse it.

As you craft your introductory speech to the workforce let me say that they don’t need reminding of why they are on the job or the consequences of failure. They need to see your words backed up by action. You ran NSA so you know how it works; DIRNSAs come and go, but the staff is forever. Bold moves now will set the tone for the future and do more to revitalize the workforce than any pep talk. Otherwise you’re just another guy they have to survive.

Unite Agencies

The goal here should focus less on centralizing management – span of control is already far too wide – and more on centralizing functions. That there is a great deal of duplication of effort in the IC is well known, but to date no one has done anything about it. With a scrub of the budget should come a scrub of missions and functions. Dealing with current and future threats requires minds as well as money and continuing to allow individual agencies to perpetuate mini-me versions of rival programs saps our ability to provide both. Everyone has “equities” but some are more relevant than others. Agencies are going to have to take some lumps in some areas so that they can get a boost in others. It’s the price we have to pay for the intelligence community we want to have. If consolidation is not a path you want to go down, this is the next best thing.

Clean House

I covered this issue recently and will not abuse a dead equine in your presence; suffice it to say that you’re not going to blaze a path to the future with the people who are stuck in the past. Everyone knows who the leaders are and who the functionaries are, but if you insist on conducting a survey or some such thing, don’t talk to anyone over GS-14. Have them “vote” for their own dream leadership team and when the survey results don’t match up to the current org chart you’ll know who needs to go. You’ll also have a much better handle on what sort of folks (and requisite skills) it is going to take to lead your workforce of the future.

That’s all I’m giving away for free, Mr. Director. Good luck. 😉

Codifying the obvious

Secrecy News points out an important new IC Directive:

Intelligence analysis “must be objective and independent of political considerations,” …

“The IC will seldom have the requisite depth and breadth of
expertise to provide all of the insights and detailed answers demanded
by our customers. To satisfy their needs, the IC must tap outside
expertise and build and expand relationships with non-intelligence
government agencies, academic, business, non-governmental organizations
(NGOs), and think tank communities, both domestically and
internationally, while addressing the counterintelligence and security
obligations that are inherent to such initiatives.”

Developments like Intellipedia are a single step on the path to reform in these areas, but it is still insiders talking to insiders. Anyone who has tracked these issues for longer than a day knows how well that can turn out. A really bold and significant step? Open up the (U)-version to the public through the Open Source Center (and the OSC itself for that matter). You want deep and broad expertise, diverse opinions, and 24/7 production? I don’t care how many universities and think tanks you line up and cloister behind a firewall, it isn’t going to match the output of a global Army of Analysts.