Interesting People mailing list archives
more on Privacy and 9/11
From: Dave Farber <dave () farber net>
Date: Sat, 03 Jan 2004 20:30:22 -0500
Delivered-To: dfarber+ () ux13 sp cs cmu edu Date: Sat, 03 Jan 2004 15:13:15 -0800 From: Lee Tien <tien () well com> Subject: Re: [IP] Privacy and 9/11 X-Sender: tien () mail well com To: Dave Farber <dave () farber net> Cc: tien () eff org, eff-civlib () eff org Dave, IMHO, Stewart Baker's article tells only a part of the story about privacy and 9/11. It talks about how in late August 2001 the FBI couldn't find two known hijackers (al-Hazmi and al-Mihdhar) in the United States -- "our last chance" to stop the 9/11 attacks -- and it blames that failure largely on the so-called "wall" between intelligence and law enforcement intended to protect the "theoretical" privacy of U.S. persons (e.g., the Foreign Intelligence Surveillance Act (FISA) before its amendment by the PATRIOT Act). I think this is a very questionable argument. In my view, most of what went wrong involved managerial, organizational and resource problems. Not the law or courts or those who care about privacy. My main criticism of the article is pretty simple: It focuses on "our last chance" in late August 2001 but ignores all the chances missed before then. It doesn't say that in January 2000, the CIA had intelligence from overseas that al-Hazmi and al-Mihdhar, already believed to be al-Qaida members, were coming to the United States --but didn't put their names on a watchlist that might have kept them out of the country or led to more information. It doesn't say that in March 2000, CIA HQ learned that one of the two men had traveled to Los Angeles on Jan. 15, 2000 --but again didn't put them on a watchlist, --and didn't tell the FBI about them. (See below for a more detailed chronology) Once you think about the chances missed before that "last chance," the "wall" looks much less important than the CIA's 18-month failure to follow Intelligence Community watchlisting guidelines. The declassified Joint Intelligence Committee report makes clear that "there was no formal process in place . . . prior to September 11 for watchlisting suspected terrorists, even where, as was the case with al-Hazmi and al-Mihdhbar, there were indications of travel to the United States," that some CIA personnel "received no training on watchlisting," and that "names were added on an ad hoc basis." More generally, the legal "wall" looks a lot less important than the Intelligence Community's* failure as to overseas (not domestic) intelligence: --to know what it knew --to share what it knew with the rest of the government. [*The FBI had and has similar problems, but this isn't the place to discuss them.] In short, this is a story largely about agencies not doing what they were supposed to be doing under their own, pre-9/11 rules during all of 2000 and early 2001. That's no justification for weakening rules intended to protect privacy of U.S. persons against domestic intelligence-gathering or data-mining. Below is a very condensed summary of some of the rest of the story. Lee Tien Senior Staff Attorney Electronic Frontier Foundation * * * * [Disclaimer: I'm no intelligence expert and I'll never have Stewart Baker's credentials, so skeptical readers should look at the redacted, unclassified Final Report of the U.S. Senate Select Committee on Intelligence and U.S. House Permanent Select Committee on Intelligence, Joint Inquiry into Intelligence Community Activities Before and After the Terrorist Attacks of September 11, 2001, S. Rept. No. 107-351 & H. Rept. No. 107-792 (Dec. 20, 2002). http://news.findlaw.com/hdocs/docs/911rpt/ http://www.thememoryhole.org/911/hearings/ http://www.iwar.org.uk/sigint/resources/creport-911/index.htm Although I don't agree with all of the report (800+ pages), it presents the most comprehensive analysis of the myriad issues that I've seen. All quotations below are from that report.] * * * * Stewart Baker's article says that it's a "quiet scandal" that
For two and a half weeks before the attacks, the U.S. government knew the names of two hijackers. It knew they were al-Qaida killers and that they were already in the United States. In fact, the two were living openly under their own names, Khalid al-Mihdhar and Nawaf al-Hazmi. They used those names for financial transactions, flight school, to earn frequent flier miles, and to procure a California identity card.
Calling the FBI's failure to find two known hijackers in August 2001 "our last chance to foil the attacks," he argues that "if we want to stop the next attack, we need to know what went wrong in August 2001." Why start in August 2001? Why not start in January 2000 (or even earlier)? By early 2000 the CIA already knew that al-Mihdhar and al-Hazmi they were probably headed to the United States. Regrettably, "the CIA missed repeated opportunities to act based on information in its possession that these two Bin Laden-associated terrorists were traveling to the United States, and to add their names to watchlists." Here's a rough chronology of the chances that our government missed *before* August 2001 -- all from the declassified Joint Intelligence Committee report. 1. In early 1999, the National Security Agency (NSA) analyzed communications involving a suspected Mideast terrorist facility that included the full name of Nawaf al-Hazmi. BUT this information wasn't reported by NSA because it didn't meet the NSA's reporting thresholds. Id. at 11. 2. In summer 1999, the NSA analyzed more communications involving a suspected Mideast terrorist facility that included the name "Khaled" and the NSA became aware of the name "Khallad." BUT this information wasn't reported because it didn't meet the NSA's reporting thresholds. Id. at 11. 3. In late 1999, NSA analyzed more communications involving a suspected Mideast terrorist facility that included the name "Khaled" and "Nawaf." BUT the NSA didn't draw a connection between this Nawaf and the Nawaf al-Hazmi it learned about in 1. However, it did pass this information to both the CIA and FBI in late 1999. Id. at 12 4. in early January 2000, the CIA knew al-Mihdhar's full name, that Nawaf's last name was probably al-Hazmi, that the two men had attended what was believed to be a gathering of al-Qaida associates in Malaysia, that the two men had been traveling together, and that al-Mihdhar probably had a U.S. multiple-entry visa that would let him travel to and from the United States until April 2000. BUT despite clear indications that al-Mihdhar and al-Hazmi were traveling to the United States, CIA did not add their names to the State Dept, INS, and Customs watchlists used to control entry into the United States. AND it's not clear whether the CIA told the FBI (in Jan. 2000) about al-Mihdhar's U.S. visa and the very real possibility that he would come to the United States (the CIA claims it did; the FBI "had no record the visa information was received"). Id. at 12-13. (missed chance #1) 5. The Intelligence Community learned after Jan. 2000 that someone named "Khaled" had contacted a suspected Mideast terrorist facility. BUT it didn't report all of this information because some was deemed not to be terrorist-related; only after 9/11 did "the Intelligence Community determine[] that these contacts had been made from future hijacker Khalid al-Mihdhar while he was living within the domestic United States." Id. at xii; id. at 16-17. 6. On March 5, 2000, CIA HQ learned from on overseas station that Nawaf al-Hazmi had traveled to Los Angeles on Jan. 15, 2000. The next day, CIA HQ got a message from another CIA station noting its interest that an al-Qaida member had traveled to the United States. BUT CIA didn't act on either message, didn't watchlist either al-Mihdhar or al-Hazmi, and didn't tell the FBI that they might be in the United States. Id. at 13. (missed chance #2) 7. During summer 2000, al-Mihdhar and al-Hazmi had numerous contacts with a long-time FBI counterterrorism informant while they were living in San Diego, and the informant told the FBI handling agent that the informant had had contacts with two men named "Nawaf" and "Khalid." BUT the FBI didn't act because it didn't consider them of interest to the FBI. Id. at 18. We don't know what might have happened if the FBI had known what the CIA knew, but it "is clear . . . that the informant's contacts with the hijackers, had they been capitalized on," would have given the San Diego FBI field office perhaps the Intelligence Community's best chance to unravel the September 11 plot. Given the CIA's failure to disseminate, in a timely manner, intelligence information on the significance and location of al-Mihdhar and al-Hazmi, that chance, unfortunately, never materialized." Id. at 19-20. 8. On Jan. 4, 2001, CIA learned that a planner of the Oct. 2000 USS Cole bombing had, along with al-Mihdhar and al-Hazmi, attended the al-Qaida meeting in Malaysia. At the time, al-Mihdhar was abroad, but al-Hazmi was still in the United States. BUT the CIA again didn't watchlist al-Mihdhar and al-Hazmi. (missed chance #3) 9. In May 2001, the CIA gave FBI HQ photographs taken in Malaysia, including one of al-Mihdhar, as part of the USS Cole bombing investigation. BUT the CIA still didn't watchlist al-Mihdhar and al-Hazmi, and it still didn't tell the FBI about their possible travel to the United States. Indeed, CIA director George Tenet testified that CIA personnel "did not recognize the implications of the information about al-Hazmi and al-Mihdhar that they had in their files." Id. at 13-14. (missed chance #4) 10. On June 11, 2001, FBI HQ and CIA personnel met with NY FBI field office, investigating the USS Cole bombing, but the NY agents weren't told anything useful about al-Mihdhar. Two days later, al-Mihdhar got a new U.S. visa and on July 4, 2001, he re-entered the United States. AGAIN, "the CIA missed yet another opportunity to advise the FBI about al-Mihdhar's visa and possible travel to the United States and, again, the CIA took no action to watchlist these individuals." Id. at 15. (missed chance #5) 11. In mid-July 2001, a CIA officer assigned to the FBI triggered a CIA review of its cables about the Malaysia meeting; then, an FBI analyst assigned to the Counterterrorist Center (CTC) and working with the INS determined that al-Mihdhar and al-Hazmi had entered the United States. As a result, "on Aug. 23, 2001, the CIA finally notified the FBI and requested of the State Department that the two individuals should be watchlisted." Id. at 15. FINALLY! But even then, no one told the FAA -- which had, coincidentally, issued a security directive on Aug. 21, 2001 alerting commercial airlines that nine named terrorism-related persons (unconnected to the 9/11 hijackers) were planning commercial air travel and should receive additional security scrutiny if they tried to board an airplane. The directive was updated on Aug. 24 and Aug. 28, 2001. "Had FAA been advised of the presence of al-Hazmi and al-Mihdhar in the United States, a similar directive could have been issued, subjecting the two, their luggage and any carry-on items to detailed, FAA-directed searches." Id. at 15. And even then, only the NY FBI field office was asked to look for al-Hazmi and al-Mihdhar. It was not until Sept. 11 that the L.A. FBI field office was also asked to look for them. The San Diego FBI office was not contacted until after Sept. 11. So what's the real "quiet scandal" here?
<x-flowed> Date: Thu, 01 Jan 2004 11:55:15 -0500 From: "sbaker () steptoe com" <sbaker () steptoe com> Subject: Privacy and 9/11 To: "'dave () farber net'" <dave () farber net> Dave, I thought your list might find my recent article in Slate interesting, and a challenge. The article is at http://slate.msn.com/id/2093344/. It actually is a summary of my recent testimony to the 9/11 commission, which contains considerably more discussion of technology issues but is too long to reproduce. It's on the web at http://www.steptoe.com/publications/280a.pdf. Stewart Baker Wall Nuts The wall between intelligence and law enforcement is killing us. By Stewart Baker Posted Wednesday, Dec. 31, 2003, at 1:01 PM PT Earlier this month, as fears of new al-Qaida attacks mounted, the Justice Department announced new FBI guidelines that would allow intelligence and law enforcement agents to work together on terrorism investigations. An ACLU spokesman was quick to condemn the guidelines as creating the possibility of "an end run around Fourth Amendment requirements." I used to worry about that possibility myself. Not any more. Because the alternative is to maintain a wall of separation between law enforcement and intelligence. That's what we used to do. And on Sept. 11, 2001, that wall probably cost us 3,000 American lives. There's a quiet scandal at the heart of Sept. 11; one that for different reasons neither the government nor the privacy lobby really wants to talk about. It's this: For two and a half weeks before the attacks, the U.S. government knew the names of two hijackers. It knew they were al-Qaida killers and that they were already in the United States. In fact, the two were living openly under their own names, Khalid al-Mihdhar and Nawaf al-Hazmi. They used those names for financial transactions, flight school, to earn frequent flier miles, and to procure a California identity card. Despite this paper trail, and despite having two and a half weeks to follow the scent, the FBI couldn't locate either man-at least not until Sept. 11, when they flew American Airlines Flight 77 into the Pentagon. If we had found them, there is a real possibility that most or all of the hijackings would have been prevented. The two shared addresses with Mohamed Atta, who flew into the North Tower of the World Trade Center, and Marwan Al-Shehhi, who flew into the South Tower. They were linked to most of the other hijackers as well. So August 2001 offered our last chance to foil the attacks. And if we want to stop the next attack, we need to know what went wrong in August 2001. Despite all the resources of our intelligence and law enforcement agencies, we did not find two known terrorists living openly. How could we have failed so badly in such a simple, desperate task? We couldn't find al-Mihdhar and al-Hazmi in August 2001 because we had imposed too many rules designed to protect against privacy abuses that were mainly theoretical. We missed our best chance to save the lives of 3,000 Americans because we spent more effort and imagination guarding against these theoretical privacy abuses than against terrorism.
[snip] ------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on Privacy and 9/11 Dave Farber (Jan 01)
- <Possible follow-ups>
- more on Privacy and 9/11 Dave Farber (Jan 03)