This past week, Luke Rosiak reported for the Daily Caller News Foundation on a concern expressed by Rep. Louie Gohmert (R-TX) about a 2012 motion before the FISA court to expand the sharing of intelligence collected under FISA authority. Gohmert’s concern is certainly an arresting one. He seems to hint, as quoted by Rosiak, that the motion’s real objective was somewhat buried by being inserted toward the end. And that probably isn’t an unfair reading.
But the motion, in hindsight, has plenty of sizzle to it simply on its face. It has the potential to explain a lot, and to have opened the door to a lot – a lot, that is, of what we have gotten whiffs of in the Russiagate saga.
The motion was brought in April 2012 by the Justice Department, then operating under former President Obama and Attorney General Eric Holder. Gohmert’s particular focus is a rules revision proposed near the end of the 70-page motion (on page 64), affecting the sharing of U.S. person information with foreign governments.
Gohmert is concerned about that concept in its own right, of course. But he also suggests that loosening the rules for handling such data in foreign intelligence exchanges could open the door to a form of data abuse long alleged (but never verified) to have occurred in Russiagate. It could have facilitated an arrangement in which Britain’s GCHQ, the counterpart to NSA, retrieved “unmasked” or “unminimized” data on U.S. persons, from the U.S. database, and passed it to a U.S. recipient.
Trending: Los Angeles starts to defund its police
Although it wasn’t strictly necessary to change existing rules to allow that to happen, other features of the 2012 FISA court motion might be read as particularly designed to make such a process a more routine (or at least a more automated) thing.
But it’s what else those features might have been particularly designed to do that really stands out on closer inspection.
The “what else” does point back to our British counterparts – albeit for a putatively legitimate reason – and it points back to someone else: John Brennan.
The underwear bomber
Here’s the “what else” in a nutshell. The formal reason behind the 2012 motion was the failure in December 2009 to intercept the “underwear bomber,” Umar Farouk Abdulmutallab, before he boarded a flight from Amsterdam bound for Detroit. Abdulmutallab was prevented during the flight from achieving his goal – detonating explosive material hidden in his underwear – by fellow passengers and flight attendants.
The relevant U.S. officials at the time included CIA Director Leon Panetta, Director of National Intelligence Dennis Blair, Attorney General Eric Holder, FBI Director Robert Mueller, Homeland Security Secretary Janet Napolitano, White House counterterrorism adviser John Brennan, and the director of the National Counterterrorism Center (NCTC), Michael Leiter.
The NCTC is part of the Office of the Director of National Intelligence (ODNI), then under Dennis Blair. Michael Leiter, formerly an assistant U.S. attorney for the Eastern District of Virginia, became the NCTC director in 2007, after his assignment to a Congress-chartered task force that, after the Iraq invasion, proposed a number of reforms for the intelligence community. In particular, he was instrumental in establishing the FBI’s National Security Branch.
Leiter took over the NCTC job from retired Vice Admiral Scott Redd, who had held it from 2005 to 2007. The initial director of NCTC, when it was stood up in 2004, was John Brennan. Brennan had been in charge of the predecessor organization to the NCTC, the Terrorist Threat Integration Center, or TTIC.
I promise: these details are not in vain.
Although Abdulmutallab boarded his fateful flight in Amsterdam, a key aspect of the intelligence problem on him was that he had spent nearly three years in university in London, from 2005 to 2008, where he associated with Islamist radicals. Americans are likely to remember the most notorious fact about him: that he was a disciple of terror plotter Anwar al-Awlaki.
The UK and U.S. did share intelligence on Abdulmutallab prior to the Christmas Day flight, but in hindsight, the level of information and ease of sharing were insufficient to alert air transportation authorities to what he might do. Obama administration officials vowed to thrash the whole situation thoroughly and find a way to do better.
According to news reporting in 2012, the upshot of the thrashing was a package of rules changes that year, which included the FISA court motion and a plan to share additional forms of information – e.g., air travelers’ information – more broadly among federal agencies.
Privacy advocates were gravely concerned about some aspects of this plan. A whole separate article could be written on that topic. I will restrict this one to examining the import of the FISA court motion.
Louie Gohmert stressed one aspect of the motion. But there’s another one of at least equal importance, and perhaps more.
Focus 2012: Two agencies
That aspect is the following point. With this FISA court motion in 2012, the NCTC was added for the first time to what might be called routine “distribution” of FBI FISA-controlled intelligence, including unminimized, or unmasked, data on U.S. persons. (It’s not really routine, and it’s not “distribution” so much as intelligent or cued retrieval. But it’s automated, and what’s being retrieved is what the FBI has, in effect, “curated” on U.S persons.)
I want to make sure that sinks in. On the matter of surveillance data-sharing, the two agencies on which the 2012 FISA motion focused were the NCTC and the FBI.
The comments from Rep. Gohmert were understandably of a more general nature, because in principle, the expanded data-sharing proposed in the 2012 motion would be applicable in other cases. But what the 2012 motion was about was loosening the valve between the FBI and the NCTC.*
As a reminder, I posted an “explainer” in August 2017 that generally outlines how unminimized data on U.S. persons is accessed now. (There’s a reference in that article to the NCTC’s admission to the dissemination club in 2012.) The NCTC had had access to electronic surveillance data already; what it didn’t have, until after the 2012 FISA court motion was granted, was the automated access to information retrieved (or, in some aspects, populated) by the FBI for national security and counterintelligence purposes.
This is also the place to put a reminder (see the explainer) that under the automated method of surveillance data retrieval now in use across the intelligence community (IC), transaction-level controls on data retrieval are not as robust as they were before the process became so automated. Add in cloud computing – built into the intelligence IT systems enterprise since 2014 – and even good personnel and workplace security isn’t necessarily sufficient to prevent abuse of the electronic surveillance database used across the IC.
The obvious question for alert readers is why it would be of such importance that the 2012 motion targeted the FBI and NCTC. One obvious point would be that those two agencies were especially significant to interdicting a threat like the underwear bomber. In other words, that justification was ready to hand and hard to refute, arguably arising on its own merits. If the agencies weren’t sharing data robustly enough, that needed to be adjusted.
The Brennan angle
The events of 2016 through 2019 tell us it’s worth taking a second look, however. And one of the first things that jumps out about the 2012 FISA court motion, along with the rest of the package of data-sharing rule changes made that year, is that John Brennan was on point for the issue.
He would be, of course. He was Obama’s counterterrorism “czar” at the time, and that was how Obama used his “czars.” From the Wall Street Journal article by Julia Angwin (link above), in a meeting of key agency representatives in March 2012, we see the case being argued before Brennan in the White House Situation Room, and Brennan hearing it out and coming to conclusions. At that point, some of the other top names had changed: the DNI was James Clapper, and the CIA Director was David Petraeus. But in March 2012, it was John Brennan honchoing the rules-change package on data-sharing. The following month, the FISA court motion was filed by the DOJ, setting the ball rolling.
Another thing that jumps out, however, is that Brennan had an interesting link to both agencies, the FBI and the NCTC. And not just any link. The link was a company that had a contract to manage case and analysis information at both places. The company was the one Brennan had been the CEO and president of for three years, between 2005, when he turned the NCTC over to Scott Redd, and 2008, when he became an informal adviser to candidate Obama.
When Brennan joined the company in 2005, it was called The Analysis Corporation (TAC). TAC had been providing contract analysts to the TTIC – the precursor to the NCTC – since its inception in 2003. By the time Brennan joined the Obama administration as a White House adviser, in 2009, TAC had merged into a subsidiary of Sotera, another property of its parent company SFA. In 2007, SFA was bought by UK-based Global Strategies Group, which made that the parent of the company Brennan was working for. (A couple of timelines for TAC here and here. It’s convoluted if you go very deep.)
The UK connection is certainly interesting, and more on it in a moment. However, there are three events in 2008 and 2009 that are even more pressing for our topic.
Sotera/TAC’s excellent adventures
First, in March of 2008, Sotera/TAC was implicated in a minor scandal involving its employees – i.e., Brennan’s employees – making unauthorized retrievals of passport and other personal information on candidates Obama, Hillary Clinton, and John McCain.
Everyone ritually deplored this event, including Brennan. The public heard little more about it, possibly because a key witness who was to testify about receiving the improperly retrieved information from someone in the State Department was found shot to death in his car in Washington, D.C. on 17 April 2008.
In spite of that untoward development – seemingly a significant and suspicious one – Brennan retained his position of trust with Obama. He would go on to join the administration after the 2008 election.
Of equal significance, Sotera (at that point still doing business as TAC) went on to be awarded a major contract with the NCTC in November 2008 – a contract for “integrated analytical and operational support services.” In other words, the contract was to provide analysts for the NCTC, which is largely staffed by civilian contractors. Sotera has continued to provide contract analysts to the NCTC in the years since.
Brennan was still the president of TAC at that point; the date of the contract press release was less than three weeks after the election.
The third event occurred in October 2009, when a post-Brennan TAC won another contract: this one to “provide operations and maintenance (O&M), user support and product development for the Federal Bureau of Investigation’s (FBI) Investigative Data Warehouse (IDW).”
TAC thus had contractor personnel embedded in both agencies, with access to their sensitive databases full of intelligence and operational information. Note, moreover, that the way a company like TAC obtains such contracts is by offering analysts and data managers who come with clearances and experience, because they used to be GS-employee analysts for the NCTC and the FBI.
The intelligence IT context
Now consider again one of the main points from my August 2017 explainer: that in 2011, the intelligence community launched its implementation across the IC of the common desktop environment called ICITE (for IC Information Technology Enterprise). The FBI and NCTC are two of the IC agencies included in the ICITE footprint. And between 2011 and 2016, the footprint of ICITE exploded from near-zero terminals in 2011 to 50,000 by the end of 2016.
Alongside the growth of the ICITE footprint, the parallel (and partially integrating) NSA enterprise, with its suite of applications – including automated retrieval of unminimized surveillance data, for those who had the required user credentials – saw a similarly rapid spread.
It was in this heady atmosphere of automation-enablement that the 2012 FISA motion was filed.
We could assume that it never for one second occurred to Brennan, as he pondered the data-sharing proposal in March 2012, that a bunch of people who used to work for him, some of whom had known him for years, would have access to the most sensitive data the federal government collects on American citizens, using systems at the NCTC and FBI with a tether to a common IC backbone.
But if we go ahead and assume purity of thought and intent on Brennan’s part, we should at least acknowledge that there is a situation here fraught with potential.
Why would it be especially fraught? Because Brennan himself, working in the White House and chairing meetings in the Situation Room, was up to his eyeballs in ICITE- and NSA-connected desktops (or soon would be; it’s not clear exactly when the NSC staff saw the enterprise rollout in their work spaces). As the later history of rampant unmaskings done by the national security staff demonstrated, there were also plenty of people with the credentials to pull such data.
Add, starting in 2014, a bit of cloud-enabled ghostliness and anonymity that could last just long enough, if not forever, and the factors are in place for an “interagency” process of heroically unintended proportions.
The dream NCTC director comes on board
Let’s briefly revisit Michael Leiter’s job as NCTC director, the one he held in 2009 when the underwear bomber made his appearance. It’s a worthwhile detour because of what it highlights about the character of the 2012 FISA court motion.
By 2012, Leiter had moved on. He left the NCTC in July 2011, and was replaced by Matthew Olsen, who like Leiter had a resume with the DOJ. In 2004-05, Olsen had been the first director of the new National Security Section for the U.S. Attorney’s office for Washington, D.C. He was next deputy assistant AG for the DOJ’s National Security Division from 2006 to 2009. In other words, he was working post-9/11 counterterrorism and counterintelligence.
But it’s Olsen’s next move that brings into focus what was going on with the 2012 FISA motion. Between his NSD job at Justice and becoming director of the NCTC (i.e., from 2009 to 2011), Olsen was general counsel to NSA, where his portfolio was working all the legal angles of security and privacy issues with electronic surveillance, and in particular, addressing access to that information for other government agencies – including access by contractors.
The NSA job has been described as “one of the more coveted jobs in government” for national security lawyers. Certainly, coming from that job to the NCTC in 2011 made Olsen the right man at the right time, for a 2012 push to leverage counterterrorism as a way of loosening the sharing protocols between the two agencies that between them have the most intrusive charters in government for surveillance tracking of American citizens.
With Matthew Olsen’s expertise at NCTC and John Brennan supervising the process in the White House, it’s clear in hindsight that the 2012 data-sharing reforms were mainly about loosening that valve. The extent to which sensitive data loosened up in that process was then used for improper purposes may never be possible to prove (although see the August 2017 explainer for more discussion on that). But it would be mendacious to insist that the data couldn’t have been used.
That British hum in the background again
The final aspect of this is the British ownership of Brennan’s old firm, TAC, alluded to earlier. Brennan’s link to TAC was a topic of discussion around Washington throughout the Obama years, although it rarely penetrated farther afield. Early in Obama’s first term, members of Congress raised concerns about Global Strategies’ UK ownership and foreign activities. Some of the latter were features, not bugs, for the parent relationship to TAC, as Global had extensive involvement in NATO and coalition operations in Afghanistan and Iraq. The information acquired through those operations had obvious value to TAC’s main line of work.
But Global had also tried to drum up business with China in the period when Brennan was president of TAC and under Global Strategies ownership. That uncomfortable situation continued even after TAC had won the contracts with NCTC and the FBI in 2008 and 2009. Global ended up abandoning the pursuit of China.
And ultimately, it appears that the problem of British ownership of TAC was probably too glaring an issue for the data-sharing reform package the Obama administration was working on between the underwear bomber’s escapade in 2009 and the FISA court motion in 2012. In 2011, a U.S. investment company, Ares Management, bought TAC (at that point being called GTEC) as a property of Sotera from Global Strategies, thus ending the UK ownership problem.
But don’t forget: Louie Gohmert’s concern, the start of this walk down memory lane, was still valid. The 2012 FISA court motion didn’t just loosen up the access of the NCTC to FBI-managed FISA intelligence on Americans, at a time when Brennan’s old company had contracts to deal in related data in both places. The motion also addressed sharing sensitive U.S. person information with foreign governments. Given the Five-Eyes relationship (which already allowed some level of electronic surveillance data sharing) and the catalyst of the Abdulmutallab terror attempt, the UK government was presumably the chief one implicated in the FISA court motion.
That’s an awful lot of overlapping themes for it all to be coincidence, that the same set of interests and processes converged in both 2012 and 2016, and John Brennan was at the center of it both times.
* An approved method for sharing such data was already in place for the CIA and NSA. Note that the 2012 motion also specifically excluded Section 702 surveillance information, as well as restricting the envisioned scope to changes in data handling rules at the FBI and NCTC that would ease data-sharing (rather than seeking to amend the underlying law, which would have involved Congress). See the extended footnote series that starts on page 2 of the motion here.