After poring over 2.5 million pages of documents, interviewing 1,200 people (including almost every senior official from the Clinton and Bush administrations), holding 19 hearings with public testimony from 160 witnesses, the 9/11 Commission issued its final report in July of this year. Fundamentally, the Commission asked two questions: What led to the attacks of 11 September? What can America do to ensure nothing similar ever happens again?
Most of the report is devoted to the first question, with a detailed history of the people, events, and decisions that paved the way for 9/11. Although complex and detailed, the narrative is clear, organized, well-written and (to the Commission’s credit) free of destructive finger-pointing and scapegoating. No matter what your level of expertise, you will learn something.
The second question is addressed with a series of 41 discrete recommendations. Most are sound, but some present problems. For example, the Commission sometimes seems to favor form over substance, arguing for changes in bureaucratic relationships instead of concrete, operational reform.
National Intelligence Director
Do we really need a new National Intelligence Director (NID), over and above the current Director of Central Intelligence (DCI), as the Commission suggested? It would appear so, at least at first glance. The 9/11 report clearly demonstrates the problems caused by diffuse authority within the Intelligence Community (IC). To say nobody is in charge may be an oversimplification, but it contains a lot of truth.
Still, just because the IC needs greater central authority, a NID is not necessarily the answer. The new powers the Commission recommends — control over budgets, authority to hire and fire senior IC managers, and the ability to set universal standards — could just as well reside with the DCI. In fact, the 1947 National Security Act suggests the position already has such authority, though (perhaps unfortunately) it was never spelled out.
The Commission’s main argument against expanding the DCI’s role is that he has too many responsibilities already, e.g., head of CIA, analyst-in-chief for the President, nominal leader of the IC. But this is far from convincing. Responsibility for 1,000 things doesn’t mean doing 1,000 things. Good management is all about delegation and rational subordination, and that holds no less for the DCI than for the head of General Motors.
The focus on bureaucratic solutions also obscures the fact that the most serious problems facing the IC are operational, not organizational.
A good example is the Directorate of Operations (DO), the branch of the CIA that goes abroad and steals secrets. The reason the 9/11 conspiracy was able to function for so many years without detection had little to do with poorly designed org charts. The fundamental reason for the failure was that the DO had no spies in al-Qaeda. Only concrete, working-level reforms within the DO itself will solve that kind of problem. Yet the Commission’s report is dismayingly brief and unimaginative on this crucial point. A better hope for a reinvigorated DO may lie with the appointment of a strong DCI who both understands the DO and its problems, and can articulate a vision of what a true post-Cold War spy agency should look like.
Reform at the FBI
The 9/11 report dismissed the idea of creating an independent domestic U.S. intelligence organization (the British MI-5 model), for mostly sound reasons. Instead, it recommended the FBI put together an internal “specialized and integrated national security workforce…imbued with a deep expertise in intelligence and national security.’ This is often called the service-within-a-service model, i.e., a domestic intelligence service embedded within the larger FBI. The Commission noted with approval the FBI’s new Directorate of Intelligence, which it sees as a step in the right direction.
Unfortunately, despite the sign on the door, the FBI’s fledging “Directorate of Intelligence” does not appear to be a true intelligence organization. A real intelligence service would have dedicated officers doing operational intelligence collection. There would be a macro layer to support and oversee their work — directing them, for example, to collect against al-Qaeda and not the government of India. And they would serve in a career untouched by traditional FBI concerns, like stolen cars, banks robberies, and kidnappings. But what the Bureau is actually building looks more like a police organization with intelligence trappings.
A basic distinction will help make this clear. Intelligence collection (the work of the CIA’s DO and other spy organizations) is fundamentally different from evidence gathering, the purview of law enforcement agencies like the FBI. Intelligence collection is proactive; intelligence organizations look at our knowledge of the world, identify gaps, and then seek to fill the gaps. The result is new understanding and insight.
The evidence gathering done by law enforcement, on the other hand, is essentially reactive. Law enforcement gathers evidence after a crime is committed, and the results are arrest, trial, and conviction. It seeks to discover information (evidence) that will prove someone guilty. In law enforcement, most of the answer is already apparent — e.g., we know Wells-Fargo was robbed. The only questions are who did it and how can we prove it. In the intelligence world, by contrast, the questions are barely understood, much less the answers. An intelligence service puzzles over issues like, What will happen next year? Who can hurt us? What are they thinking? Are they trying to deceive us?
Not only are the law enforcement and intelligence models different, they are at odds. The “crime fighting” assumptions, rules, habits, methods, and legal scaffolding essential to law enforcement will sabotage intelligence work, and vice versa.
If the FBI’s Directorate of Intelligence is to succeed, it will need to be a true clandestine service, almost a domestic version of the CIA’s DO. It must specifically hire people for a career in intelligence, not just pull from the law enforcement side. And an intelligence officer, even in the FBI, cannot be worried about building cases or putting people in jail.
Because the Commission did not take the opportunity to champion real, substantive changes like these, genuine reform at the FBI is less certain than it might have been.
Sharing intelligence and protecting sources
Spy organizations work mightily to keep their intelligence reports secret. And contrary to the 9/11 Commission, this has little to do with any “human or systemic resistance to sharing information.” Instead, it comes from a rational concern for the safety and security of the source of those reports.
The problem of source protection is real. An intelligence report is inherently source-revealing, especially when the content is unique or explicit, or when the event described could be known by only a few individuals. If a report cites the Prime Minister’s private medical records, it’s not difficult to narrow the possible sources to a very few suspects, maybe even a single doctor. In many ways, this problem is even more acute today than during the Cold War. After all, it could be quite difficult for KGB counterintelligence officers to figure out who in the Ministry of Defense was passing classified cable traffic to the Americans, when so many individuals in the labyrinthine Soviet bureaucracy had access. But the Islamist groups we are trying to penetrate today are typically tiny cells of close friends or even relatives. When information from these small cadres gets out, the source is often obvious.
Still, there is no point in collecting intelligence if it’s not used, so a balance must always be struck between source protection and the utility of information sharing. And in this day and age, it is clear the scales must be tilted much more to the sharing side than they were in the past.
Toward this end, the Commission makes a good recommendation: begin every intelligence report with the information in its most sharable form, sanitized enough to protect the source, but still sufficiently detailed to be useful. That opening paragraph or two could then be widely shared.
The CIA has actually been doing something close to this for years with its terrorist threat reporting. At the end of each threat report, an unclassified “tear line” version of the intelligence is always included for passage to people without security clearances, like policemen or airline employees. There is no reason we couldn’t do this with almost every report the Agency produces. With few exceptions, any piece of intelligence can be sanitized to the point where risk to the source is acceptably low, but the information still has value. The Commission suggested the “need to know” principle be replaced with “need to share,” but maybe an even better principle would be “build to share.” If CIA officers understand they must provide an unclassified tear line with every HUMINT report they produce, they can write the intelligence accordingly. And in those rare circumstances when source sensitivity is so great that a tear line is impossible, the Chief of Station should have the authority to omit it.
One former senior DO official takes this a step further. He suggests that the intelligence classification regime pertain only to the Federal government, so that when intelligence leaves Federal institutions (like the CIA or FBI) and goes to state and local authorities, it would do so in an unclassified form. Security clearances would no longer be an issue for state troopers, we wouldn’t need expensive and temperamental secure telephones in the governors mansions, and officers on both sides of the Federal divide wouldn’t need to worry about making those dicey (and often subjective) need-to-know judgments.
The 9/11 Commissioners and staff performed a valuable and commendable service, and their report deserves to be read. But we must treat their recommendations as just that, and objectively consider the best steps to take next in combating terrorism. The safety of our nation requires nothing less.