Every time a terrorist tries to blow something up, newscasters and pundits across America holler about the failure to "connect the dots." But what happens when there are so many dots, no one knows where to look?
In his new book, The Watchers: The Rise of the America's Surveillance State (Penguin), reporter Shane Harris chronicles 25 years of intelligence community efforts to "connect the dots" on terrorist threats in the United States. The book reads like a particularly geeky technothriller, with each of Harris' main characters struggling to strike the right balance between privacy and security as increasingly antiquated databases full of crucial information pile up around them. In his day job, Harris covers electronic surveillance, intelligence, and counterterrorism for National Journal.
Senior Editor Katherine Mangu-Ward sat down with Harris on February 24, 2010, at the Reason offices in Washington, D.C., to discuss the Christmas Day bomber, why one promising electronic surveillance system was wiped out due to privacy concerns, information turf wars in Washington, and what it's like to be a spy in the age of Google.
Reason: You open The Watchers with the 1983 bombing of the Marines barracks in Beirut. It's always a good call to start a book with a big explosion, but why did you choose to begin there in the story of the rise of the surveillance state?
Shane Harris: In going back and researching the history of terrorist attacks and what was known before the attack within the intelligence community, I found a lot of eerie parallels between 9/11 and Beirut. Beirut was really the first instance of religious, suicidal, Islamic terrorism against an American target. It was a very dramatic explosion. Two hundred and forty-one Marines were killed. The last time they lost that many men in one day they were storming the beaches at Iwo Jima, so it was really a watershed moment.
I found that—just like 9/11—there were very significant clues that were missed. In the previous six months in Beirut, the intelligence community actually had intercepted or fielded a hundred different warnings about car bombings in Lebanon and none of them were really followed up on or fused. There was an investigation of a previous bombing at the U.S. embassy that held a lot of clues for what kind of terrorists were operating in Lebanon, and then there were actually intercepted phone calls between sources in Iran and terrorist elements in Lebanon ordering them to undertake some kind of attack against the Americans. And none of this intelligence was ever shared with the Marines on the ground so that they could fortify their position. It was this eerie theme of missing the dots before the attack and only afterwards realizing the significance of all these disparate fragments of intelligence and realizing that nobody in government had ever really put them together. This book is about those people who are trying to do that, and '83 was really the first instance of anyone making a concerted effort to connect those dots.
Reason: Every time something happens, we hear that the NSA or the CIA or somebody had all the information, but somehow failed to "connect the dots." Why does that line crop up over and over? For 9/11 or the underwear bomber, did we really have the capability to connect the available dots using current tools?
Harris: The underwear bomber is a really good instance. Arguably, yes, we should have been able to connect fragments of information that we had. That wasn't an instance where we didn't have enough information on potential threats. Now granted, even if you'd connected all those various pieces of intelligence—which included warnings from his father coming in to an embassy saying he'd gone to Yemen, intercepted phone calls from Al Qaeda operatives in Yemen talking about a Nigerian that they'd employed in an operation, the fact that the suspected terrorist's name was put into a database on a watch list. It's kind of appalling that more wasn't done to try and fuse those different streams of intelligence, to say "wait a minute there seems to be a pattern here," or "we're hearing things about Nigerians and were getting a guy coming into the embassy," and "shouldn't we be following up on that?"
It was really a shock to learn that once you put someone's name in the master watch list of suspected terrorists—of which, by the way, there are 500 million names, which is a whole other problem of information overload—there's no automated system to check if the name you're putting in has actually already been given a U.S. visa. So you've got this database of names of people who we probably want to think about keeping out of the country, and we don't automatically check the records that would tell us if they've been given permission to enter the country.
You could argue that even in hindsight if all these pieces were known and the puzzle was there maybe somebody would not have seen the pattern or realized the significance of it. But those pieces were never even put together on the table, and the reasons come down to bureaucratic obstacles—agencies not wanting to share their information, not wanting to connect their different databases because they want to protect sources and methods. Frankly, information in Washington is power, and the more you control the access to your intelligence the more powerful you are as an agency.
Reason: These days anyone could compile a fairly detailed dossier on, say, Shane Harris, using Google and Facebook. How has the intelligence community responded to that change in the way information flows?
Harris: If you could jump in a time machine and go back to 1983 and say to somebody in the intelligence community, "You know one day there will be this grand electronic database of names, and it will show who everyone is connected to and what their hobbies are and where they're going today, and where they've been, and it's going to be called the Facebook," they would have asked "When did the Russians win the war and when did this kind of system come into place?" That would be considered almost totalitarian and Orwellian in a sense.
There's actually a quote that I have in the book from an official who was the deputy director of national intelligence at the time, back in 2007. He gave this speech in which he said that privacy and the availability of information, and the expectation that information will be available, means something different to this generation today. And it's not for us—effectively the old timers in the intelligence community—to have a one-size-fits-all approach to privacy. Because there is no anonymity anymore, and information is widely available. We do have Facebook and we have Google. The intelligence community actually has responded by saying "Look, the definitions of privacy have changed, the rules of information have changed. We've noticed in the intelligence community. It's time for everyone else to get with the program." They've actually been rather ahead of the curve on that one.
Reason: But that wasn't always the attitude, right? In the book, you describe a promising system was shut down in 2000 due to concerns about the commingling of classified and non-classified data.
Harris: Yes. This was a special operations command program known as Able Danger, and it began in early 2000. And the idea was that military commanders wanted to get a sense of what the global network of Al Qaeda looked like. And Al Qaeda had at that point had just attacked the two embassies in '98—this was almost a year and a half before 9/11. They're on the radar of military commanders and the intelligence community, but they don't know how vast the network is. So they employ this small unit at the Army Intelligence Command to use this very innovative kind of data mining, where they're going to go through classified government databases of cable traffic, of intelligence reports, to find what they have on Al Qaeda. But they're also going to go out and mine information on the Internet. Now remember, this is 2000, this is pre-Google, the Internet is sort of a novel source of information. They're going to go out and crawl the Web to see what information they can find, and then they bring that into their databases, and marry it up with government intelligence to create these elaborate diagrams of Al Qaeda figures and where they are.
The lawyers and the oversight committees on the Hill, when they found out about this, they just started hyperventilating. They looked at this as an instance, potentially, of domestic spying. The orders they gave to the analysts in Able Danger were "shut the program down and destroy everything that you've discovered to date," because the rules say you have to purge the records of any references to U.S. persons. This became rather controversial when, five years later, it was discovered this program was running, and that they actually had early signs of some kind of Al Qaeda presence in the United States. It was very vague; they needed to go deeper on it to find out whether it was real or credible. But they never had the chance to look because the lawyers effectively came in and said "that's domestic spying, you're over the line of privacy, shut it down and destroy everything." Which was exactly what they did.
Reason: Was destroying the database on Al Qaeda that included information about U.S. persons the right call?
Harris: Ultimately, I think that they were reading the privacy regulations and their restrictions very narrowly. We look at that now and think its absurd, the idea that the government can't go out and look at publicly available information to try and form some kind of hypothesis about Al Qaeda. They weren't targeting people, they weren't pulling names in and then investigating Americans, it was just a byproduct of the search. Today, you Google yourself and find all sorts of references and connections to other people. We understand that there's an innocuous aspect to this.
The lawyers were probably overreacting, given the nature of the mission these guys had and what they were actually doing with the information, which was not trying to profile U.S. persons or anything like that. They were just sort of trying to get a handle on the universe of information about Al Qaeda. At the same time, when you're talking about pulling that information into a government database, you have to be more skeptical and the rules have to be tighter.
Katherine Mangu-Ward is a senior editor at Reason magazine.