Terrorism and SIGINT efficacy
My generation has grown up, in the wake of September 11, 2001, against the backdrop of a persistent terrorist threat*; the result of an unprecedented public response to terrorism which has forever altered our relationship to the idea of “the terrorist.” However, as argued by Jacob N. Shapiro in his book The Terrorist’s Dilemma, terrorist groups aren’t nearly as dangerous, capable, or committed as we often give them credit for.
The September 11 attack is an outlier among terrorist operations, and ultimately succeeded due more to counterintelligence failures than effective operational strategy on the part of al-Qa’ida (AQ). It is impossible for any sizable terrorist group to operate in secret anymore, and as Shapiro explains, “terrorists are every bit as, if not more, venal, self-important, and short-sighted as the rest of us” (2).** This means they are not so different from any other human organization, except they are often operating in adversarial environments, which puts them at a tremendous disadvantage***, due to the impossibility of maintaining both perfect control and perfect secrecy.
In a recent interview with NPR, NSA’s top civilian official, John C. Inglis, admitted that at most one terrorist “event” was hindered thanks to the NSA’s telephone metadata collection program. That event was a wire transfer to a Somali terrorist group. The New York Times recently reported on a 238-page analysis by The Privacy and Civil Liberties Oversight Board, an independent federal privacy watchdog, which not only concludes the bulk metadata collection program is illegal, but also found “no instance in which the program directly contributed to the discovery of a previously unknown terrorist plot or the disruption of a terrorist attack.” This shows that politicians and officials who cite terrorism prevention as a reason why such invasive NSA programs are necessary are, at best, misinformed, and at worst, being intentionally deceitful.
Given what we know about how terrorist groups operate, and the history of effective counter terrorism efforts, the fact that bulk data collection hasn’t proven particularly useful in preventing terrorist activity isn’t all that surprising. This type of bulk data collection falls into the category of signals intelligence, or SIGINT. And while SIGINT is important, it is almost always secondary to, and serving, human intelligence, or HUMINT (i.e., spies, informants, moles). SIGINT is limited on its own, especially in an un-targeted dragnet capacity. CIA Clandestine Service veteran, Hank Crumpton, illustrates this point, in reference to AQ in Afghanistan, in The Art of Intelligence: “Because we had developed a dynamic network throughout Afghanistan, our HUMINT, complemented by SIGINT and IMINT [Imagery Intelligence], was very good. We knew the enemy. We knew where to look…” And that is the key: knowing the enemy, and thus knowing where to look. Looking everywhere, at everyone, essentially blind, is not a useful targeting scope. This is largely due to the fact that modern terrorist organizations have fairly sophisticated communications security to prevent interception of critical information, often using encryption and/or open codes. In many cases, the codes used are unique to each specific operational cell within a group, and are rarely deciphered until after the cell is breached, or eliminated. That makes it difficult for law enforcement to scan bulk data for ‘standard’ code words. AQ expert Abdel Bari Atwan, in analyzing communications on dedicated jihadi websites, argues “al Qa’ida members probably did not need to encrypt their [web forum] communications, relying instead on the jihadi visitors ‘sixth sense’ of what was being communicated through the text and various signposts, which would thwart law enforcement efforts to casually drop into a [web forum] and pick up hidden messages without a substantial background on the forum” (Mobley, 161). This further illustrates the difficulty of scanning for codes. But if a group is infiltrated, either through internal recruitment or placing an agent, communication channels and code words can be uncovered, providing an agency the intel they need to know where to look, and what to look for.
Additionally, AQ has proven capable of effective information compartmentation, especially when dealing with critical operational details. For example, “al Qa’ida restricted information about the [9/11] operation among its cells. Only Bin Laden, KSM (Khalid Sheikh Mohammed), Atef (Mohammed Atef Al-Masri), and a few senior hijackers knew about the specific timing, targets, operatives, and method of attack” (Mobley, 141). Communication between those leaders, when not face to face, is often facilitated by relay networks of couriers who “probably [do] not know the purpose or end user of their ‘package'” (Mobley, 143), making it hard to detect the communication and making the intelligence value of the couriers slim to none. This type of operational landscape—wherein the adversary is effectively compartmenting information, practicing strong communications security, and taking measures to prevent detection—severely limits the efficacy of SIGINT.
For a concrete example of how crucial compartmentation and attention to tradecraft is, we can examine how Hezbollah rolled up CIA and Israeli intelligence rings in Lebanon in 2011. The details revealed in the wake of those operational compromises showed Hezbollah arrived at specific targets through double agents (HUMINT), and exploited sloppy tradecraft in the US and Israeli operations. It is likely they severely underestimated Hezbollah’s counterintelligence capabilities, which led them to fall into predictable patterns. They weren’t properly securing/dumping cell phones, and they overused meeting locations with poorly chosen code words, such as “pizza” to indicate meeting at a Pizza Hut in Beirut. A mistake Hezbollah, and other terrorist groups, are unlikely to make when assessing the counterintelligence capabilities of the United States and its allies. To quote from Blake Mobley’s dissertation Terrorist Group Counterintelligence, “Many terrorist groups assume that their state adversary occasionally lives up to the quasi-omniscient reputation that the popular media and culture tend to promote.” This gives state adversaries a tremendous advantage, as terrorist groups “expend valuable resources to protect against [potentially] illusory intelligence capabilities. Terrorist groups that assume their adversary has near-omniscience will be more likely to believe the adversary regularly compromises group members and critical internal communications pathways” (375). This dynamic decreases efficiency, and increases paranoia, within terrorist groups, but also means groups are constantly devising ever cleverer ways to evade detection.
Most importantly, as referenced above, there is evidence that the dragnet strategies simply are not working at home. Invasive bulk metadata collection is scooping up an alarming amount of “collateral” intelligence on innocent American citizens, and innocent people around the world, with zero proven security benefit. We’ve seen a few cases where NSA employees abuse their access to that information for petty reasons (spying on exes and potential lovers), but the programs are most alarming when contexualized in the shadow of government programs like COINTELPRO. (Such as the NSA targeting ‘radicals,’ with intent to discredit them over web browsing habits.) One of the major dangers of these programs is their threat to dissent and free thought.
Another concept that stood out to me in reading Shapiro was that the “cognitive dynamics of underground organizations lead to cells losing touch with their original goals and [valuing] action in its own right.” Operatives spend the majority of their time together, and are not allowed to talk to anyone else about group operations. That lack of external contact leads to increased internal discussion of ideology, which results in a “self-reinforcing cycle.” I see this same problem occurring within the NSA, and other intelligence agencies. They’ve lost sight of their goal: to protect us. They have realized all these new capabilities, convinced themselves what they are doing is for the greater good, and now value action in its own right, instead of for its efficacy.
* I was 12 years old on 9/11/01, and just recently celebrated my 25th birthday, to give perspective on my timeline