J.J. Goldberg

How CIA-FBI Tech Fiasco Spawned the NSA Scandal

By J.J. Goldberg

  • Print
  • Share Share
Getty Images

Of all the startling disclosures to emerge from the unfolding NSA data-collection scandal, perhaps the most shocking is this: As the Washington Post reported on June 8, the material collected from Internet company servers is electronically “pushed” to classified FBI computers in Quantico, Virginia, and then “shared with the NSA or other authorized intelligence agencies.”

Wow. Who knew the FBI had computers that could communicate with other agencies?

The last time the topic came up, back in 2007, things didn’t work that way. That’s when we learned that the FBI and CIA had incompatible computer systems that couldn’t interface to share information or even communicate. It caused a flurry of tut-tutting and then disappeared from view.

The story of the computer glitch was contained in a pair of documents released several months apart, scrubbed versions of secret reports by the two agencies’ inspector-generals’ offices, examining the intelligence failures that led up to the September 11 attacks. The FBI report was completed in November 2004 and released in June 2006; the CIA report was completed in June 2005 and released in August 2007.

The computer disconnect was part of a larger problem described in similar terms in both reports: a deep-rooted inability of the CIA and FBI to share information. The result was that they missed clues that would have lit red lights all over Washington, long before the attacks, if somebody had managed to put two and two together. One expert, former CIA staffer Robert Baer, writing in Time magazine in 2007 about the CIA disclosures, called the communication breakdown “the smoking gun” that let the attackers slip through.

Partly the failure was a reflection of radically different organizational cultures. Things that seemed important to one agency didn’t interest the other. As one observer put it, the CIA looked for intelligence, while the FBI gathered evidence. Moreover, the CIA tracked suspects operating overseas, but dropped them when they entered the United States and became the FBI’s problem—without always telling the FBI.

Partly, too, it was a result of turf wars between the two agencies, and between both of them and the National Security Agency, which didn’t like sharing anything with anyone. And a very big part of the problem was their very literal inability to communicate: Their computer systems didn’t interface, and nobody in either agency had the power or authority to order a retooling so they could link up. That was up to the president or Congress.

The CIA inspector’s report that spelled out its version of the events was released on August 21, 2007, two years after it had been completed. As CIA director Michael Hayden explained in a remarkable press statement accompanying the publication, he was releasing it against his better judgment under orders from Congress. A “lengthy and complex” bill passed earlier in the month, “implementing some of the recommendations of the 9/11 Commission,” had given him 30 days to prepare a scrubbed version of the inspector general’s report for public release.

He was referring to the Protect America Act of 2007. It’s commonly described as an effort by the Bush administration to legalize the NSA warrantless wiretapping program that had been exposed two years earlier by The New York Times. The bill was sent by the president to Congress on July 28 and rushed through both houses on August 3 and 4, virtually without debate and largely along party lines—most Democrats opposed, nearly all Republicans and minorities of Democrats in favor. Bush signed it into law on August 5.

The bill was framed as an amendment to the Foreign Intelligence Surveillance Act of 1978, giving the intelligence agencies a broad mandate to monitor communication among foreign citizens that passed through American-based telephone and Internet circuitry. Just how broad a mandate is the subject of the current national furor, touched off by Ed Snowden’s leaks to the Guardian and the Washington Post.

Less noticed, the bill was also intended to fix the mess exposed by the CIA and FBI inspector generals’ reports by creating a computerized flow of information about suspected terrorist plots and ensuring that it’s shared among the relevant intelligence and enforcement agencies.

Those reports make for reading that’s by turns compelling, hair-raising and hilarious. One of the most detailed narratives—the FBI version takes up 140 pages in the bureau’s 437-page IG report—concerns the tracking of two known Al Qaeda operatives, Nawaf al-Hazmi and Khalid al-Mihdhar, who were spotted heading to a “meeting of suspected terrorists” in Malaysia in January 2000. A report from a CIA location in Kuala Lumpur in late January said that one of them, apparently Hazmi—the reports are unclear and contradictory—was known to have a valid U.S. entry visa, and that the other either had been or was planning to be visiting Los Angeles. In March, CIA HQ learned that either Mihdhar or both, depending which agency’s report you read, had in fact visited Los Angeles and San Diego in late January.

Between January and March, cables originating in four CIA stations as well as CIA headquarters in Langley were read by somewhere between 50 and 60 CIA employees, describing the pair’s movements. But all those alarms, ringing at different times in different cities, didn’t add up to a single big alarm bell spurring Langley to action.

In late January, the CIA began the complicated process of sending a memo to the FBI suggesting that it look out for the duo. It’s not entirely clear why sending a memo had to be so complicated, but somehow the memo never got sent. Neither agency’s report is able to explain what went wrong. Tellingly, though, the FBI report says the ball was dropped by a CIA employee assigned to FBI headquarters as a liaison, while the CIA report blames it on an FBI employee assigned to CIA headquarters. The assignment of on-site liaison officers was supposed to be a mechanism to exchange information, given the inability of the two agencies to communicate by email.

The CIA says it finally began the process of putting Hazmi and Mihdhar on the Immigration and Nationalization Service watch list in August 2001, so that border and airport security agents would be on the lookout for them. But the FBI learned in August that the pair had entered the United States on July 4, and it began a manhunt for them. It never found them. They finally showed up on September 11, as two of the 19 hijackers.


Would you like to receive updates about new stories?




















We will not share your e-mail address or other personal information.

Already subscribed? Manage your subscription.