Making Intelligence Smarter
Agencies must find a new balance between electronic eavesdropping and spies on the ground to counter global terrorism
ARTWORK: PETE MCARTHUR
This is part of IEEE Spectrum's special report: Critical Challenges 2002: Technology Takes On
In 1985, when espionage was a civilized if aggressive game played by the West and the Soviet Bloc, the death of William Francis Buckley was a nasty reminder of how brutal the business could be. Buckley, chief of the U.S. Central Intelligence Agency's bureau in Beirut, Lebanon, was abducted by Islamic Shiite fundamentalists on 16 March 1984. He was tortured intermittently for the next 15 months before dying after a torture session at age 57. Six years later, his skull and some bones were found in a plastic sack beside a road near the Beirut airport.
Such ruthlessness was unusual among the Cold War's bureaucratic spooks. "The worst that would happen..., if you were an American with diplomatic immunity caught spying in Moscow, was that you'd be held for a few hours and then reluctantly let go and declared persona non grata," R. James Woolsey, a former director of the Central Intelligence Agency (CIA), in Langley, Va., told IEEE Spectrum. In those days, there were rules and even a grudging respect for the enemy when the game was played well. The stakes were often so esoteric--missile throw weights, nuclear megatonnage, or machinations in Guatemala or Angola--that the only spectators were the practitioners themselves. A manual for a new U.S. reconnaissance satellite falling into Soviet hands counted as a traumatic intelligence failure.
Ah, the good old days. Now, an intelligence lapse can mean thousands of civilians dead, hundreds of billions of dollars in economic losses, babies stricken with potentially fatal diseases, and video images of unspeakable horror ricocheting around the globe. Rarely has intelligence been so vital to U.S., Russian, and European national security, and never before has the intelligence challenge been viewed so grimly.
As the wreckage from the terrorist attacks of 11 September smoldered, cries of "intelligence failure" sounded in the U.S. Congress and were duly amplified in print and broadcast media. Unquestionably, the catastrophe revealed dire weaknesses and equally dire obstacles to their correction. The world's sprawling intelligence agencies had evolved over decades to counter the Cold War's relatively stable and arcane threats. The question now is, can these agencies adapt fast enough to a foe that is far more fanatical and decentralized, whose culture is incomprehensible to most outsiders, and whose action plan boils down to murdering as many Westerners as possible? Although many intelligence services are affected, the heaviest burden will fall on the sprawling U.S. espionage apparatus, the largest and best equipped.
Of course, modern terrorism encompasses other entities besides the shifting array of international radical Islamic groups. But of all militants, these last have demonstrated the most determination and success in killing Westerners and destroying Western property. Therefore, U.S. and allied intelligence officials--and even their former Cold War adversaries--are now focusing their resources on these groups. Of special interest is al Qaeda, the radical organization believed to be behind the 11 September and earlier attacks and with whom the Saudi-born multimillionaire Osama bin Laden is identified.
As U.S., European, and Russian intelligence begin adapting themselves to al Qaeda and its kind, the demise of William Buckley--by some accounts the CIA's top expert on terrorism--prefigures the rough going ahead. Whereas espionage once had some rules, "That's simply not true in a war against a bin Laden or a Saddam Hussein," Woolsey affirmed, adding "I compare them to Torquemada," the 15th century leader of the Spanish Inquisition. "There are no rules."
A fragmented community
In the United States, analyses of intelligence weaknesses before and after 11 September have focused on four areas:
Human inadequacies in analysis, language skills, and especially spying--the gathering of data from informers within a hostile organization or targeted government.
Growing gaps in technical intelligence in, for example, the ability to decrypt, analyze, and deliver expeditiously messages intercepted amid the oceans of encrypted e-mail, phone calls, and other communications monitored around the world.
Lack of cooperation between organizations that collect foreign intelligence and others that counter the intelligence activities and terrorism of foreign countries at home.
Spotty relations among various countries' intelligence services, which interfere with the effort to combat international organizations, such as al Qaeda, which is thought to have agents in dozens of countries.
An understanding of these deficiencies calls for some perspective on modern intelligence. Take the complex and fragmented U.S. intelligence community. A total of 13 government agencies have intelligence responsibilities of some kind [see illustration, top of page], for which they share a budget put at US $30 billion this fiscal year and roughly $33 billion for 2002 (the exact figures are secret).
Among the most important is the CIA, paid to the tune of $3 billion a year for spying, covert operations, and intelligence analysis. The National Security Agency (NSA), a part of the Department of Defense located in Fort George G. Meade, Md., has a dual role: it intercepts and decrypts communications and other signals through the use of a worldwide interception network and a fleet of eavesdropping satellites, and it also develops the encryption technology used to keep sensitive U.S. government communiqués secret. Its budget is believed to be around $4 billion a year. The Federal Bureau of Investigation (FBI), in Washington, D.C., the only one of this group whose budget is unclassified, received $3.25 billion last year to fund its efforts to protect the United States from a broad range of threats, including terrorism.
In the barrage of criticism after the 11 September attacks, a recurring theme was that U.S. intelligence had grown too reliant on technical intelligence, allowing its human intelligence assets to deteriorate. Human intelligence, or spying, can be a devastating weapon against terrorists because in the right circumstances it reveals the specific dates, targets, plans, and people involved in a plot. Technical intelligence, most commonly intercepted communications, is typically less useful because attackers generally do not discuss specifics over e-mail or telephone links. Also, organizations like al Qaeda may routinely use false messages to confuse their pursuers.
"I'll take a live source any day over an electronic intercept," declared Robert M. Blitzer, a former chief of the domestic terrorism/counterterrorism planning section at the FBI. Nevertheless, heavier communications traffic and intercepted cryptic references can alert officials that a strike may be planned, without giving them any vital details. Apparently intercepts, along with a smattering of human intelligence, were behind the maddeningly vague alerts issued by U.S. Attorney General John D. Ashcroft in October and early December.
While few observers dispute that the CIA's human intelligence assets languished during the 1990s, others warn against viewing spying as a panacea. "Human intelligence is not as good as people think it is," insisted Melvin A. Goodman, a former CIA analyst. And several factors conspire to immunize radical Islam against spies. For one, fundamentalist strains associated with terrorism preach self-denial. Offers of money or sex, the time-honored lures for spies, would probably do more harm than good.
Also, fanatical devotion to their cause makes it hard to "turn" insiders and to get useful information out of apprehended coconspirators. "They don't care if they go to jail--they don't even care if they die," said Blitzer, now an assistant vice president at Science Applications International Corp., McLean, Va.
"Al Qaeda is almost an impossible target," added Goodman, now on the faculty at the National War College, Washington, D.C. "You're just not ever going to come across an asset for penetration of a terrorist group like that." An alternative to recruiting an insider is insinuating a spy into the group. This strategy poses even greater obstacles, noted Magnus Ranstorp, a terrorism expert and professor at the University of St. Andrews in Fife, Scotland. Deep mistrust of outsiders makes infiltration improbable, Ranstorp said.
Most disheartening of all, even if an agency succeeded in inserting multiple spies into a terrorist organization, the organization might still carry out terrible attacks, such as last 11 September's, without the spies getting any forewarning. As Ranstorp explained, al Qaeda appears to have mastered espionage basics, including compartmentalization of the organization. Thus, unless the agents themselves were against all odds selected for some major attack, they would probably have little or no prior knowledge of a strike.
Balancing human and technical
Even so, Western and Russian intelligence agencies now have little choice but to infiltrate the vanguard of militant Islam--though not at the expense of their capabilities in technical intelligence, experts and former intelligence officials caution.
Reid Morden, a former director of the Canadian Security Intelligence Service, a counterintelligence agency in Ottawa similar to the UK's MI5, noted that officials always strive to fuse human and technical intelligence--and that this fusion will be more crucial than ever in the confrontation with radical Islam. For example, information gleaned from electronic intercepts may lead intelligence officers to a human source or may confirm or amplify a source's contributions. "Once you get your source, keeping an eye on him electronically is a very good way of making sure he's being square with you," Morden told Spectrum.
Human intelligence, conversely, can increase the value and utility of technical assets, Morden noted, by helping direct officials to the faint whispers of useful information to be gathered amid the cacophony of signals intercepted every day. Thus it can help technical-intelligence officials with one of their most intractable tasks: winnowing staggering amounts of information.
The NSA, along with its counterparts in Canada, the UK, Australia, and New Zealand, uses a worldwide network to intercept messages and to carry out other forms of signals intelligence. Included in the network are hundreds of fixed listening stations, as well as eavesdropping satellites and airplanes and even, it is thought, submarines tapping undersea cable. 1.Intelligence.f3bLike most details about the agency's operations, how much raw data these intercept facilities haul in every day is classified. But some observers speculate it is comparable to all the information in all the books in the Library of Congress.
George J. Tenet, director of Central Intelligence, told the U.S. Senate in February that "terrorists are seeking out 'softer' targets that provide opportunities for mass casualties."
To cope with this deluge and also to share findings with its allies, the NSA applies advanced technology aggressively. An intercept network run by the agency and its counterparts in Canada, the UK, Australia, and New Zealand reportedly snares cellular, fiber-optic, satellite, and microwave traffic from intercept stations all over the world. Some details about technology used with the network, known in the 1990s by the code name Echelon, came to light in books and press accounts in the mid-1990s.
According to the accounts, each participating intelligence service and every listening station maintains lists of code words and phrases, called a dictionary. All Echelon intercepts (decrypted if necessary) are scoured for those words or phrases by advanced voice-recognition and optical-character-recognition technologies coupled to powerful search programs running on supercomputers. If found, the messages or conversations are automatically forwarded to the appropriate intelligence service for further analysis. Some say the system also employs sophisticated software to recognize individual voice patterns, so that a specific person can be targeted.
Certainly such an advanced system would be in keeping with the mandate of the NSA, which has long pushed the state of the art in semiconductors, electro-optics, signal processing, data storage, antennas, and other electronics categories. It is believed to use the world's most powerful supercomputers in its decryption efforts and to employ more mathematicians than any other organization anywhere. Nevertheless, the agency's response to monumental changes in communications over the past 10-20 years has not been untroubled. The Internet, e-mail, and cellular telephony have ignited an explosion in data and wireless transmissions, and by a number of accounts the agency has found it increasingly difficult to keep up.
Perhaps most disruptive to the agency's operations was the wholesale shift to fiber optics and packet switching. Fiber-optic lines are a lot harder than copper wires or microwave links to tap into--cutting into the hair-thin strands would likely destroy them. Even if light could be siphoned out of a strand without fatally damaging it, technicians would find it difficult to do so without the cable operator spotting the loss of light and hence the tap.
Submarine cables pose the biggest challenge: they often carry the international traffic of greatest interest, but they are in the crushing depths of the ocean bottom, beneath hundreds of meters of cold black water. Still, the situation is less onerous than it would seem--at least for now--for several reasons. One is that in the United States, the NSA can apparently tap into the cables without resort to submarines or subterfuge: "It is said that many of the international telecommunications companies, certainly those domiciled in the United States or with a substantial presence there, just let the NSA have it for free," said John Pike, who directs Globalsecurity.org, a think tank on national security in Alexandria, Va.
Thus, the agency's problem is probably limited to undersea cables that do not terminate in the United States. Of those, "some are too boring to worry about," as Pike puts it. Of the others, many use old-style electro-optical repeaters that strengthen the optical signals at intervals along the line by converting them into electrical impulses, amplifying them, and then reconverting the amplified pulses back into light. For the short while the signals are electrical, they emanate electromagnetic energy. That energy can be picked up inductively from the repeater by an appropriately equipped spy sub, several of which are known to be accessible to the agency.
Unfortunately for the NSA, electro-optical repeaters are now obsolete. Recent undersea cables use so-called fiber amplifiers. In essence, these are short stretches of fiber doped with the element erbium and pumped with a laser. The photons entering the erbium-doped region stimulate the emission of many more photons. The signal is never electronic, and no energy emanates from the amplifiers.
Nevertheless, outside experts believe the agency has successfully prepared for this eventuality. The agency's methods and capabilities are among the most guarded of all government secrets (indeed, tapping into an undersea cable is probably unlawful), but an article in The Wall Street Journal last May quoted former intelligence officials who confirmed that NSA technicians used a special submarine to tap into a fiber-optic cable on the seafloor in the mid-1990s--around the same time that fiber amplifiers began displacing electro-optic amplifiers. The sub supposedly had a special compartment into which the cable could be hauled, enabling technicians to install the tap.
The challenge would have been extreme. The individual fibers are in a cable sheathed in plastic, a copper conductor that carries thousands of volts at about 1 A to power the fiber amplifiers, and a protective covering of hardened stainless steel. If the signal were interrupted for even an infinitesimally brief instant, operators of the cable would know, because the flow of data is monitored at each end many times every second.
Fiber-optics experts contacted by Spectrum speculated that the tap would have been achieved by bending the fiber fairly sharply, causing some signal radiation to leak out of the fiber. If done carefully, the bend would have leaked just enough light to detect with suitable imaging optics and photodetectors, the experts said, and not enough to trigger a low-light condition farther down the line.
Further evidence of the NSA's ability to tap undersea fiber-optic cables--and its intention to go on doing it--is a $1 billion project at Electric Boat, Groton, Conn., to outfit a new Navy submarine, the USS Jimmy Carter, with a special 45-meter-long section. The Navy has never disclosed the exact purpose of the expensive addition to the $2.4 billion sub, but most observers, including Pike, believe it is to tap undersea fiber-optic cables.
Hard as it is to believe that the NSA can carry out such delicate technical work hundreds of meters beneath the sea, "it is rather more difficult for me to describe what they do with this enormous quantity of material once they get it," said Pike. An undersea cable might have 8-16 individual fibers, each of which would have as many as 64 channels. Each channel would carry 2.5 or 10 Gb/s. So tapping into even a single fiber for a few minutes would produce a quantity of data that could not be reasonably stored aboard a submarine.
Pike, for one, thinks it is possible the NSA may have plans to run its own undersea fiber-optic cables from a tap to shore. "I wouldn't put it past them," he said, noting that military intelligence agencies used to run undersea cables routinely during the Cold War to collect data from the sonar arrays that tracked Soviet subs.
Packet switching is another obstacle. The technique, now ubiquitous in telephony and most forms of data transmission, assigns the bits of a digital transmission to small groups called packets. Individual packets can then take any route to their destination, where they are reassembled into the original message or utterance. The problem for a would-be eavesdropper is keeping track of the packets: it is difficult to reassemble a message when its fragments might zoom through any of hundreds or thousands of routings. "It's one of the key problems the NSA is facing," said James Bamford, author of Body of Secrets, a recent book about the agency. "They've had successes, but it's an enormous challenge."
Traditionally, the biggest challenge of all is decryption. For al Qaeda, though, decryption is seemingly a nonissue. The group's operatives apparently had no use for the many encryption programs available commercially or without charge on the Internet, preferring to use speaking codes, often over the public phone network. In those codes, which are not unlike those associated with organized crime, references to subjects such as the weather veil news or instructions about some secret operation. Really sensitive information is delivered in person, according to Ranstorp and others familiar with al Qaeda's operating procedures.
Until a few years ago, bin Laden himself had no qualms about using satellite telephones. According to Bamford, NSA officials used to entertain visitors from other intelligence agencies by playing tapes of bin Laden speaking to his mother in Syria. Agency employees snagged the conversations on their way to and from an Inmarsat satellite in the mid-1990s, Bamford explained. But disclosure of the agency's parlor trick in the U.S. press in the late 1990s may have been one of the reasons why bin Laden stopped using a satellite phone.
Points to Ponder
BUDGET UP The U.S. intelligence budget went from $30 billion in 2001 to $33 billion in 2002.
SEABOTTOM SKULDUGGERY Observers say the Defense Department is spending $1 billion to equip a submarine to tap undersea fiber-optic cables.
MATHEMATICIANS NEEDED The National Security Agency employs more people in this occupation than does any other organization.
Does the fact that al Qaeda eschews cryptography mean that the U.S. security agency's vaunted supercomputers, software, and other decryption resources are now useless? After all, during the Cold War, the NSA brought three-quarters of its resources to bear on the Soviet Bloc--a proportion that many believe will now be devoted to Islamic-fundamentalist terror.
Nevertheless, now is not the time to short-change technical capabilities, insisted Cipher A. Deavours, a cryptography expert and professor at Kean University, Union, N.J. Interception was vital to the U.S. government's effort to establish al Qaeda's role in the atrocities. After the attacks, Senator Orrin G. Hatch (R-Utah), who had been briefed about incriminating intercepts between bin Laden associates, told journalists about them--to the fury of intelligence officials, who strive to protect their sources.
Intercepts were also key to the subsequent identification and apprehension of al Qaeda associates in the United States and Europe. And though al Qaeda itself apparently avoids encryption, U.S. officials said two global Islamic financial networks--al Barakaat and al Taqwa--provided it with encrypted communications channels that bin Laden used to send intelligence and instructions to his operatives worldwide.
Decryption capabilities are invaluable for establishing which nations are aiding a terrorist organization. Encrypted diplomatic communications of such countries or their allies, enemies, or financial institutions might contain information about secret arrangements. Decryption capabilities can also help officials keep tabs on foreign intelligence services that are ostensibly friendly but may in fact have links to terrorism.
Such was the case with Pakistan's Inter-Services Intelligence (ISI), in Islamabad. It is now reportedly cooperating with the CIA in the war in Afghanistan. But until 11 September, at least, the ISI had close ties not only to the Taliban in that country but also to al Qaeda. If no official ties linger, still, "one-third of all Pakistani military and intelligence is sympathetic to the Taliban," terrorist expert Ranstorp said in an interview last November.
Sharing and secrecy
For the intelligence community, the work is far from done when the human or technical intelligence has been collected, decrypted, and analyzed. Distributing the results quickly and to the right people--in other words, sharing the information so that it actually does some good--is trickier than it seems. Getting maximum benefit out of the data may demand that it be liberally distributed, which is at odds with secrecy. "Intelligence sharing and security are like liberty and equality," declared Woolsey. "They are both admirable values that sometimes come into conflict with each other."
The balance between sharing and security will be severely tested in coming months. Unlike the esoteric endeavors of the Cold War, fighting terrorism will often require the help of domestic and local law enforcement. "The front lines of defense against terrorism are not abroad, they are at home," said Goodman, the former CIA analyst.
The collaboration is needed for many reasons beyond the fact that it is law enforcement that will have to respond when a terrorist strike occurs. For instance, a hallmark of the new terrorism as practiced by al Qaeda and its affiliates is more aggressive use of financial crime--credit-card and bank fraud and such, said Ranstorp, who has been studying al Qaeda since 1996. The crimes let terrorist cells amass the cash needed to sustain them and help fund the larger organization's activities while remaining securely independent of other cells.
By sharing information and working together, intelligence and law-enforcement officials might be able to determine which financial criminals are also terrorists. Nevertheless, some veterans cringe at the idea of wide sharing of intelligence with local police departments, particularly when reports are very sensitive and come from a foreign intelligence service. "They're not trained in national security-type intelligence," noted Blitzer, the former FBI official. "The possibility of leaking information is substantial."
Such misgivings have apparently blocked the flow of intelligence data to local law enforcement. Tom Ridge, the director of the White House's new Office of Homeland Security, declared that police officers are the primary defenders of domestic security. Nevertheless, reports in mid-December suggested that police chiefs and big-city mayors were receiving no more specific intelligence from federal agencies than was the general public.
The complexities and risks of sharing intelligence go up when services from two or more countries are involved. Yet such arrangements will have to catch on if counterterrorists are to contend with loose-knit groups like al Qaeda, with operations, alliances, and financial networks that span the globe.
After a decade of drift in which intelligence agencies seemed to be casting about for a mission worthy of their big budgets, they have at last found one. But in adapting to global terrorism inspired by Islamist fundamentalism, those agencies will be forced to reassess many long-held customs and beliefs. They will have to find new human assets, including spies and analysts, and new ways to use their technical infrastructures, while cooperating more actively with domestic partners and with foreign intelligence services of every stripe.
As in the Cold War days, most intelligence successes will remain secret. But in the pitiless new world in which these agencies will have to operate, their most spectacular failures will surely reverberate worldwide. And failures there will be, as always. As Bamford put it, referring to the 11 September attacks, "It's probably not going to happen again. But there are going to be other terrorist incidents. They won't be as big, but they're going to happen. Live with it. Life goes on."
To Probe Further
A firsthand account of the lassitude in aspects of human intelligence gathering and analysis is presented in "The Counterterrorist Myth" (The Atlantic Monthly, July/August 2001). The article, written by Ruel Marc Gerecht, a former CIA case officer who became disillusioned with the agency, is available at http://www.theatlantic.com/issues/2001/07/gerecht.htm
The report of the National Commission on Terrorism, "Countering the Changing Threat of International Terrorism," contains sections on intelligence challenges. Parts of the report, which was prepared for the U.S. Congress, are available in PDF format at http://w3.access.gpo.gov/nct/.
James Bamford's most recent book on the National Security Agency, Body of Secrets, was published by Doubleday, New York, in 2001.