Schneier on Security
A blog covering security and security technology.
« SOUFFLETROUGH: NSA Exploit of the Day |
| HEADWATER: NSA Exploit of the Day »
January 14, 2014
Debunking the "NSA Mass Surveillance Could Have Stopped 9/11" Myth
It's something that we're hearing a lot, both from NSA Director General Keith Alexander and others: the NSA's mass surveillance programs could have stopped 9/11. It's not true, and recently two people have published good essays debunking this claim.
The first is from Lawrence Wright, who wrote the best book (The Looming Tower) on the lead-up to 9/11:
Judge Pauley cites the 9/11 Commission Report for his statement that telephone metadata "might have permitted the N.S.A. to notify the [F.B.I.] of the fact that al-Mihdhar was calling the Yemeni safe house from inside the United States." What the report actually says is that the C.I.A. and the N.S.A. already knew that Al Qaeda was in America, based on the N.S.A.’s monitoring of the Hada phone. If they had told the F.B.I., the agents would have established a link to the embassy-bombings case, which "would have made them very interested in learning more about Mihdhar." Instead, "the agents who found the source were being kept from obtaining the fruits of their work."
The N.S.A. failed to understand the significance of the calls between the U.S. and Yemen. The C.I.A. had access to the intelligence, and knew that Al Qaeda was in the U.S. almost two years before 9/11. An investigation by the C.I.A.’s inspector general found that up to sixty people in the agency knew that Al Qaeda operatives were in America. The inspector general said that those who refused to coöperate with the F.B.I. should be held accountable. Instead, they were promoted.
The second is by Peter Bergen, another 9/11 scholar:
But is it really the case that the U.S. intelligence community didn't have the dots in the lead up to 9/11? Hardly.
In fact, the intelligence community provided repeated strategic warning in the summer of 9/11 that al Qaeda was planning a large-scale attacks on American interests.
All of these serious terrorism cases argue not for the gathering of ever vaster troves of information but simply for a better understanding of the information the government has already collected and that are derived from conventional law enforcement and intelligence methods.
Posted on January 14, 2014 at 7:15 AM
• 39 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
The current approach seems to be that having every intelligence agency to collect everything is easier than coercing individual agencies to share anything . . . .
How do you know there wasn't "Mass Surveillance" in 2001? It wasn't all that long ago.
The NSA are trying to let you know that metadata and mass surveillance is a new idea, it isn't.
"If they had told the F.B.I., the agents would have established a link to the embassy-bombings case"
Don't laugh, but I had heard that it was illegal to have shared the information from the CIA to the FBI. Never researched if it was the case, but I thought I'd at least share the "humor".
Up to sixty people in the agency. And some in the White house, as indicated by the August 6th pdb: "Al Qaeda members -- including some who are U.S. citizens -- have resided in or traveled to the U.S. for years, and the group apparently maintains a support structure that could aid attacks."
plus ça change, plus c'est la même chose
Russia 'warned FBI about Boston bomber 'MULTIPLE' times but 'feds were more interested in al Qaeda than Chechens'
Speaking with the Boston Herald, a senator sitting in on Tuesday’s confidential meetings on Capitol Hill said that the FBI could have missed Tamerlan Tsarnaev’s radicalization as he didn’t share links to the terror network al Qaeda.
Oh, and they missed the elder brother's trips because his name was misspelled.
I remember many claims that there was supposed to be a firewall between the international-spy activity of the CIA and the domestic law-enforcement of the FBI.
This firewall was claimed to have kept the two organizations from sharing information in such a way that would have allowed CIA/FBI to realize that foreign operatives were preparing to execute a terrorist-style attack on American soil.
Most of the discussions about that failed to mention the NSA...
I've also heard stories of a Pentagon-related effort that produced a terrorist-social-network graph sometime in 1999 or 2000. And that graph reputedly had some of the 9/11 operatives on it, labeled as potential terrorist actors...
Again, these were all part of various Internet debates about how/when the U.S. Gov't could have predicted the 9/11 attacks. So I don't know how much weight to put on these stories.
9-11 could have been prevented. There were numerous failures. We had numerous indicators. At least two aeronautical training companies contacted their local FBI offices to report suspicious activities of students from the middle east who wanted to learn how to fly commercial airliners, but not how to take off or land them. The students were members of the 9-11 attacks.
The local FBI agents took the information and passed it on up their chain where it was disregarded. One agent submitted it twice and it was ignored twice. She then jumped the chain to report it to a higher level and it was again ignored.
How would more information helped?
It is not really about stopping terrorists, it is a power and money grab. It is aided by ignorance of legislators and lobbyists hoping to get cash for their clients via privatizing intelligence.
I say read the book "Towers of Deception: The Media Cover-up of 9/11" by Barrie Zwicker.
A whole bunch of the "information" provided (through the media, and often from "corporations" that were CIA cover operations) about 9/11 can be wrong.
And the presence of lunatic conspiracy theorists does not automatically invalidate all theories of government false flag operations.
Truth can of course be difficult to find but for starters Americans should stop blindly believing what their media and government tells them. This is of course a good recommendation for people in other countries too.
FBI informants helped the first set of World Trade Center bombers mix their explosives. It's not like they didn't have some idea who was involved, or who those people knew, and they had all the probable cause they needed to get wiretap warrants on the bunch of them and all their friends for pretty much as long as they wanted, especially since the government had identified Al Qaeda as a target by then. If they lost track of them, it wasn't because the NSA wasn't hoovering up every American's phone records, it was because Hoover's boys had fallen down on the job.
It's about control and power. The real enemy is not some foreign terrorist group, the real enemy of a nation that spies on it's citizen are it's citizens!
Because the NSA didn't stop anything with the ample information they did have there is no reason to think they would ever stop anything at all for the sake of the public good.
The NSA and the US government are now just as bad as islam and al-qaeda. They are enemies of freedom, liberty, and the pursuit of happiness.
"Al Qaida Determined to Attack in US"
Yes, there was a lack of "intelligence", but not at intelligence agencies.
This - of course - makes the fatally flawed assumption that any of these scumbags actually want to prevent terrorist attacks. It's not rocket science - it's misaligned incentives 101.
Very analogous to Obamacare / government IT contracting. If I fuck up, chances are your just going to pay me more. If I do a good job, that's the end of my paycheck.
If terrorist attacks happen, I get money and power. If terrorist attacks never happen, I have to find a new job (or a new boogeyman).
If these people are willing to genocide women and children in the Middle East, do you really think they're going to care about a few Americans? Collateral damage.
It's a slap in the face of anyone who has relatives that lost their lives in 9/11.
When o when are those fucking liars gonna be fragged.
Translation: Every global wire access intelligence agency belonging to America knew at least a year before 9/11. They didn't do anything because of laziness, incompetence, commercial interest like defense contracts, the illiterate two-party political system naturally creating bureaucracy and ignoring the constitution.. Take your pick..
Doesn't this make you want to work and pay taxes in America? While you're working the system you're supporting is actively working against you, in some cases lethally..
But hey, we are all ignorant. This is a country that accumulated a lot of it's trillions in debt funding a war on a political movement that encouraged fairness for over half a century in favor of one that literally makes policy what the country publicly says are 'economical problems'.. Capitalism is Competition based on economical profit margins, how is America's current state not naturally a product of such a system?
Live now and webcast here:
Senate Judiciary Hearing on the Report of the President’s Review Group on Intelligence and Communications Technologies
Around 50:45 Senator Leahy enters some of documents referenced above regarding the effectiveness into the record. I'm guessing effectiveness is discussed but only watched small sections.
"The surveillance state is part of the state. Where surveillance is a priority — say, when political enemies are concerned — it’ll be ruthlessly efficient. The rest of the time, like when it involves protecting Americans from terrorists, it’s just another government job."
- Glenn Reynolds. April 27, 2013
I've actually always wondered IF any tier of the government was burning books and doing things like using surveillance and/or military for commercial interest, how would anyone prove it? Before Snowden if you described any of this stuff you were some wacky conspiracy theorist people just laughed at..
"It's not true" says Bruce Schneier.
Is this the same Bruce Schneier who claimed that "security levels were reduced" in Keccak's SHA-3 submission and still has not retracted that charge (I don't count "better security/performance trade-off" as a retraction since it still implies that security was given up in a compromise).
Only a hawker of what Schneier once called "snake oil cryptography" would claim that Keccak's SHA-3 gave up ANY security when it offers security corresponding to a 15360 bit public key! See http://www.keylength.com/en/4/ Who was it that once said "For public-key cryptography, 2048-bit keys have same sort of property; longer is meaningless." Why one Bruce Schneier!
I am not obsessed with Bruce Schneier. What I am obsessed with is the media's obsession with Bruce Schneier, who is in turn obsessed with the NSA. Why hasn't Schneier been taken to task for spreading FUD about Keccak's SHA-3 while holding a conflict of interest in that competition?
Brian Dell: They focus on him because of his proven skills and knowledge. I admit I think a lot of his opinions are naive and commercial friendly, though..
Again, now you're not insane if you point out everyone is being spied on by the government.. It'll probably still get you fired from a job though..
Collecting intelligence has always been easier than knowing what to do with it. More data wouldn't have prevented 9/11; knowing what to do with what they already had collected might have.
I strongly second everything you've written, apart from the first recommendation.
I've not followed all of the best evidence that has developed within the past year or two, but I believe I can still make some sound recommendations, particularly with regard to names. (With luck the crockery won't suddenly start flying... *ducks pre-emptively*)
This recent interview with Jon Gold is, the venue notwithstanding, a good place to start. I've always found him to be a grounded and reasonable observer.
My general recommendations are not dissimilar to his. Look to the work of John Duffy, Ray Nowosielski and Rory O'Connor (including this bombshell interview with Richard Clarke as debuted on Colorado Public Television and the companion podcast outing key figures involved in obstructing the expected flow of information that could have prevented 9/11. (podcast summarized in this Gawker piece), as well as this follow-up Gawker piece where we hear from the FBI elements who were kept in the dark.
Also take a look at Kevin Fenton's work in Disconnecting the Dots , important elements of which have been summarized in, inter alia, this piece by Peter Dale Scott and also expanded upon in Prof. Scott's address to the Toronto Hearings in 2011.
Finally, I can't address this topic without recommending Prof. Peter Dale Scott's own work, The Road to 9/11: Wealth, Empire, and the Future of America (University of California Press, 2008). Read it for the background into how things could possibly have become as they apparently have. And although this takes us slightly off topic, for an even broader background on how deep and wide the rot has gone, read also his more recent American War Machine (Rowman & Littlefield, 2010). I've highlighted elsewhere a review of this title from Revue Defense Nationale, but here's Daniel Ellsberg's take:
"I said of Scott's last brilliant take on this subject, Drugs, Oil and War, that 'It makes most academic and journalistic explanations of our past and current interventions read like government propaganda written for children.' Now Scott has written an even better book. Read it!" --Ellsberg
OK, I've done my bit. Let the woodwork start moving and the ad-hominems commence!
@ Brian Dell
Well, that was one laughable attempt at a troll...
I've actually always wondered IF any tier of the government was burning books and doing things like using surveillance and/or military for commercial interest, how would anyone prove it?
I think this is a very good question. Hoover *did* "burn" books. And he was caught -- though some of his books were burnt up and not revealed.
However, we have learned about a lot of his actions regardless, such as through memoirs of famous people he attempted to blackmail.
It does not just happen in the movies: criminals like to gloat. They like to brag. They rely on their cunning, and they like to show it off. It is not so easy to keep a secret, even when that secret can get you infamous.
They are proud of what they get away with, and they ultimately have a desire to be known for it even if it can mean disaster for them.
Plenty of records have been destroyed not just in Hoover's regime, but also in many totalitarian secret police regimes but the gist of what was happening can and does get out.
You have seen this with US moles who made a lot of money, with serial killers, with mob bosses. It happens. They become the baddest creatures and they like for people to know it.
After all, otherwise, they are nobodies. They make more money, exercise more power, and go to the grave forgotten. This hurts their pride, their sense of being.
If you examine the top tier intel leaders, they have plenty of money for "public servants" and do not mind flaunting their dual roles at defense contractors.
They are far from perfect politicians. They make enemies. Enemies who, like them, learn to blackmail and extort. They learn to gather secret evidence and use it to take down whom they wish. And sooner or later, their enemies turn on them, if they themselves do not.
"All of these serious terrorism cases argue not for the gathering of ever vaster troves of information but simply for a better understanding of the information the government has already collected"
Completely agree. This reminds me of the general, misguided, push towards data mining (rather than understanding) that we see in many disciplines. Somehow, there is this illusion that data mining will replace good theories for good.
Bruce, you and those you cite are confusing two different claims.
One is the claim that these programs would have enabled the US to stop 9/11, notwithstanding other missed opportunities to do so. In other words, even if features X, Y, Z could have stopped the crash, but didn't, the addition of feature A would have. This claim doesn't deny the existence of other missed opportunities or points of failure.
The other is the claim that there were no missed opportunities, no features X, Y Z, and that feature A was the only way of stopping the crash. I've yet to see anyone make this claim.
Both claims include the proposition that feature A could have stopped 9/11, but they address the utility of features X, Y, Z very differently.
The articles you quote only address the second claim - that only feature A could do it. Both articles state that the US had opportunities to stop 9/11 via features X, Y Z. And that's very true. But that has nothing to do with whether feature A would have given another chance to stop 9/11, or whether feature A would have rendered less likely the failures of features X, Y, Z.
It's also not a very good way to assess whether we benefit from feature A. For example, if one is analyzing the causes of a plane crash, one may find that (1) pilots failed to diagnose the meaning of instrument readings, (2) a mechanical safety feature failed, (3) the air traffic controller poorly communicated options to the pilots, and (4) a primary control mechanism failed.
So, someone looks at the multiple failures that occurred, and says "okay, what can we do to make this less likely to occur in the future? It looks like feature A may help us address some of this." The counter-argument is NOT "hey, we don't need feature A, because there were 4 different ways already that this crash could have been prevented."
Finally, I'd note that the first article very selectively quotes the 9/11 Commission Report. The author writes: What the report actually says is that the C.I.A. and the N.S.A. already knew that Al Qaeda was in America, based on the N.S.A.’s monitoring of the Hada phone. If they had told the F.B.I., the agents would have established a link to the embassy-bombings case, which "would have made them very interested in learning more about Mihdhar." Instead, "the agents who found the source were being kept from obtaining the fruits of their work."
The quotes are from page 269 of the 9/11 Commission Report.
A cursory glance will show any reader that those quotes are in reference to an episode where a FBI agent, and a CIA officer, from the intelligence side of one operation failed to fully inform FBI agents from the criminal side of a related investigation. The intelligence side did not share due to a warning that the NSA had placed on a report; the warning stated that the information was not to be shared with criminal investigators without prior clearance (which was never sought, according to the Report). The quotes are not referring to the NSA failing to share anything; and indeed it seems that the NSA literally stopped processing once they hit domestic territory.
A better discussion of the NSA's reluctance to look at anything domestic, or indeed allow intelligence gathered to be shared with a criminal investigation without prior approval, is on page 80 of the Report, in Note 38 on page 474, and in Note 71 on page 537.
It is also worth noting that the necessary information was eventually shared between the CIA and the FBI, but by that time 9/11 was weeks away. It was too late. The speed with which information is acquired and shared matters. These databases enable the government to do quickly, and in a more streamlined way, what would have required more time and bureaucratic approvals pre-9/11. Had the NSA followed such calls into domestic territory as a matter of course, as they apparently do now, the information would have been available very quickly, and multiple additional opportunities to disrupt the 9/11 plot would have been opened.
It seems the title of this post has a logic problem.
The content does not debunk the myth that mass surveillance could have prevented 9/11.
It debunks the myth that ONLY NSA mass surveillance and nothing else could have stopped it. This article presents evidence that the CIA and FBI knew enough to stop it, and might have stopped it had they shared the information, without relying on NSA mass surveillance.
The possibility remains that NSA mass surveillance could have added additional intelligence that might have made it more likely that 9/11 were stopped.
Anything is possible, but your argument seems to be relying on the independent agency of the NSA to upset the apple cart by distilling and acting upon information that, per Richard Clarke (White House anti-terrorism czar under Clinton and George W.), at least 50 CIA officers knew about and which was specifically and deliberately withheld from him and from the FBI, presumably (or so Clarke himself presumes) on the orders of Tenet himself. More raw data is not and would not have been the answer. If nothing else, the VIPS memo of 1/7 referenced above should have put paid to that fallacy.
I linked to the Clarke interviewabove. It's still breaking news two years after it was first aired and four years after it was originally recorded. As Clarke makes clear, the problem was not a lack of intelligence, nor a lack of routine intelligence sharing. The problem was an intentional and deliberate failure to share specific intelligence, driven by an unknown motive that Clarke himself visibly struggles to conceptualize. It's a very moving interview. Ignore it if you wish.
I've seen the Clarke interview, and I read his book "Against All Enemies". He has much to say and should be heeded.
I don't disagree that there was enough information without mass surveillance, and that not sharing effectively is a major problem.
That doesn't change the fact that what is presented here does not refute claims that mass surveillance could have helped. It merely implies that it was not absolutely necessary. I agree, not absolutely necessary. That is different from saying that it would not have helped.
The information presented above doesn't show that what was known by either the FBI or the CIA (without sharing), in conjunction with access to a mass surveillance database allowing them to explore patterns of communication, could not have prevented 9/11. In fact the right mass surveillance data with the right analysis tools might have made it much easier to figure out what was going on if you had at least one or two of the 9/11 terrorists names as a starting point.
Compartmentalization and over-classification may be a big part of the problem, but they are also an incredible cover for some other symptoms of the same sickening disease... Can't burn off all the hydra's heads if you can only cut the one you're seeing currently... Criminal syndicates and unaccountable corporations must love this scene! (Not yet entirely sure what the difference is... they both attempt to maximize investors' returns without regard for any[one|thing] else. You may say one breaks the law while the other creates it; but I think the lines are more blurred than that...) Taking some heat for your less than legitimate negotiation tactics? Sick another agency at the would-be troublemakers!
Need to cause trouble for the dealers digging in on your turf? Maybe call your dog in the DEA to take a closer look at those extra-congressional coke sessions...
Got a narc on your back that just won't let up? He's had his fair share of issues with work-related stress... Give a friend at the FBI a call, and see what unsavory felonies/infidelities/informants (s)he can come up with!
Got a resource-rich sovereign nation that won't sell for your price? I'm sure your chums at the CIA can drum up the war-beat to incite support for some foreign intervention.
Need to smuggle contraband across the country? Good thing you've been taking with those TSA agents!
Mexican drug cartel that you command is losing their turf war? No worries, the ATF A-Team will arrive shortly with guns & ammunitions...
Wanna see what kind of porn your political rivals are watching these days? Why not check-in with the nice NSA rep who's holding today's briefing in his clipboard!
Knowledge silos are certainly unfortunate constructions that keep us all in figurative chains... The best part about our situation though, is that they all appear to be falling apart! Spilling their information to anyone interested in absorbing it...
Anyone else noticed the "ö" in the word coöperate in Lawrence Wright's essay?
@maxCohen, SJ: I sure hope it is illegal for them to share information (alas, I doubt it). If a secret service is giving material to law enforcement, suspects have absolutely no way to defend themselves against it in court. "You can't see the evidence against you, it's classified. Your attorney isn't cleared for it, and the jury probably isn't, either. Just believe us that we know you did it."
@9/11: Information getting lost somewhere in the bureaucracy isn't exactly unheard of, especially between rivaling organizations, so I'm not terribly surprised about that. The most stunning failure is IMHO that no fighters took off to intercept, or at least shadow the planes (even if no decision to shoot them down was made, the fighters should still be there and check what's up). I don't know much about the way the USAF is organized, but in Germany, we had (yes, even pre-9/11) always a few squadrons of fighters ready to scramble within minutes, exactly for incidences like kidnapped planes. They would not be participating in exercises and be ready 24/7. And our army is basically a bunch of boy scouts with expensive toys, so I expected your guys to be even better organized.
@Autolykos You, too, need to watch (and absorb the import of) the interview with Clarke that I have posted. It's not that the information "got lost" in the bureaucracy. That was Clarke's initial assumption, and he was shocked to discover clear evidence to the contrary. There was a deliberate, high-level decision in the CIA -- presumably at the level of the DCI, George Tenet -- to withhold information over a period of longer than a year that would otherwise have been automatically shared as a matter of course. This information would, as Clarke states, have automatically popped up on his computer screen without the need for anyone to call him or any active intervention whatsoever, unless there were deliberate orders to keep him out of the loop. This withholding was from both the FBI (tasked with domestic counterterrorism) and Clarke's (counter-terrorism) office in the White House.
The withholding from Clarke was in the context of a personal relationship with Tenet where Tenet would often call him at 7:30 in the morning to discuss the latest raw intelligence take before the analysts even got to it. These details were even specifically omitted from a top-level meeting that nominally attempted to lay out the strongest possible case for action against Al Qaeda, even though they constituted the most urgent impetus for action. Clarke has stated all of these things on the record. You may watch him do so.
Unless you doubt Clarke's judgement or honesty on this point, it must be considered a fact of the case. For some reason, no matter how many times that fact is aired, it never seems to achieve penetration. Cognitive dissonance much? Naturally, media coverage of these revelations has been sparse: I suppose saturation bombing is the only way to get anything through to the public consciousness these days.
Still, enough with the hand-waving and rationalizations. Let us deal with the record.
@another_anon: Yes, but you have reproduced it incorrectly. It is not a macron, but rather a diaresis, and it's an artifact of the New Yorker's editorial style guide.
Also, for the record lest someone mistake my words :"saturation bombing" was intended here as a metaphorical expression for media coverage saturation and nothing else.
Back in 2007 I interviewed Kabir Mohabbat, the Afghan-American who worked as a go-between with the Taliban for both the Clinton and Bush administrations. He was the translator for meetings between U.S. officials and the Taliban from 1999 through 2001. He was present in November 2000 when the Taliban agreed to help us kill Osama bin Laden. But that's another story. http://www.minorheresies.com/posts/2011/5/12/...
During the spring and summer of 2001 he was getting frantic communications from his Taliban contacts saying, basically, "Something big is about to happen to you, bin Laden is behind it, and you are going to blame us." He kept passing on these warnings to his CIA and FBI handlers and they kept saying, "Yeah, we're on it." Finally he told them he was going to Afghanistan himself and use his family connections to try to whack bin Laden. They told him he would be arrested if he tried. The rest, as they say...
@ Adjuvant: lol you mentioned that 4-letter "b" word in an electronic communication, now clearly you're a terrorist in any nsa analyst's eyes... and now we all are too for reading it, we're all one "hop" away from you...
>Debunking the "NSA Mass Surveillance Could Have Stopped 9/11" Myth
if you search for the "Veteran Intelligence Professionals for Sanity" group's recent public memo to obama, it seems they could've, should've and chose not to..
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.